How to Protect Against VoIP Attacks
To protect against VoIP attacks, you should follow the same conventional methods and security best practices that you use for any other software segment. Test your system thoroughly via penetration testing and implement a strategy of defense in depth that encompasses the entire system. Defense in depth is achieved by
• Making it harder for intruders to penetrate all defenses to compromise the security of the network
• Greatly reducing the likelihood of a security breach
• Accelerating the deployment of modular security architectures that can be implemented in phases
• Minimizing downtime in the event of a security breach or network failure
Additional strategies that should be leveraged include
• Segmenting signaling and bearer paths into different VLANs
• Segmenting VoIP user agents such as VoIP hard phones from PC infrastructure
• Incorporating scheduled upgrades (including patch maintenance)
• Utilizing protective protocols such as IPsec, PKI, TLS-DTLS, SRTP, and ZRTP if possible
• Implementing a Security Information and Event Management (SIEM) system for log aggregation, maintenance, and audit analysis
• Implementing a scalable edge network strategy for all applicable firewalls, switches, routers, and IDS devices
• Confirming and ensuring policies are in place for two- and three-factorauthentication
• Ensuring scheduled internal security assessments are routinely performed
• Using vendors that have gone through certification processes
These security measures, along with proper planning, should deter and greatly reduce the risk of any type of breach. Welcome to the brave new world of VoIP.
