There are countless benefits to signing up for a Hosted PBX. You could benefit from cost savings and a significant leap forward in your organization's flexibility and scalability. You will unify your voice, video, fax, email, chat and other communications, gain integration with your applications and enjoy better management control over your phone system than you ever would have with the old one. For most businesses, it doesn't take long to look over what they have to gain from signing up for an IP Hosted PBX.
But there are few reasons why some businesses haven't rushed to adopt IP Hosted PBX technology. One of them is the fear the potentially unknown security problems often associated with IP-based telephony. While these security concerns are understandable, they can be addressed with the right planning and configuration, we would like to remove the "fear of unknown" element from them by elaborating on most commonly recognized security threats.
The Most Common Problem With IP PBX Hacking
Working with a business that performs important communication work every day it's natural to feel the number one problem associated with IP PBX hacking lies in someone else finding, and potentially selling, vital company communications. If you work in an organization that handles sensitive information, such as medical data, than this is a very real, and very legitimate, security and compliance concern.
However, most businesses aren't routinely handling highly sensitive information. Sure, if some of your less tactful emails went public you might experience some embarrassment, but overall most businesses aren't going to suffer a lot of damage, either to their reputation or to their client base, if a couple of internal memos slipped through.
No, the real problem with IP PBX hacking lies in malicious individuals cracking into your system in order to make fraudulent calls using your account otherwise known as "phreaking". Most of the time hackers aren't going to use your account to make their own personal calls. Most of the time hackers aren't interested in the outcome of the calls they make using your account at all. Instead, most of the time hackers are just looking to cause mischief, and when they break into IP PBX accounts this mischief takes the form of thousands, if not tens of thousands of dollars worth of illegitimate calls.
The primary problem with IP PBX hacking is impersonal by nature. It has very little to do with privacy, and a whole lot to do with protecting your bottom line. Which means IP PBX hacking isn't a problem for the small number of businesses handling truly sensitive information- it's a problem for any business looking to prevent a wholesale hijacking of their bank account.
Is IP PBX Protection Possible?
Yes, though you need to be very intentional with how you set up your system. Steps you can take include:
Isolating VoIP traffic by partitioning off multiple different components within your virtual LAN. Many modern phones compatible with these systems offer a quick and convenient Layer 2 network switch that pulls apart voice and data traffic, allowing a proper connection without opening up to potential data leakage.Enabling a firewall on your PBX (most of them come with one these days) and requiring a VPN tunnel in order to establish an IP connection from unknown sources of IP addresses will significantly improve your security. The fewer direct entrances to your IP PBX from unknown sources, the better you can guard them and the less likely your system will develop an unnoticed, and easily exploitable, hole in its defences.
Secure your phones. Make sure your hardware phones don't have a web interface enabled on them. Hacking through the unprotected web interfaces is the simplest and most effective way to impersonate a legitimate connection to your Hosted PBX by supplying SIP secret that is stored in your handset. If you choose to leave the web interface on for your VoIP phone enabled - change your password to something only you will remember!
When using a web interface to manage your Hosted PBX, do NOT run rely on the default configuration settings within your system and then leave them alone. Custom configuration settings are much harder to mimic, whereas hackers have intimate knowledge of default settings and can emulate or exploit them with ease.
As you can see, none of these security solutions are particularly complicated, but they do need to be implemented properly, and they work best when they're put in place as soon as you set up your IP Hosted PBX. The sooner you beef up your system's security, the less likely it will encounter a potentially costly security problem.
Sam Rozenfeld runs DLS Internet Services and shares his insights into different aspects of the business VoIP service providers. He shares his thoughts and prospective on how hosted PBX and Unified Communications are being adopted by business community. Go to http://www.TelephonyYourWay.com/blog to see more.
0 comments:
Post a Comment