VoIP Security: 12 Best Practices for VoIP Phone Systems
October 1, 2019
Here are 12 best practices to keep your VoIP security, your wallet, and your reputation protected from bad actors on the internet.
- Secure user credentials with a strong password and two-factor authentication.
- Perform regular call log reviews for unusual call activity.
- Disable international calling / enable geo-fencing.
- Outsource to a SaaS provider for VoIP calls.
- Update firmware on VoIP phones.
- Use a router with a firewall.
- Limit physical access to networking equipment.
- Restrict user access to parts of the phone system.
- Ensure data encryption through your VoIP provider.
- Educate users on VoIP security best practices.
- Prevent ghost calls on IP phones.
- Implement intrusion prevention systems.
1. Secure User Credentials with a Strong Password and Two-Factor Authentication
While default credentials vary by manufacturer and model, they are easily found with a simple Google search and rarely utilize a strong password.
If your organization has a credential management policy, it is a good idea to apply these same standards to both deskphones and the web interface. A strong credential management policy includes expirationcomplexity and requirements, and is crucial to the effective management of security credentials. It’s good practice to periodically remind employees to update their passwords.
Two-factor authentication should be mandatory for all users on your VoIP phone system. Telzio offers 2FA for users, and enables you to verify on the web dashboard that all users have successfully enabled the feature.
2. Perform Regular Call Log Reviews
This security tip requires little or no technical knowledge of networks or VoIP systems in general. It is a best practice, however, to institute regular reviews of VoIP traffic in the call logs.
Telzio provides detailed call analytics with data including:
- average call duration
- average hold time
- total number of incoming / outgoing calls
- total calls / missed calls
- total duration by user
By regular checking these call reports and comparing period over period, you can easily pick up when there are signifcant variants in activity. These pieces of information can point you to areas where there may be gaps or misuse.
Administrators will want to check for abnormal call durations, destinations, and the times that outgoing calls are being initiated. Any outliers in these logs should be investigated to ensure that your system has not been compromised.
Detailed call reporting is an important feature to look for when considering a new VoIP service and Telzio even offers real-time call monitoring. These logs will tell you a lot about your baseline usage and are not only useful in monitoring the health of your phone system, but are valuable in planning for future expansion.
3. Disable International Calling or Enable Geo-Fencing
If you must make international calls, it’s a good idea to enable geo-fencing. Geo-fencing is also used on network firewalls and email servers to prevent connections to countries where high numbers of potential hacks originate.
Telzio enables you to block unwanted calls to/from entire countries, area codes, and specific phone numbers. You can add countries to a blacklist to ban incoming and/or outgoing calls from that country right on the Telzio Dashboard.
Another similar precaution would be to use IP blacklists on your firewall to block connections, including VoIP traffic, to known malicious IP addresses. IP blacklists can be found on reputable public aggregator sites such as dnschecker.org.
4. Utilize SaaS for VoIP Calls
Software as a service has become an important part of everyday office operations as individuals and large organizations leverage the expertise of specialists to manage a complex piece of software or application. Rather than building and maintaining your own VoIP infrastructure, outsourceyour PBX and VoIP services to a SaaS provider like Telzio.
Telzio provides a robust feature set out-of-the-box, a user-friendly UI, and full support. What’s more, built-in security measures to protect you from fraudulent activity on your account and can be that extra set of eyes you need to prevent serious intrusions.
5. Stay Up to Date on Security Patches
Just as all network security devices and computers need to be updated, so does your VoIP phone.
update the firmware
Firmware updates should be checked regularly (quarterly is recommended), installed as soon as possible, and built into the wider update schedule for all of your networked devices as a part of the IT asset management policy.
6. Use a Router with a Firewall
From time to time, we hear about people who connect their IP phones directly to the internet without using a router or firewall. This means that anyone with an internet connection can access the phone’s web interface, and if the phone’s administrator password is still the factory default – well, that’s just making it too easy for the perpetrator.
If your router has a firewall, you should always enable that feature. Firewalls look at the traffic that goes in and out of the network, and tries to block anything that looks suspicious.
7. Limit Physical Access to Networking Equipment
Networking equipment should be stored in a locked room or cabinet and only accessible to the IT team. Securing access to the physical hardware that protects your network is key to ensuring that all of your IT systems, including VoIP, remain uncompromised. Installation of security cameras and implementation of an access log that is audited on a regular basis are also recommended to secure your networking room.
8. Restrict User Permissions
Telzio provides a web interface to make configuration of the device easier and to give you access to additional features and many more customization options. The web interface also determines how it interacts with the VoIP system and therefore will need your user credentials. While the web interface can make setup a breeze, it is one more door into your VoIP system that needs to be secured.
9. Ensure Data Encryption
It’s important to partner with a VoIP provider that encrypts the call processing data sent between the VoIP servers and your network. Telzio ensures end-to-end encryption across all calls and messages throughout the life of the data.
It’s also crucial that your network is encrypted to prevent the damage caused by bad actors sneaking around your systems. Even if someone is able to gain access to your system, encrypted VoIP connections ensure that the data is unusable to them.
10. Educate Users
Your VoIP users are just a part of the first line of defense against fraudulent activity on your system but can be one of the most effective. Proper education about security credentials and what to expect from normal quality of service on VoIP calls can help keep your system secure. Educated end users give you an extra set of eyes looking for abnormal activity that could indicate that your system has been compromised.
It is also important to implement policies on what should be disclosed during a phone call to avoid the unintended disclosure of personally identifiable information, business data, identity theft, or other personally intrusive criminal activity. Security training should also be thought of as an ongoing process. As new security issues and potential threats emerge, it is very important that your training changes to address new threats as well. Keep your users educated as they are the ones using the system on a daily basis.
11. Prevent Ghost Calls
However, if the phone is protected, then there’s very little chance that the hacker can gain access to exploit the phone. But, he can still send these port scan requests to make the phone ring, which can be pretty annoying for people at work. This is when ghost calls occur.
Luckily, there’s an easy way to prevent these ghost calls. Most IP phones have a setting that tells the phone to only accept incoming calls from the server they are connected to.
12. Implement Intrusion Prevention Systems
Intrusion prevention systems will keep an eye on the overall performance of your VoIP system and balance the load on your network to ensure that your quality of service remains high. These load balancing measures, along with other security features, will also detect abnormal activity that accompanies events such as a distributed denial of service attack (DDoS).
Intrusion prevention systems can be features on your firewall, in addition to the prevention measures built-in to the Telzio VoIP platform. It is important to have a conversation with your IT department to see what tools are available to you and keep them up to date with the most recent security patches.