Chapter 10. AUDITING VOIP FOR SECURITY BEST PRACTICES

Auditing VoIP networks is an important step in securing them. In most VoIP networks, there are many moving parts that may have a negative effect on security. For example, the use of strong session security may be negated by poor media security. Furthermore, encrypted media communication may be invalidated if session setup protocols send the encryption key in cleartext. Each aspect of VoIP, including the network, devices, software, and protocols, should be analyzed in terms of security. A poor security setting on one entity can affect the strong security of others. Auditing VoIP networks, identifying security gaps, and then implementing solutions that mitigate exposed risk is often the best approach.

Auditing VoIP networks for security is a good first step in understanding the risk of the network infrastructure and its components. If gaps are not identified in a given network, remedying issues, tracking progress, and moving toward a strong security model for voice communication will be very difficult. This chapter will focus on auditing VoIP networks for proper security settings and controls. Additionally, the best practices for securing VoIP entities will be discussed.