By Reuben Yonatan, Founder & Tech Enthusiast at GetVoIP.com, an online guide providing extensive comparisons on business communication solutions.
The term “security through obscurity” once may have applied to Voice over Internet Protocol (VoIP). Several years ago, few individuals and even fewer businesses relied on VoIP. But in recent years, business VoIP adoption has exploded. The potential downside is that Internet services, in the past, have been much more vulnerable to attack and exploitation than copper wires and fiber optic cables. Fortunately, VoIP security has also increased as VoIP has gained market share. Here are five ways to make sure your customers’ VoIP networks are safe.
1. Separate Voice Traffic From Data Traffic
By keeping audio on a different “pipe” than data, you are less susceptible to spam and malware hidden in files. The way to do this is to create two Virtual LANs, which also lets you apply two different quality of service (QoS) priorities, so the voice data travels faster and more securely than if the two were grouped together. A VLAN is when a single layer-2 network is partitioned so that the devices can only communicate directly with each other, via one or more routers. It uses routers because switches cannot differentiate between multiple types of data, and routers can. In order to best achieve this, you may need separate cables connecting the routers to each other.
Another way to keep the two data paths separate is to use Differentiated Services (DiffServe) bit-marking. The IP phone itself marks the voice packets as it generates them. The marked packets can be encrypted before they leave the phone, and then sent over the network with the highest priority.
2. Use Secure Session Internet Protocol (SIPS)
SIP was never designed to be secure, which is an important flaw addressed by this new protocol. With SIPS, messages are sent over a Transport Layer Security (TLS)-encrypted channel. TLS was first used to secure HTTP sessions, but is now able to protect SIP session communications from eavesdropping or tampering. SIPS requires that every hop of the conversation have TLS encryption. An attacker would have to break the encryption at every step in order to eavesdrop, which is very difficult.
3. Use SIP-Aware Firewalls
Voice traffic has always been a little tricky when it comes to firewalls. SIP uses two different connections to make a call, one that has the call signaling information, and another that carries the actual audio data. So, one port acknowledges that the call signaling data is safe, and opens up, but the audio comes through a different port and may be blocked. SIP involves two-way real-time communications, so unlike web surfing, a half a second of delay in connection is a half a second too long.
A SIP-aware firewall can be configured to inspect the data packets as they pass through, and change the port number in embedded in the audio data packets so that it matches the port number opened by the signaling information packets.
4. Make Your SIP User Names Different Than Your Extensions
It can be easy to overlook simple changes that make your network more secure. An extension in this case, refers to the desk you reach when you dial a number. It is easier when setting the names of the extensions to simply be the number, but anything easy for you is also easier for hackers. So, it is better to use personalized names for the extensions, like the MAC address of the device being connected.
On a related note, NEVER use predictable passwords like “PASSWORD1234.” The best passwords, if you can remember them, are non-dictionary words. Consider using letter substitution for secure passwords. One way is to move your fingers to different keys on your keyboard: “GetVoIP” would be “hrybpo[” when you move your fingers one key to the right.
5. Hack Yourself
The term for friendly engineers that test for weaknesses in a network is “Pentesters,” short for penetration testers. These people, and the programs they use, make mock attacks on a network, using every tool from guessing to sniffing to phishing to try to break into your system. Some of these tools, like PACK (Password Analysis & Cracking Toolkit) and SIPCRACK are even available to the public.
Having a secure VoIP network can mean the difference between productive business conversations and serious trouble. Security is one of the top priorities of businesses when they consider their communications needs and they will look for providers who, on both a technical and personal level, do all they can to keep their customers’ VoIP networks secure.