Network Security - IP Voice Security Checklist

Consider these best practices for success:

Write a security policy.

Make sure your policy covers the entire IT infrastructure, including all IP-based communications, such as:

  • Telephony
  • Voice mail
  • E-mail
  • Instant messaging

Work with your reseller to confirm that your network is VoIP-ready.

Verify you have enough processing power and bandwidth, especially between locations.Be sure you have firewalls and intrusion detection services at all access points to the public infrastructure (leased lines or the Internet).

Secure the network infrastructure.

Separate voice from data traffic using VLAN technology. Install firewalls and intrusion prevention systems. Deploy VPNs between locations. Activate wireless security features such as Wi-Fi Protected Access (WPA and WPA2) protocols.

Secure call management.

  • Regularly update the server's operating system security patches.
  • Encrypt call-signaling protocols.
  • Deploy digital certificates, signed software images, and antivirus and anomaly detection software.

Secure the applications.

  • Regularly update host security patches.
  • Use antivirus and anomaly detection software.
  • Require user authentication.
  • Protect management consoles.
  • Place the management traffic for the network, call-management server, and voice applications on a private VLAN.

Secure the endpoints.

Activate phone-to-phone encryption and wireless endpoint encryption. Identify callers by using digital certificates and authentication. Use centralized endpoint management to detect and block "rogue" devices attempting to log in to the network.

Stop denial-of-service attacks.

Work with your service provider to identify these and stop them from hampering your network.

Stay vigilant.

Plan and implement regular security software updates and ongoing monitoring, along with periodic evaluations and threat assessments to continuously improve your security posture. Train staff and regularly communicate updates.

Compliance—what if you don't make the grade?

compliance

Non-compliance can lead to fines, additional audits, loss of business, and damage to your reputation. But compliance doesn't have to cost an arm and a leg. Verisigh's Security Certification Program helps you meet a border array of requirements, at a lower cost.

Find Out More » telemanagement@atelcommunications.com