How to Protect Voice Over Internet Protocol
VoIP provides a number of valuable features in addition to big cost savings. These include call screening and conferencing, voicemail-to-e-mail transcription, call routing and more.
With these grand features, though, comes risks. VoIP needs to be protected from hackers because VoIP packets travel in cyberspace—and like data packets—can be snatched.
An article on powermore.dell.com says that the following are real threats: nosing in on conversations, hacking into voicemail, spoofing identities, DoS attacks, man-in-the-middle attacks and more.
In fact, VoIP hacking services are offered on the Darknet and the website, Hacker’s List. Hackers also get a lot of help from other hackers. There’s no shortage of cyber criminals on deck for hacking into VoIP, using any number of attack approaches.
One of them is called footprinting. Hackers gather all sorts of publicly displayed information about organizations to hack. For example, a company website announces to the world that so-and-so was just hired to (fill in the blank—some techy description of IT responsibilities that’s as easy as 2 plus 2 for the hacker to understand).
The organization needs to structure job descriptions and other content on their websites so that it’s too generic for a hacker to benefit from.
Depending on your setup, especially if you are a small business, the following may or may not apply to you. The article offers the following recommendations for VoIP protection:
- Create two virtual VLANs to separate voice traffic from data traffic.
- Use encryption for voice traffic and calls.
- With a complex password and non-standard port, protect the remote admin interface.
- Put the VoIP server behind a firewall. Also put it behind an intrusion prevention system such as antivirus
- Make sure usernames differ from their extensions.
- Always keep VoIP systems up to date and holes promptly patched.
- Delete sensitive voicemail messages.
- Set strong security policies.
- Use a strong voicemail passcode (six digits).
- Limit invalid login attempts.
- Use traffic analysis and deep packet inspection technologies.
- When employees leave the company, immediately remove their mailboxes.
- Give all employees security awareness training and mandate that they report suspicious happenings.
International calls should be disabled by default.