As organizations started relying more on unified communications, the management of voice, video and messaging through one unified system has developed concern about the security of this IP-based communications infrastructure. This has happened due to the fact that UC is IP-based but there are so many potential modes of communication, from video, instant messaging and Web collaboration to presence, e-mail and voice mail. With time we find that the situation has developed proliferation of mobile devices that are being used more frequently in the business environments and devices that are not as secure as those housed in the business environment organization (Manyika, Chui, Brown, Bughin, Dobbs, Roxburgh, & Byers, 2011).
The most security concern in UC is eavesdropping. This is the idea that external parties can infiltrate the IP connection to eavesdrop on a Web conference, receive instant message exchange or other communication medium. Therefore, the biggest concern is when organizations extend their UC capabilities beyond boundaries that is to the external partners. Additionally, SIP trunking is another service that allows organizations to use voice over IP through the Internet connection. This has created a lot of concern when the organization moves from a digital connection to an IP-based connection so as to receive and make phone calls concerning hacking raises. The best way to mitigate this concern is to make sure that the system includes SIP-aware firewalls or session border control as the protective mechanisms. In addition to this, there are many products in the SIP security market that will help mitigate risks.
Another growing concern is denial of service this is an attack method most often identified with the Internet although it has become a growing threatto UC. This has caused the proliferation of mobile devices in the workforce that has caused the newest entrant into the UC infrastructure. With this, there is a valuable addition, allowing workers to participate in meetings and collaborative activities from wherever they are, but they also present challenges. In most organizations, it allows employees to use their own cell phones, for instance, there is worry about protection of password as well as how to wipe the data from the phone when it is lost, and how to make sure call data records aren’t compromised.
For the device, best practices include shutting down unused services and ports and changing default passwords. For the network, best practices include deploying firewalls, router access control lists, virtual local-area networks, port-level switch security and authenticated network access. Securely authenticate all mobile users of organizational assets. Implement remote security management. Implement end-to-end message and data encryption. Install remote device lock and remote device kill in case of theft or loss.
Other proactive moves include implementing host- and network-based intrusion detection and intrusion prevention systems or proxy servers to protect SIP trunking. Although, security for UC has come a long way in the past few years, it is getting better. The SIP security capabilities is not only much improved, but there is a lot of interest around security certificate authentication mechanisms. With this in place, users placing a call over an IP network would be able to validate the identity of the person on the other end (Bradley, & Shah, 2010).