Traditional PBX Systems
- Know the PBX architecture model: PSTN over trunks to PBX (or gateway) to lines connecting stations and other devices. VoIP solutions may not be as far away from this architecture as you think and you need to understand the architecture to assess risk.
- Features are the value-add for a PBX; the way your organization uses them will either add risks or mitigate risks. Know your features.
- Change the default settings. Most PBX or adjunct systems that are compromised are exploited by weak or default passwords
- Make backups! Keeping up-to-date backups of your phone system are just as important as it is on your computer network.
PBX Alternatives
- Key Telephone Systems, Centrex, IP Centrex, and Host IP solutions are alternatives to PBX systems that send more of the switching intelligence offsite.
- These alternatives can simplify deployment and security considerations but at the cost of flexibility and overall capability.
VoIP Telephony and Infrastructure
- Huge differences exist between media servers and media gateways from different vendors. Know what class of device your organization plans to deploy so you can help develop an appropriate risk profile and mitigation plan.
- Boundary traversal for VoIP will require special attention and can be handled through proxies or application-layer gateways within firewalls.
- Enable WPA2 security on wireless access points and VoIP devices and consider 802.1x authentication. These devices will not have encryption or authentication turned on by default and you will need to set up supporting infrastructure.
- Make sure you’ve got enough raw power, cooling, and UPS systems in place to safe guard mission-critical systems. Don’t forget that availability is a security concern!
1 comment:
thank you for the post , visit us for
best telephone solution for business
Post a Comment