uc security, voip security

By Billy Chia

Unified Communications (UC) presents unique security challenges for small businesses because it brings disparate technologies, such as VoIP, video, chat, email and presence, together into one unified messaging system. While large businesses can dedicate substantial resources toward securing their communications, small businesses need solutions that are both effective and simple to manage security. Here are seven best practices that can help small businesses keep communications flowing.

1.     Deploy a Properly Configured Firewall – A UC server should be sequestered behind a firewall. Surprisingly, many small and midsized businesses (SMBs) don’t deploy a firewall or they deploy a firewall but open ports to all networks to allow remote users. This is almost the same as having no firewall at all.

2.      Enable a VPN for Remote Users – Many SMB networking devices come with built-in Virtualized Private Network (VPN) capability. Quality VPN devices are now available at affordable prices. For remote users, and while connecting remote small business offices, the simplest option is to deploy a VPN device at both ends. The connected devices form an encrypted “tunnel” over the public Internet. This “virtual” network keeps all traffic safe.

 3.     Use Strong Passwords – Often overlooked, strong (system) passwords should be used for every password required in a UC solution. Business VoIP phones should be protected by unique strong Session Initiation Protocol (SIP) passwords. Keep in mind that re-used passwords or weak passwords make it easy for an attacker to get access to SIP credentials. Once authenticated with a SIP account, an attacker can make calls as though they were using that phone – including toll calls that could result in high fees.

 4.      Update RegularlyKeeping software updated helps improve security as well as obtaining bug fixes. As potential exploits are found, security patches are then released as software updates. The most recent version is typically the most secure. Be aware of what has changed and how the update could impact the system; backing up the system first and performing the update during a scheduled maintenance window also helps to ensure users will have access to the system when they need it.

5.      Turn Off Unused ServicesIf a feature is not being used it should be shut down to lessen the potential attack surface. This will also improve performance as there will be less protocol traffic on the network and the server will be less taxed because it’s doing less work.

6.      Monitor your Call LogsBy regularly reviewing system logs, damage can be mitigated by catching the attack and taking action early. In particular, running regular call log reports on toll calls made by the system can help create a baseline for normal activity. Small businesses will be able to notice when activity exceeds this baseline signaling that the system has been compromised.

7.      Use Built-in UC Security ToolsTaking advantage of built-in security tools can add an extra level of protection. The blocked IPs tool will block IP addresses that fail multiple registration attempts. In theory, a properly configured firewall should prevent SIP scanners from being able to reach a UC sever; however, this additional level of security adds peace of mind and works as a functional back-up to round out a security suite.

Billy Chia as a technical marketing specialist at Digium, which provides Asterisk® software, telephony hardware and Switchvox business phone systems that deliver enterprise-class Unified Communications.