February 13, 2008

Security Measures for Enterprise VoIP Networks

By Brian Solomon, TMCnet Web Editor

When enterprises deploy VoIP, they must recognize the strengths and limitations the technology will introduce into their operations. Recognizing these strengths and limitations will help develop a governing VoIP security policy. This policy will help in deriving standards and technical controls that will support regulatory requirements as well as the overall security of the network.

• Acceptable use of organizational VoIP equipment. The acceptable use includes calling plan restrictions, and pertains also to contractors, vendors and other third parties who interact with the organization.
• Protection of VoIP services, including service access, as well as signaling and media encryption for interactions in which sensitive information is handled.
• Media retention based on the minimum duration that media should be kept based on regulatory or other industry, state, or federal requirements.
• Signaling or media interception to satisfy law enforcement requirements.
• A vulnerability management process should be in place to categorize and prioritize the impact of vulnerabilities that may affect the organization's VoIP infrastructure and service.

Brian Solomon is a Web Editor for TMCnet, covering news in the IP communications, call center and customer relationship management industries. To see more of his articles, please visit Brian Solomon’s columnist page. 

Internet Protocol (IP)	X
IP stands for Internet Protocol, a data-networking protocol developed throughout the 1980s. It is the established standard protocol for transmitting and receiving data in packets over the Internet. I...more

Voice over IP (VoIP)	X
A real-time communications system that converts voice into digital packets containing media and signaling data that travel over networks using Internet Protocol....more

(source: http://ipcommunications.tmcnet.com/topics/enterprise-voip/articles/20726-security-measures-enterprise-voip-networks.htm)