The Nationwide Security Company (NSA) has unveiled a new report providing businesses insight into the present-day most effective tactics all over the security of unified communications (UC) and voice and video in excess of IP (VVoIP).
The report, titled Deploying Protected Unified Communications/Voice and Online video more than IP Techniques, also appears at the potential risks to improperly secured UC/VVoIP units.
Fashionable communications infrastructure in most companies is tightly built-in with other IT networks, increasing the attack surface area for hackers to gain obtain. The NSA mentioned that UC/VVoIP devices would pose the exact same hacking pitfalls to businesses by spyware, viruses, program vulnerabilities, or other malicious signifies if remaining inadequately secured.
“Destructive actors could penetrate the IP networks to eavesdrop on discussions, impersonate consumers, dedicate toll fraud and perpetrate denial of services attacks,” the NSA explained in a statement.
“Compromises can guide to superior-definition room audio and/or video staying covertly gathered and sent to a destructive actor applying the IP infrastructure as a transportation mechanism.”
The report outlined the ideas and tips organizations must undertake to boost security, these as segmenting voice and video targeted traffic from details targeted traffic and separate IP deal with ranges to restrict entry to a typical established of units.
In addition to working with VLANs, directors must also use entry manage lists and routing procedures to limit obtain to devices across VLANs. According to the NSA, this can make it a lot more hard for a malicious actor to accessibility open products and services on phones and servers from outdoors the VLAN.
An additional best observe the NSA outlined is employing layer 2 protections and address resolution protocol (ARP) and IP spoofing defenses. It also advisable only employing switches with these protections.
The NSA also reported that PSTN gateways need to authenticate all UC/VVoIP connections and not allow calls directly from IP telephones without having the UC/VVoIP server’s authorization.
The agency also urged companies to use only vendor-signed patches downloaded from dependable sources.
The NSA explained taking gain of a UC/VVoIP system’s benefits, these kinds of as charge financial savings in operations or highly developed simply call processing, will come with prospective risk.
“A UC/VVoIP technique introduces new likely security vulnerabilities. Understand the types of vulnerabilities and mitigations to improved protected your UC/VVoIP deployment,” the company reported.
Some components of this write-up are sourced from: