As you know, you can’t always protect a VoIP phone system that’s connected to the Internet. Eavesdropping on phone calls opens a treasure trove of valuable data. Big gems await in financial institutions, professional services firms, and government agencies. Hacking voicemail is also lucrative; it exposes private business information.
If you have a VoIP system that uses a T1 or PRI, and it doesn’t need access to the Internet for incoming or outgoing calls, it can’t be brought down by hackers via the Internet. The local phones in the office will work as long as the local network is working.
A VoIP system that’s not connected to the Internet and that has its own network with separate wiring and switches within the office, is relatively safe. However, if you have remote workers using VoIP system phones connecting via the Internet you’ll never have a 100% hacker-proof system.
The best format for VoIP is to have a separate network with separate wiring and switches, and a separate pipe(s) to the Internet. Preferably a data T1 or SDSL to the Internet that has the same up and down speeds. If you ensure that you have segregated networks for VoIP and PCs the phones would rarely go down.
A few more helpful tips to maintain protection are:
Set up a firewall and intrusion prevention system to monitor and sort authorized and unauthorized VoIP traffic, and track unusual voice activities.
Lock voice servers physically for administration. Centralize administration and use domain restrictions and two-factor authentication for administrative access, including credentials, signaling data, and configuration files.
Don’t forget to regularly install OS updates, and limit software loading on phones.