Question Security - Employer IP Phone at Home

[Eggz]

Hi All,

I know about hardware but I have a major blind spot when it comes to data security in networking, so I need some guru advice and hope you can help. With Covid, I've been working from home for almost a year now. Just today, my job said we need to connect an IP phone to our home network and keep the phone at our home work desk. This really freaks me out! But I'm not quite sure why. Can you explain what kind of risk I'd be taking on here? Our IT and Network guy would have remote access to the phone, and it would be on my router. My wife also works from home on the same network, and there's lots of confidential information on her computer.

As background (aside from data security), it also feels intrusive that they'd require us to run a long cable across our entire house (under doors, across living room, etc.). In my case, my "office" also doubles as a nursery for my little baby (10 months) who sleeps in the same room. So having a phone in the room that my employer can ring will eventually wake up the baby, which seems out of line for an employer to require. Plus, I always have my cell anyway . . . In any case, that's more venting.

I really want to know what security risks I'm taking on with the IP phone so I can calmly explain if they ask me to. Please help me understand if this is in your wheelhouse.

Thanks!

-Eggz

 

[kanewolf]

Hi All,

I know about hardware but I have a major blind spot when it comes to data security in networking, so I need some guru advice and hope you can help. With Covid, I've been working from home for almost a year now. Just today, my job said we need to connect an IP phone to our home network and keep the phone at our home work desk. This really freaks me out! But I'm not quite sure why. Can you explain what kind of risk I'd be taking on here? Our IT and Network guy would have remote access to the phone, and it would be on my router. My wife also works from home on the same network, and there's lots of confidential information on her computer.

As background (aside from data security), it also feels intrusive that they'd require us to run a long cable across our entire house (under doors, across living room, etc.). In my case, my "office" also doubles as a nursery for my little baby (10 months) who sleeps in the same room. So having a phone in the room that my employer can ring will eventually wake up the baby, which seems out of line for an employer to require. Plus, I always have my cell anyway . . . In any case, that's more venting.

I really want to know what security risks I'm taking on with the IP phone so I can calmly explain if they ask me to. Please help me understand if this is in your wheelhouse.

Thanks!

-Eggz

You can always unplug it when you aren't working.
You can say "no" and see what happens. Do you have a company cell phone?

 

[Eggz]

You can always unplug it when you aren't working.
You can say "no" and see what happens. Do you have a company cell phone?

I understand that stuff. Just trying to get an understanding of what exactly are the risks - worst case. I've been using my own cell.

 

[kanewolf]

I understand that stuff. Just trying to get an understanding of what exactly are the risks. I've been using my own cell.

Since you don't know what hardware you will be getting, there is no definitive answer. IP phones, owned by you or your company are basically the same. When you plug them in, they reach out to a server somewhere. That server will know your public IP address. You generally don't have to open any firewall ports, since the phone initiates the connection.

 

[Mtop]

Have employer get you a second modem just for work.

 

[Eggz]

They haven't given me the exact model number yet, but I told them I'm not down for the wired version. They said there is a WiFi version, so I think I can put that on a guest network to isolate it. It's still F'n stupid. Employers can require equipment in their office, but this is my home. I don't feel like anyone has a right to dictate what someone else must do in and with their own home. . . . Imagine just telling your boss out of nowhere that you're going to have someone come by to install a surveillance camera in his bedroom. Something tells me that would highlight for them why this is invasive without permission. Ask first

 

[kanewolf]

They haven't given me the exact model number yet, but I told them I'm not down for the wired version. They said there is a WiFi version, so I think I can put that on a guest network to isolate it. It's still F'n stupid. Employers can require equipment in their office, but this is my home. I don't feel like anyone has a right to dictate what someone else must do in and with their own home. . . . Imagine just telling your boss out of nowhere that you're going to have someone come by to install a surveillance camera in his bedroom. Something tells me that would highlight for them why this is invasive without permission. Ask first

This goes back to my original statement of "just say no". They could make it a condition of your employment. It is similar to a random drug test. You can choose not to take one, and the employer can choose to terminate you. I guess it depends on how much leverage you believe you have.

 

[Math Geek]

as noted above, a second router for your office with that plugged into it is about all you can do if they insist. this will at least isolate the phone from the rest of the network.

a wifi version as a guest account is not that bad either. guest accounts are usually locked down a bit more than normal and would not allow any traffic the phone did not initiate. and then only the phone itself is vulnerable if it is compromised. about the best you can do really.

 

[Eggz]

as noted above, a second router for your office with that plugged into it is about all you can do if they insist. this will at least isolate the phone from the rest of the network.

a wifi version as a guest account is not that bad either. guest accounts are usually locked down a bit more than normal and would not allow any traffic the phone did not initiate. and then only the phone itself is vulnerable if it is compromised. about the best you can do really.

The guest WiFi is actually a great, simple idea! I told them I'd do it only if they would get a WiFi version so I wouldn't have to run a stupid wire through my entire place. They get the guest WiFi. Eff them!