- Look at What You’ve Got: Take inventory of how many servers you have, what applications are running and what devices are connected to your network.
- Protect Inside and Out: Separate your data center from the rest of your IT environment with a next-gen firewall.
- Get the Full Picture: Implement a dashboard tool that presents all critical aspects of your data center and network security in a single location.
Unified Communications Security
The third piece to this puzzle is securing your Unified Communications (UC) infrastructure. This is often a much-overlooked area of security.
Phones used to run on a completely separate network. But, with the rise of voice over IP (VoIP), video, BYOD, webcasts, conference calls, smartphones, etc., everything runs over the same network as your data.
This means securing your UC infrastructure is just as critical as securing your network and data center.
Separate and Monitor
The first step to protecting your UC environment is to separate its traffic from the rest of your data. You can do this by creating a virtual local area network (VLAN) specifically for UC traffic.
When you have UC traffic separated, implement a next-gen firewall to monitor traffic going into and coming out of the VLAN. The size of your organization, and how much traffic it generates, will determine whether you need a virtual or physical firewall. A basic guideline is that any more than 20-30 people create enough traffic to create the need for a physical appliance(s).
When choosing a firewall, is important to remember that UC has different packet requirements than other traffic. With other traffic, it doesn’t matter in which order the data arrives. Website packets can arrive out of order and be pieced together to get a cohesive and comprehensible final product.
You can’t do that with a phone call. If the words arrive in a different order than they were spoken, the call is unintelligible. Make sure to choose a firewall for your UC that will work with the special packet and latency requirements of audio and video communications.
Endpoints are the Beginning
No organization that’s serious about security would leave endpoints such as laptops, desktops, servers or tablets unsecured. As we covered in the past two articles, these are all critical pieces in a holistic approach to IT security.
UC endpoints are no different. Your office phone is a mini computer with its own software, apps and network connection.
Since you wouldn’t just hand out a laptop without making sure it’s properly configured, updated and maintained, why would you with a phone?
Implement a system to track, monitor, configure and optimize UC endpoints. This includes not just desktop phones, but also smartboards, webcams and anything else in the Internet-of-Things that’s connected to a network. Doing so will ensure that critical security patches or other vulnerabilities are noted and patched before they can be exploited.
Get the Full Picture Part II
As with data center security, UC has a lot happening that’s not easily tied together in real time by a single security professional, or even a team of professionals. You need an automated dashboard tool to present all the critical aspects of your UC security in one location.
This tool can then be monitored and interpreted by human intelligence. If someone is on vacation and their phone is being accessed, you need to know that. The tool can trigger the alert and then your personnel can decide if it’s a security threat or if the employee is simply checking voicemail from the beach.
These UC professionals should also be interacting on a daily basis with other security staff. There is a tendency to have them isolated from the greater IT infrastructure, but this is a detriment to overall security. Get them involved and sharing information across channels.
Unified Communications is an important asset to any IT infrastructure. As remote work arrangements and real-time communications become a greater part of business, UC will grow in prominence. Don’t forget to protect it with the same level of security that you would any other important IT asset. Just remember that it has its own unique requirements.
UC Security In-Depth
Stay tuned for an in-depth, follow-up article that will address the details of trusting & securing endpoints, encrypting voice & video traffic, and accomplishing secure business to business (B2B) communications.
By Greg Kushto, Director, Security Force 3
How can we help your agency achieve its mission?
Maximize your IT investments. Learn more about solutions and services from Force 3.