Cisco Blogs

Protect Data Shared Through Unified Communications

March 21, 2012 - 0 Comments

Lock down your UC system to prevent the theft or loss of sensitive business information

Companies large and small have embraced VoIP (voice over IP) and unified communications (UC), and malicious parties are there, too. In fact, some research firms estimate that targeted attacks on VoIP infrastructure account for as much as one third of all attacks around the world, in part because companies haven’t secured their VoIP and UC systems as well as other online applications like email. Unauthorized persons can use holes in UC systems to sneak onto your network, access stored business data like sensitive customer information, or commit toll fraud.

UC applications, which are designed to let people share information quickly and easily, present another threat: leaking of sensitive corporate data. People can share Microsoft Word and PowerPoint files, graphics, videos, and more during an instant messaging or conferencing session. This data can be intercepted and stolen by hackers while in transit, especially if rigorous security measures haven’t been applied to the UC system. To protect your company’s information, you should ensure your UC system is as secure as the rest of your small business network.

Locking down your UC system

The security measures you take should be tailored to your UC infrastructure—both the applications you’re running and the network you’re running them on. First, consider moving your VoIP-based communications, including UC, to a SIP trunk, which connects your network to the local PSTN network. A SIP trunk uses the industry-standard SIP (Session Initiation Protocol) to enable real-time communications, like video, instant messaging, and IP voice. Using a SIP trunk allows for end-to-end IP communications and it can cut phone costs by carrying all your voice and data traffic on the same access line.

If you do use a SIP trunk, you should choose security networking equipment that supports the protocol. Choose one that is also designed to protect UC, such as the Cisco ASA 5500 Series Adaptive Security Appliance. The ASA 5500 protects your network infrastructure, IP endpoints like IP phones, and UC applications. It has a built-in firewall that supports SIP specifically, and it can help you enforce specific SIP security policies, such as preventing instant messaging over SIP. This security appliance also protects against attacks commonly made on UC systems, including denial-of-service (DoS) and protocol fuzzing attacks. It also prevents unauthorized access to UC applications with granular access control lists (ACLs).

It’s important to note that you don’t have to run UC on a SIP trunk to install a security appliance like the ASA 5500. It is designed to protect your business network no matter which communications protocols are on your network, including industry standards like SIP.

Second, apply voice and video encryption to your UC traffic. While encrypting data can slow down UC sessions (and you might have to bump up your network bandwidth to improve UC performance), it’s worth it. Encryption can prevent eavesdropping on UC conversations and make it much more difficult for data to be stolen.

Finally, adding a security appliance to your network defenses will boost security across your network. Many multifunction appliances also offer intrusion prevention and a VPN (virtual private network) along with content security.

What security measures have you taken to protect information shared over your UC system?

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.