Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

NSA Releases Guidance for Securing Enterprise Communication Systems

The NSA on Thursday released guidance to help organizations secure their communication systems, specifically Unified Communications (UC) and Voice and Video over IP (VVoIP).

UC and VVoIP are call-processing systems that are used for communications and collaboration by many enterprises, including government agencies and their contractors.

The NSA on Thursday released guidance to help organizations secure their communication systems, specifically Unified Communications (UC) and Voice and Video over IP (VVoIP).

UC and VVoIP are call-processing systems that are used for communications and collaboration by many enterprises, including government agencies and their contractors.

The NSA has warned that if these systems are not properly secured, they are exposed to the same risks as IP systems, including software vulnerabilities and various types of malware. Threat actors could abuse such systems to impersonate users, eavesdrop on conversations, cause disruptions, and conduct fraud.

In an effort to help organizations secure UC and VVoIP systems, the NSA has released a 43-page guide that describes network, perimeter, enterprise session controller, and endpoint security best practices and mitigations.

The intelligence agency has also made available a 7-page information sheet that summarizes the guide.

The NSA’s recommendations include using VLANs to separate UC/VVoIP systems from the data network, implementing layer 2 protections, ensuring that all UC/VVoIP connections are authenticated, ensuring that systems are patched, authenticating and encrypting signaling and media traffic, using fraud detection solutions, implementing mechanisms for preventing DoS attacks, ensuring that systems are physically secure, and performing tests before adding new devices to operational networks.

“Taking advantage of the benefits of a UC/VVoIP system, such as cost savings in operations or advanced call processing, comes with the potential for additional risk,” the NSA said. “A UC/VVoIP system introduces new potential security vulnerabilities. Understand the types of vulnerabilities and mitigations to better secure your UC/VVoIP deployment.”

The NSA has released many guides and advisories over the past year in an effort to help public and private sector organizations protect their systems against cyber threats.

Advertisement. Scroll to continue reading.

Guidance released by the agency includes securing IT-OT connectivity, adopting zero trust security, securing IPsec VPNs, work-from-home recommendations, and implementing Protective DNS.

Related: NSA Lists 25 Vulnerabilities Currently Targeted by Chinese State-Sponsored Hackers

Related: NSA: Russian Hackers Exploiting VPN Vulnerabilities – Patch Immediately

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...