VoIP Security Basics

Is your brand new telephone system at risk?  Has it been hacked, causing you thousands of dollars in phone bills?  Is someone using your new VoIP system for terrorist activities without your knowledge?

Traditional integrated phone systems have always been fairly secure.  Back in the day, about all one had to worry about was making sure that everyone’s voice mail password was changed from default to prevent unauthorized call forwarding out of the country.  Now, with the exploding popularity of phone systems running VoIP and SIP, a new set of risks must be addressed by those who install and maintain these systems.  As these risks expose the new system’s owners to potential losses, those hiring a VoIP installer should also be aware of some security basics.

Here are 10 essentials for your VoIP phone security checklist:

  1. Don’t expose your phone system’s web-based administrative interface to the whole Internet.  Restrict it just to those requiring access.  Consider turning off the remote access when it is not being used.
  2. Change the default user name and password on the administrative interface before installation and make your new password is a strong one.
  3. Do not use the same SIP password as your extension number.  That makes it too easy for someone with a remote phone to connect to your system.
  4. Do not create unsecured virtual extensions or extra unused extensions.  It’s quite easy to connect a remote phone if there is an extra port just waiting for it.
  5. If using software-based phones (softphones) on remote notebook computers, smart cell phones, or other devices, make sure those devices employ their own security.
  6. Disable international toll calling.  Better to have a complaint about not being able to call Ireland than a complaint about 1,701 expensive calls to various countries in Africa.
  7. If international calls must be placed, allow access only to those who are authorized to make these calls, allow access only to the countries that must be called, and allow access only at certain times and days.
  8. Consider an automatic time limit for toll calls.  Does your staff really need to speak with someone in Siberia for 113 minutes?
  9. Train your staff to use distinct, not-default, passwords on their voice mail.  Explain to them how they don’t want to be the cause of a $7500.00 phone bill.
  10. Audit your system’s security features on installation and regularly thereafter.  Review your phone system’s call detail reports for unusual calls.

All of these safeguards can be applied to a good VoIP phone system.  Some safeguards, such as restricted international dialing, may also be set up by your telephone company on their equipment.  Make sure to check in with them because they will have no problem making money on your fraudulent calls.  And yes, if the expensive calls were placed through your phone system you will likely have to pay for them.

Of course a great way to connect with those in other countries is to leverage the remote features of your VoIP system and avoid the whole international dialing issue altogether.  Plus, point-to-point calls over the Internet are essentially free.

Some network security measures can be expensive and tedious.  VoIP security basics are quick and effective.  Now that you know the tricks, get it done today.

Adam Bristol is President of Current-Concepts Corporation, a firm specializing in unified VoIP and related technologies.