Guarding against Cisco VoIP security threats

How can I increase my desk phone security within my Cisco VoIP network?

Every organisation recognises the importance of protecting their Cisco voice-over-IP (VoIP) network to make sure they have the right measures in place to minimise data loss due to security threats.

Cisco VoIP has plenty of advantages to businesses. However, IP-based voice networks are vulnerable to the same risks as data networks. Fortunately you can use many of the same security techniques and technologies for your Cisco VoIP network that you may already be using on your data network.

The Information Systems Control Journal of ISACA, an independent association that provides education on information systems assurance and security, provides six tips for securing VoIP network and voice data:

• Inform staff of potential security risks: ensure they do not have paper-based login user names and passwords around the office. Better still, use a SSO solution such as RSconnect’s ALM
   
• Encrypt voice traffic: To avoid unauthorised access to calls and unauthorised changes to voice messages and other VoIP content, encrypt your voice traffic. All good VoIP systems should have built-in encryption capabilities to protect against such threats as man-in-the-middle attacks and unauthorised snooping of voice data.
   
• Install firewalls: Since VoIP traffic and data traffic all travel on the same physical network, protecting your data network helps protect your VoIP network. For example, the Cisco SA500 Series Security Appliances and Unified Communications 500 Series have security features to protect the entire network for both voice and data traffic. They also use VLANs to virtually separate the two traffic flows from each other on the same physical network.
   
• Separate voice and data traffic: The ISACA Journal article recommends using separate servers for your voice and data traffic. This way, you can minimise the risk of voice and data loss in the event that your business is the target of a distributed-denial-of-service attack.
   
• Filter unauthorised traffic: Configure your switches, routers and firewalls to monitor and filter your network for unusual voice and data activities. For example, voice traffic should not be allowed on your data network and vice versa.
   
• Setup dial plans and user profiles: You can use VoIP system features to identify users, the type of calls being made and restrict unwanted traffic, such as outbound international calls. Traffic limits can also be set to ensure call quality and maximum voice and data network performance.  These features can also be set to log caller activities and events.

In addition to these measures, you should also put strong passwords in place for your Cisco VoIP servers. You should also make sure you to sign up for updates to your Cisco VoIP server operating system from the manufacturer. These updates often fix security vulnerabilities that may have been found in the software and should be installed as soon as you receive the alerts.

Following these steps should protect your voice data and ensure your Cisco VoIP network runs smoothly, but also important is the consideration of Single Sign-On to further reduce IT user support workloads.

ALM Single Sign-on (SSO) for Cisco IP telephony systems

ALM single sign-on (SSO) software from Cisco Select Partner RSconnect can be installed within 30 seconds, does not require any administrator or technical skills, and will work out of the box using your existing Cisco IPT phone’s Extension Mobility settings. ALM is also compatible with Cisco CUCM 7.x, 8.x, 9.x and 10.x.

ALM avoids the requirement to enter a Username and PIN at your IP phone device by installing a small Windows application in the PC System Tray

ALM software is easy to use and improves the internal security policies within your company, and can also be added on top of your existing Microsoft Active Directory integration.

A fully functional evaluation version of ALM software is available for download, completely free of charge.