Our  VoIP and Network Security Methods

Primitive methods are best. The above diagram is how we separate voice and data networks for fault tolerance and security.

  • Separate Ethernet cabling increase communication reliability. Separation allows you to call your IT people and say “our Internet phones work but our network does not”
  • Separate Ethernet cabling increases security. Your PC data does not pass through a Chinese phone.

Most other companies choose to use one Ethernet cable “to save on cabling costs”. Companies come to us for telecommunications security. Below is how we secure VoIP communications.

 National VoIP FirmsInfotel Systems
LANPhone and Computer share one Ethernet cable and one switch.We install separate voice cabling to physically isolate the voice and data networks.
VOICE ENCRYPTIONNo. Just unpack the phone and plug it in.Yes. We install a voice encryption router at your premise.
CARRIER HOTELS90% of "Nationals" are on the West Coast. VoIP traffic goes through 3rd party "carrier hotels" that hand off from one carrier to another.Your conversation NEVER leaves your Internet carrier (Verizon, Comcast, Cox). We are co-located with Verizon and one mile from the Comcast RVA hub. We call this "close cloud" , we are simply close to you Richmond.
PHONE PROVISIONINGUses "Zero touch" install. Out of box phone first contacts a China provisioning server that registers your phone's ID and your business Internet IP address. We use our own provisioning server in our data center. We never register phone with China. It never contacts China. It's more work.
SERVER ISOLATIONHuge virtualized servers. A server hack to one customer can provide a "vector" to other customers on that same server.We don't do this and otherwise, no comment.
VOICE RECORDINGSStored on hosted servers. This was the data breach with BroadvoiceWe offer on site "tap and store" of recordings. The data never leaves your premise.

Here are just a few of the major data breaches in recent history

YearCompanyBreach (Entry) PointDamage
2014Target Stores3rd party HVAC vendor's server40 million credit cards numbers compromised
2019Broadvoice Shared Voicemail server200,000 voicemail transcripts, customer data, etc
2020Solar WindsSoftware Update affected all who downloaded it Data breach of government servers including Department of Treasury and Commerce

Old Phone Service Was Secure, Some VOIP Systems Are Not

Your old phone system used analog lines.  Analog is also known as (POTS) Plain Old Telephone Service. POTS has been a  standard since Alexander Graham Bell.  Many considered “POTS” impervious to hacking. Yet, most VoIP phone systems use unsecured Internet connections connected to your data network. VoIP provider Vonage states on this web page “.. do not use VoIP … use analog telephone lines instead as they are just harder to tap and extract the data from”

The Risk of Unsecured Voice – PCI (credit card) Example

Consider a sales person taking a credit card over your new Voice over Internet (VoIP) telephone system. The system does not feature VoIP audio encryption.  Thus, the system fails the PCI 3.0 VoIP security requirement as ratified in November 2018. Therefore, you are subject to these fines. https://www.google.com/search?q=pci+fines

Articles on VoIP hacks

 

Industry Standards Security Review

  • HIPAA requires voicemails, audio recordings and call reports to be protected. Unlike national providers, we can provide on premise audio recordings storage for the ultimate in compliance.
  • PCI Telephone system VoIP security rules  . We encrypt all VoIP traffic.
  • FIRNA rule 4370 recommends business continuity systems such as 4G internet backup when Comcast fails. Rule 3170 covers voice recordings.
  • NIST standards for VoIP security recommend separation of voice and data networks. A national VoIP company that ships phones in a box may not comply.
  • SOX reflects NIST standards for data network protection.

hippa-pci-finra-sox-nist-voip-security

Free Consult, Call 804-266-6600 or solutions@infotelsystems.com