So far in our security series, we’ve explored best practices for securing your network and data center. A few of these included:

  • Look at What You’ve Got: Take inventory of how many servers you have, what applications are running and what devices are connected to your network.
  • Protect Inside and Out: Separate your data center from the rest of your IT environment with a next-gen firewall.
  • Get the Full Picture: Implement a dashboard tool that presents all critical aspects of your data center and network security in a single location.

Unified Communications Security

The third piece to this puzzle is securing your Unified Communications (UC) infrastructure. This is often a much-overlooked area of security.

Phones used to run on a completely separate network. But, with the rise of voice over IP (VoIP), video, BYOD, webcasts, conference calls, smartphones, etc., everything runs over the same network as your data.

This means securing your UC infrastructure is just as critical as securing your network and data center.

Separate and Monitor

The first step to protecting your UC environment is to separate its traffic from the rest of your data. You can do this by creating a virtual local area network (VLAN) specifically for UC traffic.

When you have UC traffic separated, implement a next-gen firewall to monitor traffic going into and coming out of the VLAN. The size of your organization, and how much traffic it generates, will determine whether you need a virtual or physical firewall. A basic guideline is that any more than 20-30 people create enough traffic to create the need for a physical appliance(s).

When choosing a firewall, is important to remember that UC has different packet requirements than other traffic. With other traffic, it doesn’t matter in which order the data arrives. Website packets can arrive out of order and be pieced together to get a cohesive and comprehensible final product.

You can’t do that with a phone call. If the words arrive in a different order than they were spoken, the call is unintelligible. Make sure to choose a firewall for your UC that will work with the special packet and latency requirements of audio and video communications.

Endpoints are the Beginning

No organization that’s serious about security would leave endpoints such as laptops, desktops, servers or tablets unsecured. As we covered in the past two articles, these are all critical pieces in a holistic approach to IT security.

UC endpoints are no different. Your office phone is a mini computer with its own software, apps and network connection.

Since you wouldn’t just hand out a laptop without making sure it’s properly configured, updated and maintained, why would you with a phone?

Implement a system to track, monitor, configure and optimize UC endpoints. This includes not just desktop phones, but also smartboards, webcams and anything else in the Internet-of-Things that’s connected to a network. Doing so will ensure that critical security patches or other vulnerabilities are noted and patched before they can be exploited.

Get the Full Picture Part II

As with data center security, UC has a lot happening that’s not easily tied together in real time by a single security professional, or even a team of professionals. You need an automated dashboard tool to present all the critical aspects of your UC security in one location.

This tool can then be monitored and interpreted by human intelligence. If someone is on vacation and their phone is being accessed, you need to know that. The tool can trigger the alert and then your personnel can decide if it’s a security threat or if the employee is simply checking voicemail from the beach.

These UC professionals should also be interacting on a daily basis with other security staff. There is a tendency to have them isolated from the greater IT infrastructure, but this is a detriment to overall security. Get them involved and sharing information across channels.

Unified Communications is an important asset to any IT infrastructure. As remote work arrangements and real-time communications become a greater part of business, UC will grow in prominence. Don’t forget to protect it with the same level of security that you would any other important IT asset. Just remember that it has its own unique requirements.

UC Security In-Depth

Stay tuned for an in-depth, follow-up article that will address the details of trusting & securing endpoints, encrypting voice & video traffic, and accomplishing secure business to business (B2B) communications.

By Greg Kushto, Director, Security Force 3

Related Blog Posts

See All Blogs

Keeping Your Agency Secure in the Cloud

Like it or not, no government is permanently safe from cyberthreats. The agencies that protect their citizen data the longest are the ones that best assess the risks facing them daily. It’s a situation that doesn’t change after organizations adopt…

GCN: Securing Data in the Cloud Requires Planning, Constant Vigilance

Government agencies know -- and have largely accepted the fact -- that moving to the cloud is inevitable. Where many start struggling is with the “how.”  How do they move legacy systems to the cloud? How do they choose the…

NextGov: It’s Time to Tackle the Problem of Unapproved Cloud Apps to Keep your Agency Secure

It’s a problem seen across all federal agencies: Employees are using cloud-based applications that aren’t approved or protected by IT teams. These apps range from sharing tools, such as cloud storage platforms, to social media sites or personal email accounts…

GCN: Why Blockchain Belongs in Government

Anyone with a finger on the pulse of the latest cybersecurity trends has probably noticed an increasing number of contributions to the blockchain conversation. The dialogue around blockchain, while loud, clear and growing, has been largely undirected for the past…

Federal Times: Can Industry Bridge the Government Cyber Skills Gap?

Federal agencies have until April 2019 to identify critical work roles and skill shortages in IT and cybersecurity as part of the Federal Cybersecurity Workforce Assessment Act. While this is a first step in determining a holistic approach to address…

CSO: Getting the Most out of Your Security Budget

There may be no more pressing need in today’s online world than quality cybersecurity, making it a top-line item for just about everyone. But even as the need builds, the salaries rise, and the expectations heighten, resources remain scarce. Security…

NextGov: The Time to Automate Security is Now

Cybersecurity threats are constantly evolving. Unfortunately, federal IT teams often find themselves low on resources, which means being proactive to combat them is a pipe dream. So how can leadership focus on strengthening their agency’s security posture when they spend…

CSO: Ways to Improve Your Security Team’s Response Time

When it comes to incident response, every second counts. The severity of breaches varies, but since damage done directly correlates to the time a malicious actor has access to your systems, it’s paramount that all threats are discovered and remediated…

