SIP trunk security encompasses a number of different issues. To address them, most security vendors prefer a layered approach to provide an effective way of isolating and protecting the telephony system and the communications path to the SIP service provider.
Here are some tips to help identify which areas of SIP security need to be changed or redesigned to help avoid unpleasant surprises.
Ensure complex passwords for your SIP trunk: SIP trunk providers require authentication in order to allow incoming and outgoing calls from the SIP trunk. Make sure complex passwords are used for the authentication process to your SIP provider.
Limit access to the telephony system: Only specific people from specific locations should have access to the telephony system. Always ensure your telephony systems are isolated in a separate VLAN and the correct VLAN security policies are in effect.
Accept SIP traffic only from your SIP provider: Block traffic from all external sources except your SIP provider. This will help limit access to your telephony system and minimize chances of unauthorized access.