Voice over IP or VOIP allows for full-featured telephone services over the internet, thus providing lower costs, greater numbers of services, and hosted operations (in the cloud).
However, this type of operation pushes many of the security requirements formerly handled by a company and its telco to a VOIP services provider who can be vulnerable to a number of exploits.
The list below shows key security measures a VOIP service provider should put into place to protect itself and most importantly, its customers:
- Clustered Firewalls:
Provides for both security and stability.
- Intrusion Prevention Systems:
Monitor overall load and the number of sessions and close all connections that go over a certain threshold preventing service degradation. These systems also inspect all traffic (packets) in order to stop and better yet, prevent system penetration protecting customer information and even more, customer billing.
- Call Behavior Monitoring Algorithms:
Analyze call behavior every second looking for abnormal patterns or routes with the ability to stop those routes if calls are deemed to be improper or fraudulent.
- Credit Limits:
Assignment of credit limits based on both current and historical spending allows the VOIP provider to limit any abuse or misuse that isn’t caught by behavior monitoring or intrusion prevention systems.
- Access Lists:
Ties a customer to a Static IP address to prevent identity fraud.
- Call Routes:
Allows a customer to choose only certain call routes.
- Geo Limits:
Prevents usage only from certain geographic locations blocking all other use.
- VPN Connections:
Limits connections from a customer to the VOIP provider only via an encrypted link
The move to a cloud based phone system or call center system provides generous cost and operational benefits, especially when supported by strong security processes and services.