AVOXI addresses various security measures to ensure our customers’ protection when using Voice over IP or VoIP. As VoIP technology changes rapidly, we thought it time to revisit security measures from the provider side and client side. This article reviews the issue and speaks to the various security measures and provides checkpoints to identify security gaps.
The benefits of VoIP phone solutions are numerous. Cost savings, business-class feature availability, expanded services, and more drive the appeal to shift telephony services to VoIP technology. But that also means that many of the security requirements formerly handled by an internal company team are now shared with your VoIP services provider. Let’s take a look at the security measures from the provider side.
Top 8 Measures Your Provider Needs to Address for VoIP Security
Use the checklist to guide the discussions with your provider to determine whether or not appropriate security measures are in place:
- Clustered Firewalls: Clustered firewalls provide for both security and stability. The need for high availability and throughput, demand for low latency, and stable connection along with availability for concurrent sessions requires a clustered firewall infrastructure.
- Intrusion Prevention Systems: Intrusion prevention systems monitor overall load. Load analysis identifies when the number of sessions go over a set threshold. The prevention systems close connections when necessary to prevent service degradation. Additionally, the intrusion prevention measures inspect traffic packets to prevent and stop system penetration to protect customer information and customer billing.
- Call Behavior Monitoring Algorithms: Monitoring algorithms allow the provider to analyze call behavior every second to look for abnormal patterns or routes. The ongoing check for irregularities can indicate improper or fraudulent calls. Action to stop those routes is the next step.
- Credit Limits: Credit limits based on both current and historical spending allow the VoIP provider to limit any abuse or misuse not caught by behavior monitoring or intrusion prevention systems. Rapid escalations against the credit limit typically indicate abuse on incoming or outgoing call traffic and allow the business to quickly address or stop inappropriate traffic.
- Access Lists: Access lists helps the provider to lock down a customer’s account to prevent identity theft or scamming. The provider authorizes against the customer’s IP address listed in the provider’s system to prevent identity fraud.
- Call Routes: Establishing call routes allows your provider to set up a profile where only you as the customer can send outbound traffic to those desired routes.
- Geo Limits: Similar to setting up your call routes profile with your provider, establishing geo limits helps control usage from certain geographic locations and blocks all other use and access. Your provider places attempted connections outside set geo limits on a suspicious list to confirm with the customer.
- VPN (Virtual Private Network) Connection: A VPN connection supports strict security by helping manage multi-office locations, securely connecting remote workers, encrypting your connections.
A cloud-based VoIP solution provides generous cost and operational benefits, but those benefits require support from strong VoIP security measures and services. Customers also have a responsibility to partner with their VoIP service provider to make certain all appropriate measures are in place.
Top 5 Measures Do You Need to Address Internally for VoIP Security
As you can see from the VoIP provider check list, some of the security requirements include actions the customer enables in partnership with the provider. In addition, see the following checklist to identify any gaps you have in forming a secure VoIP environment.
- Review Call Record Details: Call details allow you to identify the normal activity of your business. Reviewing those records every billing cycle lets you more readily identify unusual traffic, such as non-regular call destinations, call lengths, or account performing traffic. Discuss any abnormalities with your provider. Call recording capabilities are typically in the control of the client through a user interface (see the AVOXI example). Ensure you check your online portal and turn your call recordings to on or off depending on your business requirements.
- Secure Credentials: Do not share your credentials with third parties, leave information in insecure place, or share by email or any other insecure method. If there is an information leak, immediately contact your provider to re-generate your credentials.
- Establish Password Protocols: Mandating password protocols that have a minimum password length of at least 12 digits including upper and lower case letters, numbers, and special characters is another key security element. Best practice requires new passwords every 30 to 90 days.
- Restrict Call Forwarding Options: A premiere feature of VoIP phone systems, call forwarding also presents an opportunity for fraudulent behavior. Consider restricting your call forwarding setting on extensions. Request assistance from your provider to facilitate your preferred setup rules.
- Review Security Protocols: Identify computer and hardware security needs, educate your employees, establish roles for the IT team, and other methods further secure your environment. See AVOXI’s article, Where, What, and How of Toll Fraud and Best Practices for Prevention, to assess your rules.
The checkpoints offer a quick method to guide questions when selecting your VoIP provider and to double check your internal setup. AVOXI considers security and fraud prevention a partnership with its customers. Maintaining a secure system is an ongoing monitoring and prevention process helps our customers realize the full benefits of VoIP technology.
Additional information on VoIP security in your environment:
Telecom Security Toolkit
A set of free resources for detecting and preventing security risks in your communication networks and technology.