NSA Releases Guidance on Deploying Secure UC and VVoIP Communications Systems

The National Security Agency (NSA) has released guidance to help organizations secure their communication systems, specifically Unified Communications (UC) and Voice and Video over IP (VVoIP). UC and VVoIP are call-processing systems that are used for communications and collaboration by many enterprises. The NSA warns that if these systems are not properly secured, they are exposed to the same risks as IP systems, including software vulnerabilities and various types of malware. Threat actors could abuse such systems to impersonate users, eavesdrop on conversations, cause disruptions, and conduct fraud. The guidance consists of a 43-page document that describes network, perimeter, enterprise session controller, and endpoint security best practices and mitigations. It is accompanied by a shorter information sheet that summarizes the guide. Read more and access the documents at NSA.