Steps to secure a VoIP Installation
When we integrate VoIP into our communications infrastructure, we need to undergo a paradigm shift with regard to how we think about security. This shift is necessary because we don't normally think of security when discussing communications. Regular PSTN phone lines have well defined security issues which are taken care of both at the ISP level as well as at the legal level. Moreover, since the data being sent over PSTN is analog in nature, interception isn't a trivial matter and will always result in a little bit of distortion which can be detected.
VoIP however, travels via packets and it's trivial for an interception mechanism to produce perfect duplicates in a transparent manner. Such "man in the middle" attacks are very difficult to protect against.
Also, most VoIP security threats are internal - meaning that employees are most likely to be the source of the problem. Fortunately, there are a number of measures which can head off the common sort of problems and prevent your VoIP infrastructure from becoming a soft target. This is called "hardening" your system and it consists of steps and procedures which take a proactive view towards security.
The consequences of a security breakdown in a VoIP system can be significant. Firms can suddenly find their intellectual property compromised for example. Other issues can be when an attacker gains access to your system and uses it to make unauthorized phone calls leading to massive expenses.
All this is possible because of the comparatively large number of components in a VoIP system. Routers, PBX VoIP Phones, servers and computers are all prone to hacking. One of the easiest ways to "harden" a VoIP system is to ensure that easy exploits are no longer possible by having an effective password management policy in place. Ensure that passwords have capital letters and some numbers and have them changed regularly. This might seem like a pain, but it's essential in order to keep the system safe.
Most importantly, the accounts of old and terminated employees must be disabled to make sure they don't penetrate the IT infrastructure. Disgruntled workers can be the single largest cause of headache and it's important that simple steps are taken to protect against this danger.
Also, make sure that all the software used on your VoIP system is up to date. There is software which automatically updates the packages and it's worth installing it. By fixing exploits as soon as they're revealed, you can drastically cut down on the number of attacks you face.
These few simple techniques give the most bang for the buck. Employ them and you can rest easier than before! Hosted PBX VoIP systems are even more secure though.