VoIP telephony data is sent using VoIP RTP over public internet.
In case that customer announces sensitive personal data over CYPRUS P.B.X service, is responsible to inform CYPRUS P.B.X about this and asks from CYPRUS P.B.X to use secure RTP for VoIP. This will increase the delay because of data encoding and decoding.
CYPRUS P.B.X Security Recommendations
- Separate voice and data on logically different networks if feasible. Different subnets with separate RFC 1918 address blocks should be used for voice and data traffic, with separate DHCP servers for each, to ease the incorporation of intrusion detection and VOIP firewall protection. CYPRUS PBX recommends having the telephony connected directly to the ISP (Internet Service Provider) CPE.
- Use strong authentication and access control on the voice gateway system, as with any other critical network component. For that reason CYPRUS PBX uses authentication passwords of 15 characters long, including lower case, upper case letters and numbers.
- CYPRUS P.B.X telephony servers are hosted in local providers’ data centres, ensuring all security that a local provider offers.
- No physical access to VOIP servers and gateways is allowed through local network. This ensures that an internal attacker will not be able to perform any traffic analysis
If mobile units are to be integrated with the VOIP system, use products implementing WiFi Protected Access (WPA), rather than 802.11 Wired Equivalent Privacy (WEP), since WEP can be cracked easily using publicly available software.