NSA publishes guidelines for securing VoIP systems


 The US Secret Service NSA has published guidelines for securing Unified Communications (UC) and Voice and Video over IP (VoIP) systems. Organizations use such systems for video conferencing and instant messaging, among other things. The IP infrastructure that makes such systems possible also increases the attack surface and can create vulnerabilities that can eavesdrop on communications.


"Such vulnerabilities were more difficult to access in previous telephone systems, but now voice services and infrastructure are accessible to attackers who penetrate the IP network to eavesdrop on conversations, impersonate users, commit call fraud or cause denial of service," the NSA said. .


To secure UC and VoIP systems, the NSA provides all kinds of advice, guidelines and best practices in a new document ( pdf ). It focuses on four topics, namely preparing the network, the perimeter, the use of enterprise session controllers (ESCs) and adding UC/VoIP endpoints.


In concrete terms, this concerns advice such as the application of network segmentation, the timely installation of security updates, authentication, encryption of communication traffic and checking the security of systems that are connected to the network.

Previous Post Next Post