Most of the concerns network engineers intuitively have about VoIP security are related to high-tech eavesdropping via packet sniffing, or to denial of service attacks or new IP-based versions of good old-fashioned toll fraud. The last two are generally a matter of keeping your systems patched and sensibly configured, but the obvious solution to the eavesdropping is encrypting the media streams.
Many vendors now support the SRTP protocol which uses AES to encrypt your conversations, but it's important to realize that SRTP only encrypts the payload of the media stream. It's not an encapsulating protocol that covers your headers too. It also, obviously, does not encrypt your signaling.
Understanding this is even more important, because you should realize that there is still important user information in your signaling. In the legacy voice world, when you push buttons on the phone -- for instance, to enter the PIN number to access your voice-mail or your bank account, or your automated order taker for your stock brokerage account -- you simply are generating a tone which is carried across the same line your spoken words use. But when this gets converted to VoIP, some of the dialed digits are carried in the signaling protocol, and not in the RTP stream.
So, if you were thinking about authenticating signaling traffic, go ahead and put some thought into encrypting the signaling as well.
The details of this can be vendor-specific, since many
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to SearchTelecom.com you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of SearchTelecom.com is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
vendors implement proprietary signaling protocols, or at least proprietary extensions to standardized protocols. So in the absence of a standard signaling protocol that provides privacy and non-repudiation, odds are good that you'll see some implementation of IPsec, but keep in mind that if you've got a multi-vendor solution, encrypting your signaling may be especially challenging.Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.
This was first published in June 2005