College】 【weak to defend thirteen VoIP network security essentials.

<br> <BR> VoIP refers to the use of the Internet protocol network, the implementation of voice transmission, which represents the Internet Protocol IP, which is the backbone of the Internet, the Internet protocol can e-mail, instant messaging and web transfer to adult .thousands of PC or mobile phone. .Some people say it is the telecommunications killer, it is also a revolutionary factor in international affairs. .In short touted many. .But, perhaps, when you use this service, perhaps there was a hacker to steal your personal information and even destroy your network out. .<BR> <BR> All of the data network attacks are likely to affect the VoIP network, such as viruses, spam, illegal intrusion, DoS, hijacking phone, eavesdropping, sniffing and other data. .The only difference is, we are more willing to take some of the ways to protect other network. .For VoIP, but few have any specific method. .In fact, the only defense we have to take some methods to obtain the skills, the real success is possible. .<BR> <BR> Following the essentials of VoIP can defend: <BR> <BR> 1, limit all of the VoIP data can only be transferred to a VLAN on the <BR> <BR> Cisco voice and data, respectively, proposed by VLAN, .This helps in order of priority to handle voice and data. .VLAN also contribute to defense costs by fraud, DoS attacks, eavesdropping, hijacking and communications. .VLAN operation the user's computer division to form an effective closed circle, it does not allow any other computer access to its equipment, which will prevent a computer attacks, VoIP network also quite safe; even under attack, the loss will .to a minimum. .<BR> <BR> 2, monitor and track the VoIP network communication mode <BR> <BR> monitoring tools and intrusion detection systems can help identify those who attempt to invade VoIP network. .Careful observation of VoIP logs can help find things that are not standards, such as unexplained or international telephone company or organization of the basic non-contact international calls, multiple login attempts to crack the code, voice soared and so on. .<BR> <BR> 3, defend the VoIP server <BR> <BR> effective approach must be taken to ensure the security of the server in order to defend itself from internal or external intruders to intercept data by sniffing skills. .Because VoIP phone has a fixed IP address and MAC address, an attacker easy to sneak accordingly. .Recommended to limit the IP and MAC addresses, VoIP systems do not allow random access to the super user interface, and before the establishment of the SIP gateway firewall to another channel, this will limit to some extent, the intrusion of the network system. .<BR> <BR> 4, the use of multiple encryption <BR> <BR> only to the transmitted data packet encryption is not enough, the phone signals to the implementation of all encryption. .Encryption to prevent interception of voice audio into the user's session. .In this regard, SRTP protocol to-end communication encryption, TLS to encrypt the entire communication process. .Should be through the gateway, network, host, provide a strong security level to support voice traffic encryption. .<BR> <BR> 5, to establish VoIP network redundancy <BR> <BR> may be ready to be exposed to viruses, DoS attacks, they may lead to network paralysis. .Building the ability to configure multiple nodes, gateways, servers, power and call router network and Internet with more than one supplier. .Regular tests on the implementation of various network systems to ensure that its work well, when the main service network paralysis, high-speed backup facilities can take over. .<BR> <BR> 6, placed the device behind a firewall <BR> <BR> establish separate firewall, so that the border through the VLAN is limited to the available communication protocols. .<BR> <BR> Case of infected clients, this will prevent viruses, Trojans spread to the server. .Establishment of separate firewall, system security policy will become the basic maintenance. .When required, you must properly configure the firewall to open or close some ports. .<BR> <BR> 7, regularly update patch <BR> <BR> VoIP network security, not only depends on the underlying operating system and relies on the use of software running on it. .VoIP used to keep operating system and software patches to update the program or infectious process against malicious code is very essential. .<BR> <BR> 8, separate from the internal network and the Internet <BR> <BR> the telephone management systems and network systems placed outside the direct access to the Internet is a good choice, voice services will be placed with other servers .phase separation of the domain, and to limit their access. .<BR> <BR> 9, the soft terminal phone (softphone) to minimize the use of the terminal <BR> <BR> VoIP soft phone vulnerable to computer hackers, even if it is behind a firewall in the company, because this kind of thing is common .the PC, VoIP software, and a pair of headphones with the use. .Moreover, the soft phone and did not end voice and data separately, so vulnerable to viruses and worms. .<BR> <BR> 10, periodically review the implementation of security <BR> <BR> for power users and general users can check the implementation of activities found some doubts. .Number of "phishing" attempts can be prevented, spam can be filtered, the intruder can be blocked. .<BR> <BR> 11, for the actual implementation of the safety assessment of <BR> <BR> to make sure that only authenticated devices and users can access those through the Ethernet port limits. .Administrators are often deceived those who have not been granted access permission request for the soft phone terminal, because hackers can easily by inserting the RJ44 port IP address and MAC address of imitation. .<BR> <BR> 12, to provide digital security certificates used <BR> <BR> If the IP phone business operators to provide certificates to perform authentication on the device, the user basically can be sure that their communications are safe and will not broadcast .to other devices. .<BR> <BR> 13, <BR> <BR> secure the gateway to configure the gateway, so that those that only allow the users can play or receive VoIP phone, through the identification of those listed and approved users, which .can ensure that other people can not fight no cost phone line is busy. .Through the SPI firewall, use the layer gateways, network address translation tools, SIP for VoIP soft clients a combination of support, to defend the gateway and in the subsequent local area network. .<BR>.