Boosting SIP Trunk Security: 5 Tips
Session Initiation Protocol (SIP) trunking remains a popular alternative to time division multiplexing (TDM) trunks as a cost-effective way to leverage VoIP services and pave the way for more sophisticated universal communications (UC) services such as real-time video conferencing or instant messaging. It’s not all good news, however — in addition to the security vulnerabilities of TDMs, SIP alternatives also come with unique challenges. Here are five critical tips to boost SIP trunk security.
Identify Encryption Options
Any data — voice, video or text message — that’s coming in over a SIP trunk or leaving your local network should be encrypted. Ideally, your SIP provider relies on transport layer security (TLS) protocols which mandate encryption, but in addition to how data is encrypted, companies need to consider what data is worth encrypting.
The easiest solution is to obscure signaling data so that malicious actors don’t know where information is heading. Although this offers some measure of protection, it doesn’t solve the problem of eavesdroppers; outside agents or even former employees who listen in on any SIP conversation they can find. Bottom line? If you’re using VoIP to run C-suite board meetings or send videos containing high-level corporate data, opt for secure real-time protocol (RTP) encryption for media payloads. Although more expensive than TLS, this kind of encryption could means the difference between secure conversations and missing data.
Single Out Your Carrier
Not all SIP trunks are created equal. Some come with big names but poor service, while others opt for low costs but minimal features, including advanced security. Part of the problem is a lack of unified SIP standards — the onus is on companies, not providers, to ensure their security needs are being met. As a result, it’s important to look for vendors that have not only excellent reputations but also the hardware infrastructure to back up security and performance claims. For example, some SIP providers offer last-mile ownership, a critical factor in quality service. Other, cloud-based alternatives come with the ability to scale up service and security on-demand, along with real-time vulnerability scanning.
Limit Access
Want to limit the risk of a SIP trunk security breach? Limit access. Use access control lists (ACLs) to specify which devices have access and under what conditions. As noted by Cisco, it’s also important to limit access to both internally and externally, since malicious actors can just as easily be located within your network as without. This means ensuring that departing employees have their SIP access revoked immediately upon termination and that all devices associated to them — such as desk phones, mobile devices and VoIP desktop applications — are removed from ACLs. It’s also a good idea to periodically “prune” these lists to remove devices that are no longer used, since they represent a potential point of failure. In addition, this kind of examination allows IT professionals to identify any unexpected devices in the network.
Opt for Interoperability
Before purchasing any SIP trunk system, it’s worth testing for interoperability with existing ITSP networks. Since most companies don’t start with a total corporate switchover to SIP-enabled VoIP, there’s a natural period of cohabitation in your organization — if SIP and ITSP solutions don’t play well together, a “grey area” develops between the two, which acts as a perfect staging ground for attackers.
Test, Test, Test
Boosting SIP trunk security also comes through rigorous testing. Even if you’re “sure” that a SIP service is secure, take the time to regularly test critical elements such as authentication, integrity and non-repudiation. Start with a login test: can the system be brute-forced to give up access? Next is integrity: are users on both ends of SIP calls or IMs getting the same message? Finally, make sure it’s possible to trace any call made by the system; blind spots are dangerous if your compliance procedures are audited.
SIP trunks are set to drive $4.4 billion worth of adoption this year and up to $8 billion by 2018, according to Infonetics Research. This growing market means a similar rise in malicious actors; boost SIP trunk security now and get ahead of potential breaches.
This is a guest/sponsored post by Sheldon Smith.
Author Bio:
Sheldon Smith is the Senior Product Manager at XO Communications, the industry-leading provider of unified communication services with a focus in network management and SIP related services. Sheldon has a very in-depth background when it comes to Unified Communications. Currently at XO Sheldon has overall product ownership of Hosted PBX and Conferencing.