Tactical Advice

How to Secure a UC System

These tips will help protect a unified communications system against threats from the Internet and other networks.
How to Secure a UC System

A unified communications system provides a single interface for voice communication, e-mail, instant messaging/chat services, video conferencing and other communications mechanisms. Although UC systems provide a number of benefits, they also introduce new security risks that organizations must mitigate to avoid unnecessary compromises and damage. These risks largely involve making resources available through data networks that used to be on separate voice and video networks.

Fortunately, some standard security practices can adequately protect UC systems against threats from the Internet and other networks.

1. Focus on vulnerability and threat management.

A UC system contains many client and server software components. Each of these components may be attacked and potentially exploited to gain access to sensitive information, such as voicemail and e-mail, or to serve as a stepping stone for attacking other systems. It’s critically important that organizations keep their UC system components fully up to date with all operating system and application patches — particularly for the UC applications themselves — as part of vulnerability management. This will eliminate known software flaw vulnerabilities and reduce attackers’ opportunities to compromise UC system components.

A strong complement to vulnerability management is threat management. One of the most common security controls for threat management is antivirus software. Organizations should ensure that their UC system components that are vulnerable to malware attacks are protected through installed, activated and fully up to date antivirus software. This software should be updated as frequently as possible, perhaps multiple times a day, to help the system thwart the latest threats against it.

2. Control internal and external network access.

One of the distinguishing features of a UC system is that it unifies several communication mechanisms over a single network. Accordingly, organizations must protect these network communications from eavesdroppers, denial of service attacks and other threats that could disrupt or expose an organization’s sensitive communications.

Accomplishing this protection involves a variety of security controls. On the organization’s internal networks, traffic encryption should be used to prevent users from eavesdropping on each other’s communications. Organizations should also configure their internal networks to respect Quality of Service constraints, so that latency-intolerant communications such as voice and video have adequate bandwidth reserved to support their availability. Organizations should also employ firewalls and other packet-filtering technologies to shield their UC systems from denial of service and other attacks.

3. Deploy strong authentication for remote users.

Remote users may expect to employ rather weak authentication methods, such as personal identification numbers (PINs), to gain access to their UC resources because they’ve been permitted to do this in the past to access voicemail services. However, this authentication mechanism is often too dangerous for organizations to condone for UC because the UC system provides access to so many resources through one entry point, and a four-digit PIN simply does not provide adequate protection for all of those resources.

Organizations should consider implementing strong authentication mechanisms for remote users to access their UC resources. At a minimum, organizations should employ a strong password, preferably more of a passphrase, and require it to be changed frequently. However, many organizations have decided that all remote access necessitates multifactor authentication because of the relative weakness of single-factor authentication and its susceptibility to compromise. These organizations should consider using passwords alongside cryptographic tokens, biometrics or other “something you have” and “something you are” authentication factors to achieve strong authentication for remote users.

Sign up for our e-newsletter

About the Author

Karen Scarfone

Karen Scarfone is the principal consultant for Scarfone Cybersecurity. She previously worked as a senior computer scientist for the National Institute of Standards and Technology.


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.