3 Ways to Unleash the Power of Your Next-Generation Firewall

We more or less abandoned pagers more than 15 years ago. Fax machines have gone from ubiquity to near obsolescence. And floppy disks? Many of the most recent generation of tech users have never even held—let alone inserted—one. And yet,…

Cisco Live 2018: Vendor Opens Management Console to Partners

In this article for TechTarget, Force 3's VP of Client Solutions Jason Parry weighs in on the new opportunities arising from Cisco DNA Center. In Cisco's latest nod to software, the company has opened its Cisco DNA Center to developers,…

NextGov: How to Integrate TIC Security with the Federal Cloud-First Mandate

When the Trusted Internet Connections (TIC) initiative was first introduced more than a decade ago, the goal was to improve security in government IT systems by limiting the number of individual external network connections to the internet. Before implementing TIC security…

CSO: Security Metrics You Need for the Board

No one wants to show up to an important meeting empty-handed. But with so many analytics right at their fingertips, how can CSOs pick the right numbers to reflect their work? Here are three imperative security metrics to have in…

4 Cloud Collaboration Investments You Should be Making

Cloud migration is a top priority for federal agencies, making for a rising demand for As-a-Service offerings. Meanwhile, agencies are still trying to plan and budget for cloud strategies, often from scratch. This creates a unique challenge for federal IT teams:…

Preventing Ransomware Attacks the Right Way

Ransomware attacks continue to be a major threat with no sign of slowing down. Here are some lessons organizations can learn from federal agencies to better prevent them. While ransomware is hardly a new threat, it’s far from being obsolete.…

Anomaly Detection: Stop Threats Before They Hit Your Network

In today’s IT environment, endpoint monitoring is fairly standard procedure. Most organizations have at least some sort of system in place allowing them to collect network monitor firewalls and collect network usage data to for network anomaly detection. But, by…

5 Reasons Why Vulnerability Management Is No Longer Optional

For agencies determined to create the most effective network security strategy possible, vulnerability management is no longer optional—it’s a necessity.  If there’s anything we’ve learned in recent years, it’s that cyber threats just keep coming. Thwart one and a new…

Best Practices for Thwarting Insider Threats

Testing the excerpt override field.

Dark Reading: 3 Tips to Keep Cybersecurity Front & Center

In today’s environment, a focus on cybersecurity isn’t a luxury. It’s a necessity, and making sure that focus is achieved starts with the company’s culture. For IT departments — especially in large organizations — daily operations are complex, multifaceted, and…

IoT & The Intelligent Edge: Defending Outside The Firewall

The Internet of Things, though still evolving, has pushed its way into the workplace. The result? CSOs are working overtime to keep up. What’s the protocol for these connected devices, and how do they fit into the existing security infrastructure?…

GCN: The Hidden Challenges of Federal IT Modernization

In the next three years, an estimated $3 billion worth of federal IT equipment will reach end-of-life status, according to former U.S. Federal CIO Tony Scott. It’s an intimidating number, and one that indicates just how far-reaching the need is…

IoT in Federal: From Concept to Reality and Risk

The way we reconcile our security concerns with IoT’s inevitable integration will determine whether the revolution upgrades our lives or creates chaos.  Remember when the Internet of Things was more concept than reality? Those days are long gone. Demand for…

Stealthwatch vs. Insider Threats

In an evermore threatening cybersecurity landscape, how can organizations protect themselves from one of the greatest security risks of all: The Insider Threat. Did you know? 66% of cyber attacks in 2015 were carried out by insiders. 74% of organizations…

Insider threats: 4 vulnerabilities you’re missing

Here are four insider threat vulnerabilities that are undervalued and what we can do about them.

NextGov: How Endpoint Security Helps Secure Humans

Humans: We’re impulsive, we’re fallible, we make bad decisions, and sometimes we do so on purpose. And yet, when it comes to cybersecurity, we too often focus on securing the network, without fully considering the role of the actual network…

Beyond Prevention: Cisco’s Next-Generation Endpoint Security

When it comes to endpoint security, Advanced Malware Protection is critical. The only way to defeat today’s security threats is to address them holistically across the full attack continuum—before, during and after an attack. The Cisco approach of continuous endpoint…

Endpoint Security is Critical for Malware Protection

A layered defense strategy has long been a core tenet of information security. But with cyber threats rising and exploits growing more diverse, it’s now more critical than ever that IT security teams incorporate a range of detection and remediation…

Greg Kushto: Keeping former employees off agency networks

With the buyouts and early retirements occurring these days, some agencies may be parting ways with a fair number of employees. If that’s the case at your agency, you’ll want to make sure that once those employees separate, they’re no…

User Awareness Solidifies Endpoint Security

"With solid solutions in place, a virus or piece of malware has to navigate a complex series of obstacles before getting anywhere near your network. But without user awareness, none of the above will ever be enough."  Pete Burke, security and…

Stopping Modern Malware Takes More Than Antivirus

  Imagine you own a mansion full of priceless antiques, high-end appliances and expensive jewelry, on a highly trafficked street. While the majority of passersby simply want to get from point A to point B, you realize that a few…

Holy Threat Intelligence, AMPman! We Need Endpoint Security!

It started in 1971, with a relatively harmless virus called Creeper. Creeper was quickly defeated with a rival program called reaper, which simply deleted the virus: Case closed. But in the years that followed, malware (and the hackers who wield…

How can we help your agency achieve its mission?

Maximize your IT investments. Learn more about solutions and services from Force 3.