VOIP Security in 2020 – How to Defend Your Right For a Defensive Telephony Network

When seeking for SIP Trunks, or “Cloud PBX” or “Cloud Phone systems”, they are mostly provided by an Internet Telephony Service Provider known as an ITSP, believe it or not. Some coaxial ISPs like Comcast Business, Charter/Spectrum or Cox will also bundle this for their “Business Class” offerings. SIP would not work to scale on DSL, better on bonded T1 lines. While the Internet (the data/web) is considered to be Title II of the FCC regulations, the FCC has put some conditions to VOIP service providers. Your freedoms are not well as celebrated in theory like the ol Part 68/Carterfone ruling; because of the provisions the FCC put in as well as Kari’s Law for Enhanced 9-1-1 services (let’s not touch that anymore.)

I acquired these Polycom phones from a local business that was relocating. I grabbed them without really the intent of actually using them because it’s Polycom and it’s VOIP and the two together is an oxymoron, because I started to realize how bad SIP was. What’s concerning was when I took these phones, I realized they were connected directly to Comcast Business, and while today IP Polycoms are in the mainstream, the lack of any firewall protection is concerning for the overall security.

As a customer (and not a consumer); you can throw-away-the-script by using phrases like

“How are these phones going to connect with my existing network?

“What concerns should I have with security?”

“Wait, I am responsible for something right?”

“I have a SIP Proxy being implemented, and my ‘IT Manager*’ telling me we need this interconnected or we’re done!”

*he doesn’t exist because the person that’s talking, has a part time IT manager in their role!

The best way of scoring deals is to do reversed-sales tactics, and go on the offense as your best defense. Put the sales person in the call center into the fetal position (ok that’s too far) but in a way to get a higher up so then you’re holding the sales person at the ISP or ITSP accountable. This is how customer service used to be, then they went “consumer” (or dumbed-it-down) to then force the customer, the not so well versed communicated type to do anything the enterprise class ISP would tell ’em to do.

Even better, throw a Service Level Agreement to ensure if the imaginary lines go down in the packetwaves, that you can get credited in the next billing cycle for loss of potential revenue. Make sure you can reproduce the problem so you can ensure you did your part.

#