Just as technology is always evolving, the ways organizations approach unified communications strategies are also constantly changing. Organizations need to have a strategy to address questions surrounding UC security, SIP trunks and VoIP compliance.
In 2019, our experts tackled many of these questions to provide insight into how organizations can approach their unified communications strategy. Take a look back at the five standout questions our experts answered from the last year.
1. What are the challenges of unified communications security?
UC has many moving parts, each with its own security needs. Tools such as voice, video and messaging face different threats, which means IT teams need to approach UC security in various ways.
The main challenges IT should keep in mind are content security, denial-of-service (DoS) attacks and protection from service hijacking. One basic security strategy for protecting UC is to use encryption and usage monitoring. Encrypting data can prevent hackers from stealing information, while monitoring voice over IP (VoIP) traffic, for example, can fend off costly DoS attacks.
Most UC vendors will have security features, such as firewalls, built into their products. IT teams should explore all available security options for UC.
2. How do cloud SIP trunking and traditional SIP trunking differ?
The biggest differences between cloud-based SIP trunks and traditional Session Initiation Protocol trunks is in their maintenance and management. Traditional SIP trunks are typically managed by end-user organizations, while cloud SIP trunks are often managed and monitored by the provider.
With traditional SIP trunks, organizations need to calculate bandwidth requirements and consider network configuration to ensure call quality. In addition, organizations with remote workers need to provide a VPN to give them access to SIP trunks.
Cloud SIP trunks offer more flexibility. Unlike their traditional counterparts, it doesn't matter where end users are located to access cloud SIP trunks, and VPN access isn't required.
3. How can you support UC network security?
When supporting UC network security, the first step is knowing which security capabilities are available. Understanding what protection is available is vital to prevent hacker-triggered service outages.
Perimeter security for a UC network should include protections like firewalls that guard UC servers and session border controllers. IT teams should also consider admin protections, such as strong passwords and multifactor authentication, to protect access to UC network management controls.
UC application vulnerabilities may require additional IT support. Most vendors will provide software updates to fix any known problems. But these fixes may not update automatically. IT needs to monitor and update applications consistently to ensure vulnerabilities are addressed in a timely manner.
IT should also routinely review the organization's security strategy to ensure it covers all the necessary elements.
4. What E911 location-tracking requirements must VoIP meet?
The requirements for emergency calling services have changed as softphones and mobile devices become more common in organizations. The changes make sure that emergency services receive the correct location from VoIP calls or mobile devices. Enhanced 911 (E911) is a set of requirements that specifically address location tracking for mobile devices.
The Federal Communications Commission (FCC) requires devices like softphones to have an automated location information data set that provides the exact location of the caller. In addition, to meet FCC standards, VoIP service providers need to use public switched telephone networks.
Organizations should send out requests for information to VoIP providers to see what E911 options are available. In addition, organizations should reach out to 911 providers to check the local regulations for E911, in case they are more stringent in specific areas.
5. How do you mitigate VoIP security threats?
VoIP is vulnerable to several types of threats, including distributed DoS (DDoS) attacks, evil twin attacks and man-in-the-middle attacks. IT teams should have measures in place to defend VoIP systems if they face one of these attacks.
In most cases, a good firewall will prevent DDoS attacks from bombarding a VoIP system with massive amounts of data. To avoid evil twin attacks, which use look-alike access points to phish login information, IT should train users to avoid logging in on public hotspots and other unprotected public wireless networks.
To mitigate call jacking and man-in-the-middle attacks, organizations should use VPNs and encryption to prevent the interception of SIP traffic. In some cases, the simplest protection is best, such as training end users not to open suspicious links and attachments from unknown senders.