Author discusses issue of eavesdropping on VOIP communications (read more at http://searchsecurity.techtarget.com/tip/VoIP-eavesdropping-Hardening-network-security-to-contain-VoIP-risks):
Every organization considering a Voice over Internet Protocol (VoIP) telephone system deployment hears the same dire warnings: "Routing voice calls over a data network exposes calls to eavesdropping."
While it’s certainly true that any telephone call carries a certain degree of eavesdropping risk, is it true that VoIP calls have an inherently higher degree of risk? In this tip, we explore the ins and outs of VoIP eavesdropping.
VoIP eavesdropping is possible
...
Switch security is essential
One of the most important things that network administrators can do to reduce VoIP risks such as eavesdropping is to apply basic security controls to network switches. While endpoint security is important, the network switch is the point where traffic is aggregated. Widespread eavesdropping attacks possible through the malicious use of a switch’s span port, which can mirror all traffic traversing the switch, as opposed to the voice traffic from a single endpoint.
Here are some switch management best practices that can help to protect this vital component of network infrastructure.
- It’s important to ensure the switch is physically secured within a locked closet and has the appropriate access controls. If an attacker is able to gain physical access to a switch, all bets are off.
- Organizations should use a separate network for the management of switches and other critical infrastructure devices. It shouldn’t be possible for an attacker who gains access to one general purpose network to attempt to gain access to the management port of a network device.
- Organizations must update switch firmware as frequently as possible in order to patch known vulnerabilities corrected by the vendor.
Naturally, there’s much more to secure switch management than this basic advice.
Encryption greatly mitigates VoIP risks
...