Remote IP Phone Security
The importance of considering network security in VoIP/UC deployments cannot be understated. Unsecured VoIP networks are vulnerable to the same threats as regular data networks as well as many more, including toll fraud. But to protect a VoIP network requires more than simply locking it down from unsolicited outside data traffic as this would disable the primary function of a VoIP network: making and receiving calls. This is because, in making or receiving calls, the person called or calling from outside the network is technically sending unsolicited packets of data. Fortunately, there are several key tools network administrators can use to ensure their VoIP network remains safe from malicious activity. Here are some that are useful in securing VoIP networks with remote users.
Using VoIP Firewalls
A remote phone deployment in branch offices or for work-at-home employees is completely different than SIP trunking. Remote phones are dynamic in location and require significantly more calling features. Remote phones cannot be considered as peers as phones register for services and change IP addresses often, across multiple devices and locations. Remote phones require automatic provisioning with file servers and possibly require web access and REST API access to the IP PBX. The interconnectivity between remote phones and an IP PBX is complicated with many communication requirements.
The application of security solutions involves providing a firewall solution that is used to define the remote phone to IP PBX relationship between various networks using VoIP application layers, file provisioning, and other services, while ensuring signaling and media are secure. Meanwhile, remote phones most often are located behind other firewalls, presenting additional communication issues.
In this example, the IP PBX resides behind a typical network firewall. The firewall is the border element between the Internet (or untrusted network zones) and Local Area Networks (or trusted zones). The remote phone is located on a remote network across the Internet. The firewall is monitoring network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
Firewall Features & Setup
The firewall controls the traffic by redirecting SIP signaling and audio media streams to the defined destinations. In this solution, the firewall is controlling communications for allowing SIP VoIP traffic from remote phones to be directed to the IP PBX.
Using VPNs
Using a Virtual Private Network (VPN), which relies on the Internet Protocol Security suite (IPsec), is a completely different way to provide a secure VoIP solution. Using already well-established encryption tunnel technologies, a secure tunnel is created between the remote phone and the IP PBX.
In this example, the IP PBX resides behind a typical network firewall. The firewall is the border element between the Internet and LAN. The remote phone is located on a remote network across the Internet and the remote phone is establishing a VPN tunnel to the IP PBX. VPN uses the IPsec network protocol suite that authenticates and encrypts the packets of data sent over the network. The firewall is relaying the VPN tunnel from the remote phone to the IP PBX.
In this example, the IP PBX resides behind a firewall, the firewall is the border element between Internet (or untrusted network zones) and Local Area Networks (or trusted zones). The firewall is a network security device and will forward the VPN traffic from the remote phone to the IP PBX.
Using SBCs
As stated before, the interconnectivity between a remote phone and an IP PBX is complicated with many communication requirements.
The advanced application of security solutions involves providing a Session Border Controller (SBC) solution that is used to define the remote phone to the IP PBX relationship between various networks using VoIP application layers, file provisioning, and other services while ensuring signaling and media are secure. This method highlights the strength of the SBC to protect the IP PBX while providing access for remote phones located behind other firewalls.
In this example, the IP PBX resides behind an SBC. The SBC is the border element between Internet (or untrusted network zones) and Local Area Networks (or trusted zones). The SBC is a network security device as well as a VoIP security device that monitors incoming and outgoing network and voice traffic and decides whether to allow or block specific traffic based on a defined set of network and voice security rules. As far as networks go, nothing can ensure the security of a VoIP network as well as an SBC solution.
Next Steps
Ready to secure an already existing Unified Communications (UC) or simple VoIP deployment? Check out our award-winning line of Session Border Controllers here.
Or perhaps you are still researching your next business phone system? In that case, download our free guide to determining your network’s readiness for Unified Communications! It explains the basics of VoIP networks including how fast your internet speeds should be and how to ensure safe and reliable voice service.
The post Remote IP Phone Security appeared first on Sangoma.