Learning Guide

Secure VoIP tutorial: Understanding VoIP security best practices

Many organizations have chosen to implement Voice over Internet Protocol (VoIP) telephony to take advantage of its many benefits, including reduced voice communications costs, easier telephony management and advanced collaboration

Requires Free Membership to View

features. However, enterprises cannot ignore the importance securing the technology.

This VoIP tutorial, brought to you by SearchSecurity.com, is a compilation of resources focusing on how to secure VoIP in the enterprise. The VoIP security tutorial reviews the overall importance of VoIP security, offers a variety of VoIP security best practices, details VoIP protocols and standards, and provides info on potential VoIP security risks.

    TABLE OF CONTENTS

Secure VoIP tutorial: Introduction to VoIP

This section of the Secure VoIP tutorial acts as an introduction to VoIP and VoIP security fundamentals, as well as discussing VoIP security best practices and recommendations, highlighting terms every enterprise should know before implementing VoIP.

5 terms you need to know before you employ VoIP
Securing VoIP in an enterprise can be a challenging task, and properly implementing VoIP is an essential element in achieving effective VoIP security. But before beginning a successful VoIP rollout across an organization, security staff should familiarize themselves with certain terms.

This SearchSecurity.com article offers a good introduction to VoIP, highlighting and defining five important terms that every organization should know and understand before employing VoIP across the enterprise.

VoIP security best practices: Securing communication in the workplace
Featured tip: The benefits of VoIP include not only cost savings, but also many improvements in usability and functionality that can provide compelling improvements in enterprise collaboration and communication.

However, following the rapid advancement of VoIP technology, many organizations overlook security planning. In this tip, learn the particular threats that can pose problems for secure VoIP communication in the workplace, as well as practical strategies and VoIP security best practices that companies can put in place to avoid falling victim to VoIP threats.

Secure VoIP tutorial: VoIP protocols and standards

This section of the Secure VoIP tutorialdiscusses and defines VoIP protocols and standards, and identifies the flaws and vulnerabilities associated with those protocols and standards and gives advice on how enterprises can avoid them.

VoIP protocols: A technical guide
Many enterprises are using their own IP network infrastructure to slash their phone bills and increase productivity thanks to VoIP. However, implementing IP telephony terminals, call servers, proxies and gateways can come with risks, creating new attack targets, and converged voice/data networks can fall victim to new exploits.

Considering, VoIP implementations require careful design, testing and analysis to identify and eliminate security risks and vulnerabilities. This guide discuss the two main VoIP protocols -- Session Initiation Protocol (SIP) and H.323 -- as well as their know flaws and vulnerabilities and how functional protocol testing ("fuzzing") can help thwart those threats.

Secure VoIP tutorial: VoIP implementation

Implementing VoIP in your organization can cause a few headaches, not to mention open your enterprise up to a variety of different vulnerabilities and risks. In this section of the Secure VoIP tutorial, organizations will receive best practices for deploying VoIP on their networks, as well as advice on how to best thwart security risks and threats.

Getting VoIP to work: VoIP best practices for implementation
Successfully getting VoIP to work seamlessly is often easier said than done. A successful VoIP implementation requires some research to ensure system compatibility as well as be aware of potential threats that could hinder security.

In this tip, organizations will learn best practices and methods for achieving a successful implementation of VoIP and why it is essential to constantly test and monitor their system to keep it free of vulnerabilities and thwart potential security risks.

Will deploying VoIP on an 802.1x network create security problems?
Considering deploying VoIP on an 802.1x network? Before you do, read advice from network security expert Mike Chapple on implementation best practices, and get advice on how to protect you network from potential vulnerabilities and threats.

Secure VoIP tutorial: VoIP security risks and threats

Converging voice with other data applications such as presence, conferencing and email offers multiple benefits to an enterprise, but VoIP systems can also introduce risk. In this section of the Secure VoIP tutorial, enterprises will learn about the security risks and threats associated with VoIP and how to avoid them.

VoIP eavesdropping: Hardening network security to contain VoIP risks
Hardening network security is necessary when deploying VoIP telephony system, as sending routing calls over a data network opens calls to several threats, including eavesdropping.

Here, network security expert Mike Chapple explains what eavesdropping is, and how it works, and examines best practices for implementing VoIP in an enterprise environment and methods for avoiding VoIP threats.

How to avoid VoIP security risks: Forrester’s six-step process
VoIP, IP telephony (IPT) and unified communications (UC) potential targets for malicious hackers; unfortunately, many organizations do not adequately protect their UC deployments because they’re unaware of the inherent risks associated with these technologies.

In this tip, analyst John Kindervag of Forrester Research explains why it is critical for enterprises to fully understand the risks associated with the VoIP network, and discusses Forrester’s six-step process on how to avoid VoIP security risks and secure VoIP systems in the enterprise.

Identifying VoIP phone security risks, attacks
With the benefit of having lower costs than conventional telephony, the voice over IP market has been projected to top $10 billion. And its increasing popularity will likely make it a more popular target for spam and attacks.

In this tip, expert Marcus Ranum discuss the security risks associated with the VoIP phone and gives some best practices for preventing and identifying VoIP phone security threats and attacks.

How should service providers address VoIP security issues and threats?
When it comes to VoIP service providers, what can you expect? How do service providers address VoIP security issues and threats?

Get the answers to those questions and learn how service providers can offer encryption, and use Wireshark and VLANs to address VoIP security threats, in this SearchSecurity.com expert response.

Voice over IP Security: VoIP Threat Taxonomy
In this chapter excerpt from the book, Voice Over IP Security, Chapter 2: VoIP Threat Taxonomy (.pdf), author Patrick Park reviews spam calls, phishing tactics and other Voice over IP attacks that threaten social context and often misrepresent identity and authority.

This was first published in February 2006