Communications Security Beyond the Turret

Written by

The evolution of the trading floor is leading to a convergence of technologies consisting of voice, internet and data merging into a single system.

These new opportunities allow “turret” providers to expand the types of services they provide including integration with the cloud which also leads to a much greater dependence on the data center for implementation and support. A turret is a specialized telephony key system which is generally used by financial traders.

In addition, a whole new world of potential security concerns such DDoS attacks, introduction of malicious code, internal abuse of privileges, and call spoofing are threats that need to be addressed.

In the center of this evolution is the turret phone. What was once a system based on a digital time-division multiplexing (TDM) architecture has turned into a high-tech Internet Protocol (IP) based work center. Turret systems are not alone, according to Broadview Networks, between 2014 and 2020 the VoIP market is expected to grow roughly 9.7%.

As companies implement/upgrade their turret phone systems, there are a number of considerations for weighing different turret phone security features beyond the general telephone network. This article is meant to highlight some of those considerations. Keep in mind that there could be dependencies on the existing corporate network, IP PBX vendor and the Public Switched Telephone Network. These could all influence some security decisions.


Managing user access to the turret system is important. Determine if the vendor solution provides a role-based access feature to separate various job functions. This includes:

  • Administrator and user accounts
  • Unique user IDs and passwords
  • Limiting dialing ability (e.g. preventing the dialing of long distance numbers)
  • Limiting configuration changes such as adding or removing buttons or menus

The separation of duties approach will allow for easier management and mitigate unnecessary or "accidental" changes to configurations and potential malfeasance and help with activity monitoring.


Effective logging will make it easier for administrators to detect and act on alerts triggered by unusual activity as well as correlate with other potential threats in the environment.

Device monitoring; includes tracking how many turrets are currently connected to the network as well as the health status of each one.

User monitoring; this includes user activities such as logon/logoff, which numbers were dialed and time/date stamp information.

Determine if the turret can provide syslog and SNMP traps so they can integrate with a Security information and event management (SIEM) and network access control (NAC) appliances.

External vulnerabilities

Detecting an attack early can help mitigate threats to the environment. Determine if the turret system provides application layer security to prevent call hijacking, DDoS attacks and call spoofing. Since 2013, the U.S. Department of Homeland Security has reported on the growing threat of DDoS attacks. Also, can the system be configured to verify that the source device and extension are actually one of the approved turrets? This can help prevent an unauthorized device from connecting to the network through a backdoor.


Connections between the turret and the management server (backend administration) should be encrypted. Options include but not limited to HTTPS or Transport Layer Security (TLS) for authentication and maintenance such as patching or code updates. Secure Real-time Transport Protocol (SRTP) for voice traffic is also common. Remote access for third party support should also be considered. Typical options for this include either SSH or HTTPs. Finally, is there the option to segregate voice and data traffic into their own VLAN?

Patches and updates

The underlying operating system the turret runs on will periodically need updates, especially if it can integrate with Active Directory or Lync. Does the solution vendor have an established patch management process in place? Do they test all patches and hot fixes before sending them to the customer for installation? How are potential vulnerabilities communicated to the customer?

Business continuity

Dropped calls and lost stored voice data can severely impact transactions and revenue as well as company reputation. Examine disaster recovery and business continuity plans to see if they meet critical business needs. In addition, does the solution vendor provide a distributed architecture for hot failovers to prevent call interruptions?

While there is no magic bullet to protect the VoIP turret system, proper due diligence can help to mitigate risks. As mentioned earlier, it is important to determine which solutions can integrate with existing network security controls and architecture.

What’s hot on Infosecurity Magazine?