Home > Telecom Tips > > Don't forget to secure the signaling
Telecom Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 


Don't forget to secure the signaling


Tom Lancaster
06.23.2005
Rating: -4.25- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


Most of the concerns network engineers intuitively have about VoIP security are related to high-tech eavesdropping via packet sniffing, or to denial of service attacks or new IP-based versions of good old-fashioned toll fraud. The last two are generally a matter of keeping your systems patched and sensibly configured, but the obvious solution to the eavesdropping is encrypting the media streams.

Many vendors now support the SRTP protocol which uses AES to encrypt your conversations, but it's important to realize that SRTP only encrypts the payload of the media stream. It's not an encapsulating protocol that covers your headers too. It also, obviously, does not encrypt your signaling.

Understanding this is even more important, because you should realize that there is still important user information in your signaling. In the legacy voice world, when you push buttons on the phone -- for instance, to enter the PIN number to access your voice-mail or your bank account, or your automated order taker for your stock brokerage account -- you simply are generating a tone which is carried across the same line your spoken words use. But when this gets converted to VoIP, some of the dialed digits are carried in the signaling protocol, and not in the RTP stream.

So, if you were thinking about authenticating signaling traffic, go ahead and put some thought into encrypting the signaling as well.

The details of this can be vendor-specific, since many vendors implement proprietary signaling protocols, or at least proprietary extensions to standardized protocols. So in the absence of a standard signaling protocol that provides privacy and non-repudiation, odds are good that you'll see some implementation of IPsec, but keep in mind that if you've got a multi-vendor solution, encrypting your signaling may be especially challenging.

Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.

Rate this Tip
To rate tips, you must be a member of SearchTelecom.com.
Register now to start rating these tips. Log in if you are already a member.




Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Telecom Network Management
Top five telecom industry trends for 2010: Market transformation ahead
Telecom network test equipment takes on strategic role
Network performance testing trends show greater operator need
Outsourcing strategies for next-generation network operations
Global Crossing re-engineers the telecom customer experience
Network traffic management targets access and 'middle mile' aggregation infrastructure
Carrier traffic management solutions for access, aggregation network
Offering realistic broadband service definitions and acceptable-use policies
Taking bandwidth management above-board
Web-enabled TV looms, but can networks handle the Web on televisions?

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
backbone  (SearchTelecom.com)
caller ID spoofing  (SearchTelecom.com)
carrier signal  (SearchTelecom.com)
comfort noise generator (CNG)  (SearchTelecom.com)
Ethernet as a service (EaaS)  (SearchTelecom.com)
Hayes command set  (SearchTelecom.com)
multichassis multilink PPP  (SearchTelecom.com)
multilink PPP  (SearchTelecom.com)
telecommunications  (SearchTelecom.com)
traffic engineering  (SearchTelecom.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Telecommunications Services - IPTV, Video on Demand, VOIP
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2007 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts