In tiny writing at the bottom of a VoIP phone install manual I noticed a warning that using this company’s system will expose users to hackers. I questioned this until I read the manual a second time and noticed I have to leave a series of ports open for the phone service to work properly. Nothing is safe anymore.
As we connect more and more devices to our networks we’re opening ourselves to being hacked and increasing the chances of being infiltrated. VoIP phones are just the tip of the iceberg and in an office environment we could be required to have many ports open for alarm systems, cameras and servers.
Ports, like doors, can be open or closed depending on the needs of the network equipment. Ports control the flow of data from one IP address to another and decide how data will flow. If the port is closed, data doesn’t flow. Conversely, an open port allows data to free flow.
Industries have certain ports that must remain open for specific equipment to function properly. Medical offices have ports for remote billing, communication with other offices and internal communications. Accountants leave ports open to communicate with government agencies. Manufacturing plants leave ports open to communicate with vendors and other manufacturers.
Locking down ports and restricting how we expose ourselves should be the way the industry is moving. Unfortunately, our industry is moving to leave more doors open because current technology requires ports to have unrestricted flow between the device and internet. There really is no way around this when a device or system requires the flow of data.
My industry is moving to static IP addresses issued from service providers which greatly increases the chances of being infiltrated. Technology requires network equipment to have ‘stationary’ addresses that don’t move around. Static IP addresses keep the same address throughout the lifetime of the contract making it extremely easy to target one organization.
We don’t have to look very far to see examples of network hacking in the news. Of course, the most notable in recent history was the Clinton email server which was hacked through an open port. All the email hackers would need to pull this off is the IP of the server and typical ports that may be open.
Securing networks is surprisingly easy provided we understand that networks should be for data only. Knowing that most of the equipment that leaves us vulnerable isn’t specific to data, it makes sense to separate the two. In other words, pull the sub-systems (like VoIP) off the network entirely.
I started talking about VoIP phones so I guess I’ll end with them. There’s no reason they need to be tied into data networks, so putting them on a separate IP address makes the most sense. As well, using dedicated hardware that is independent of the network keeps everything safe. The morale of the story is to keep as much off your data network as possible.
(Jeromy Patriquin is the President of Laptop & Computer Repair, Inc. You can read past articles at www.LocalComputerWiz.com.)