Writing Secure Code
| Hi-index | 0.00 |
Continuing our series on security VoIP, we look at best security practices for organizations deploying IP telephony in anger. Practices are graded as 'desirable', 'optional' etc. but one isn't: keeping the voice and data traffic separate through the use of 802.1Q VLANs. That's firmly in the 'mandatory' category. When securing network infrastructure, one technique is vital, according to the author: employ separate voice and data VLANs. This has several advantages. Amongst them, the inherent isolation provided by VLANs ensures that 'inter-VLAN traffic' is under management control and that network attached PCs cannot initiate a direct attack on voice components. When defining threats, it is imperative that there is a holistic approach to IT security, so that the voice system is included in overall security risk analysis and best practices are applied as deemed appropriate. These are aligned to data system security measures, as a minimum. In practical terms this would typically include deep packet inspection techniques, robust wireless security mechanisms, and endpoint security on servers and hosts. By definition VoIP traffic is vulnerable to the same threats as data traversing the IP network. The most common threats are from DoS attacks, malware and deliberate intrusion. We continue our VoIP series exploring how best to tackle them.