Question on providing security for VoIP System

osmhquser · ‎04-15-2010

One of our field offices currently has VoIP setup within their local office. This office has a firewall. We are having to remove the firewall (per our CIO) so that the users (systems) no longer sit behind the firewall. However, the site admins have concerns that since they have to remove the firewall, they feel their VoIP system(s) Call Manager / Voicemail will have no protection from the other field offices. What options do they have with the VoIP system once the firewall is removed. The only thing I could think of is creating an acl on the ports the VoIP systems is connected to. They'll also have an IDS that sits right behind the their site router.

Attached is a before & after.

Thx in advance for any assistance provided.

Panos Kampanakis · ‎04-16-2010

Locking down ports provides security for traffic in general.

It depends on what concerns you have. If you are afraid that voice traffic will be eavesdropped you can use a VPN to encrypt it as long as you can do VPN with the remote offices.

If you are worrying about outsider's getting access to your call manager don't open the call manager management ports from the outside.

Also with a router you can do Firewalling pretty well to limit amount of connections towards the call manager etc.

I hope it helps.

PK