| IP telephony security, it's all about the layers! |
 |
 |
|
IP telephony security, it's all about the layers! Security seems to be one of those black hole areas where everyone has an opinion, especially when it comes to IP telephony. Here is my opinion, keep it simple and implement a few layers of security.Nick's Five Layers of IP Telephony Security 1) Use SSH to manage Call Processing Servers and Voice Gateways 2) Enable RTP Media and Signaling Encryption 3) Encrypt your backups 4) Use Authentication, Authorization, and Accounting (AAA) for system management 5) Implement 3 basic data network security techniques: * DHCP Snooping: Combats against rogue DHCP servers. It builds a table of authorized IP and MAC addresses. This table also contains port number and VLAN information * Port Security: Prevents MAC flooding attacks by limiting the number of MAC addresses that can appear on a port. (Recommend 3 when running pc's behind a ip phone) MACs are flushed after 5 minutes when a device is disconnected and re-learned when a device is plugged in. Violations can shut down an offending port, and its phone, for a pre-defined lock down period, or permanently. * Traffic Policing: Limits the amount of traffic allowed. Traffic can be policed at an per port or per VLAN And one more thing: Adopt and enforce physical security! |
