IDG Answers is a community of experts who are passionate about technology. Ask a question or answer one below.
While VOIP, Voice over Internet Protocol, offers a number of cost advantages over traditional telephoning, it can also pose a security threat. When it comes to getting water tight security for VOIP, all companies will have different requirements. There are three levels of security that most of the companies can be categorized into. 1. Applying security policies before you implement VOIP will enable you to have better protected devices. You can also apply and then test various security policies after your VOIP has been implemented to ensure that you are tightly secured. 2. For networks, you can implement MPLS VPN or Virtual Private Networks to enjoy a higher level of security. Implementing security protocol is essential and should be done based on the specific type of application being used. SIP applications for instance will require a different protocol than voice applications. 3. SAFW-SIP aware firewalls are a must and should be added to all of your existing systems. You can also add IPSec for security as well as encryption at the IP level. 4. Digital certificates can be added using a third party solution such as Kerberos and all of your UDP IPsec should be evaluated based on RFC 3948. 5. All call processing and feature servers need to be placed behind a firewall. Software feature loads should be encrypted and it is essential that you perform spyware, virus and intrusion as well as other security scans when you first boot up your systems. 6. Not overloading systems is essential as well. Ensure that all software and sets are only running the minimum of services that are required for use. 7. Gateways and phones should always be authenticated before signaling.
Thanks and Regards,
Here is a pretty decent guide at CSO.