NSA shares guidance on securing voice, video communications


Level 74
Content Creator
Malware Hunter
Aug 17, 2014
The National Security Agency (NSA) has shared mitigations and best practices that systems administrators should follow when securing Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems.

UC and VVoIP are call-processing systems used in enterprise environments for various purposes, from video conferencing to instant messaging and project collaboration.

Since these communication systems are tightly integrated with other IT equipment within enterprise networks, they also inadvertently increase the attack surface by introducing new vulnerabilities and the potential for covert access to an organization's communications.

Improperly secured UC/VVoIP devices are exposed to the same security risks and targeted by threat actors through spyware, viruses, software vulnerabilities, and other malicious means if not adequately secured and configured.

"Malicious actors could penetrate the IP networks to eavesdrop on conversations, impersonate users, commit toll fraud and perpetrate denial of service attacks," as the US intelligence agency explained.

"Compromises can lead to high-definition room audio and/or video being covertly collected and delivered to a malicious actor using the IP infrastructure as a transport mechanism."

UC VVoIP system (NSA)​