Goin' to Chapple- for these three VoIP security tips

Heard of

No, I didn't think so. But that doesn't mean what he has to say about VoIP security isn't important. It is, very.

Chapple has a most interesting CV/resume/set of bonafides. Information security researcher with the National Security Administration and the U.S. Air Force, author of several security-certification training books, and currently doing info sec for the University of Notre Dame. He's also About.com's Database Guide.

We can also find Chapple's columns on Techtarget's underappreciated SearchSecurity.net website.

In his most recent column, Chapple comes to us with three bordering on-"well-duh" but still very useful VoIP security best practices for the enterprise.

Mike Chapple would really like it if you, the enterprise IT admin or even individual VoIP user, would:

• Separate virtual environments by sensitivity. The degree of separation may depend on your budget and complexity tolerance, but it's a wise idea to keep data of dramatically different sensitivity levels in their own virtual environments. For example, it would not be a great idea to have a virtual instance hosting your public Web server and a second instance hosting your internal database server and living within the same virtual environment.
• Remember the old-fashioned stuff. Everything you've learned about operating system security is still true with virtualized servers. Lock down your systems by eliminating unnecessary services, tightening host firewalls and applying security patches. If you reduce your footprint and deny the bad guys an entry point onto your systems, you'll lower the likelihood of an attack.
• Watch the news and get ready to react quickly. Some unlucky enterprises will be victimized by a zero-day virtualization exploit. Statistically speaking, it probably won't be yours. But when the news hits the wire, the bad guys are going to read it just as quickly as you will. Keep your eyes peeled and take quick action to avoid being part of the second wave of victims.

Succinct, and well-known to those skilled in the art. But with enterprise and SMB use growing every day, it most certainly does not hurt to repeat these tips from time to time.