Often Overlooked: PBX and Voice Security in a Networked World

My goal is to bring you up to speed on some of the common risks and specific attacks/countermeasures associated with voice systems. This paper assumes some familiarity with basic PBX terminology and architecture. If you would like a primer, Brian Waldrop has written an excellent SANS article including pbx overviews, history, and common terms that can be found in the SANS Reading Room. As I have researched this topic, I felt there was a noticeable gap for a resource that pulled information on securing voice systems together in one place. My goal is to provide a concise, but informative summary of voice security for a typical security administrator or manager to quickly review and act upon. Accordingly, I have assembled a checklist of what I feel every security professional needs to take into account when pulling voice systems under their security umbrella. My hope is that this list will serve as a basis for other security professionals to build and expand upon as they learn more about voice security in our networked world.