The Biggest UC Threats and How to Protect Yourself
UC holds a bounty of benefits for your company, but that doesn't mean it doesn't come with certain threats. Find out the biggest UC threats now.
UC holds a bounty of benefits for your company. As its name suggests, it unifies all your businesses communications tools on one platform. A good UC platform paves the way for collaboration. Just think of all the tools your employees use every day. On any given day those onsite respond to customers’ calls on theirphones and read their email on desktop computers.
Remote workers make appointments on their cellphones and use instant messaging to follow up and confirm them. Rather than bring clients or vendors into the office, you make use of file sharing solutions and video conferencing tools like Skype or Go to Meeting.
Like a big box store, UC provides one-stop shopping for all these communications. But like a big box store businesses, UC must be on their guard for interlopers with malicious intent mingling with the crowd.
UC and the need for added security
As more and more companies adopt unified communications, they also open themselves up to security risks. The more mainstream UC becomes, the more the need to secure it. And the more well-known it becomes, the more it tempts hackers. So, with incidences of data breaches on the rise, it becomes ever more crucial to secure all portals through which data pass.
Addressing UC threats one by one
Securing unified communications calls for all the measures you would take to secure any IP-based network. But bear in mind that UC is a collection of networking technologies, VoIP, IM, presence, peer-to-peer collaboration. As such, the key is to treat each as a separate entity, while addressing its vulnerabilities.
Instant messaging, when implemented in a controlled manner, works very well. But when left unregulated, IM can open up huge cracks in security. This is especially true when it is left up to workers to use their own devices and IM software.
IM can expose a network to spam and viruses. It also has the potential to be a vehicle for exposing sensitive information. Amplify these dangers by the fact that many IM applications are specifically designed to circumvent security. They search for open firewall portals and use them rather than following secure IM traffic routes. Some IM clients communicate with public servers that routinely change their IP address to circumvent organizations’ attempts to block them.
- Businesses should use their own IM servers.
- Admin needs to implement controls on employee choices of IM software. After thoroughly vetting solutions, they should issue lists of approved IM products. It also helps to revisit the subject often and establish consequences for using unapproved software.
Vulnerabilities in VoIP protocol present two possible risks, eavesdropping and data network exploitation. This type of eavesdropping goes way beyond an interloper listening in on a single conversation. If he can intercept the data stream at the right location, he can capture all the packets flowing through the wire. This means is he can replay and listen in on every conversation that took place for the duration of the capture.
The easiest thing to do is to encrypt all VoIP traffic. Even if hackers manage to get their hands on the data, the calls will still be secure.
UC requires SIP trunking which replaces the conventional telephone trunk with the internet. It allows enterprises to use a single line to communicate via voice, data, or video with contacts worldwide. By doing so, it also creates a vehicle for attacking enterprise phone systems.
In other types of VoIP architecture, theserves as a firewall isolating the phone system from the internet. Therefore, the risk of attack is low. But SIP trunking increases risks by opening the enterprise system to IP-based attacks.
Install session border controllers, SIP-aware firewalls, or both.
The bottom line
United Communications, like everything else, comes with its advantages and its disadvantages. In addition to the above threats, UC managers need to concern themselves with insidious attacks resulting in Denial of Service and toll fraud. Whether it’s the CIO, systems integrator or security engineer overseeing UC, the best precaution is to be aware of the threats. The next step is to head them off at the pass.