White Paper: Security Best Practices For Enterprise VoIP Preventing Attacks And Managing Risk

To take full advantage of unified communications (UC), enterprises are extending their voice over IP (VoIP) networks to soft phones, WiFi/dual-mode phones, and other devices. At the same time, they are connecting to service providers using Session Initiation Protocol (SIP) trunks, creating federations with other enterprises, and integrating collaboration, multimedia, and presence applications.

By leveraging their internal IP PBXs to handle external calls using VoIP and adding UC applications, enterprises can decrease costs, improve collaboration, and ensure business continuity. But many enterprises don't realize the potential security implications of extending their VoIP networks over public and/or untrusted networks.

There are a number of security best practices that must be followed to prevent attacks and minimize risk in order to extend VoIP securely. Some of these best practices can be borrowed from the data world, such as ensuring security patches are up-to-date, installing the latest anti-virus software, encrypting traffic for privacy, and authenticating users. But existing data security measures are not enough to protect unified communications.