February 13, 2008
Security Measures for Enterprise VoIP Networks
By Brian Solomon, TMCnet Web Editor
When enterprises deploy VoIP , they must recognize the strengths and limitations the technology will introduce into their operations. Recognizing these strengths and limitations will help develop a governing VoIP security policy. This policy will help in deriving standards and technical controls that will support regulatory requirements as well as the overall security of the network.
The security policy associated with VoIP communications should address the following areas:
- Acceptable use of organizational VoIP equipment. The acceptable use includes calling plan restrictions, and pertains also to contractors, vendors and other third parties who interact with the organization.
- Protection of VoIP services, including service access, as well as signaling and media encryption for interactions in which sensitive information is handled.
- Media retention based on the minimum duration that media should be kept based on regulatory or other industry, state, or federal requirements.
- Signaling or media interception to satisfy law enforcement requirements.
- A vulnerability management process should be in place to categorize and prioritize the impact of vulnerabilities that may affect the organization's VoIP infrastructure and service.
These areas are the most common ones, but additional areas may be defined by the organization as needed. Defining a security framework for enterprise VoIP networks is very important to facilitating their design, deployment and maintenance throughout the life of the implementation.
Brian Solomon is a Web Editor for TMCnet, covering news in the IP communications, call center and customer relationship management industries. To see more of his articles, please visit Brian Solomon’s columnist page.
Don't forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users. Internet Protocol (IP) | X | IP stands for Internet Protocol, a data-networking protocol developed throughout the 1980s. It is the established standard protocol for transmitting and receiving data
in packets over the Internet. I...more |
Voice over IP (VoIP) | X | A real-time communications system that converts voice into digital packets containing media and signaling data that travel over networks using Internet Protocol....more |
(source: http://ipcommunications.tmcnet.com/topics/enterprise-voip/articles/20726-security-measures-enterprise-voip-networks.htm)
|
|