Share what you know with millions of people
Focus is the best place to turn what you know into remarkable content
0
How do I protect myself from VoIP eavesdropping? Does it pose a serious threat to my company?
I work for a small company and VoIP eavesdropping was brought up in a recent conversation. I got to thinking and I came across some of these questions. Any contributions will be greatly appreciated.
How can we detect eavesdropping?
Does it pose a serious threat to the company?
What's the best route to cure it?
What's the best way to stop it before it even starts?
Events
- Dos and Don'ts of Small Business Marketing May 29 @ 11 am PT
- Lead Nurturing 202: The Next Generation May 31 @ 11 am PT
- The Tricks to Paid Media June 6 @ 11 am PT
- Display Advertising for Brand Awareness June 20 @ 11 am PT
Related Activity
4 Answers
You raise a good question that pertains primarily to hosted VoIP systems and SIP trunking. Most discussions about VoIP security pertain to the LAN network edge, not signaling over the Internet. But by using the correct technology, your calls can be secure.
The primary means of protecting your SIP traffic is using Transport Layer Security (TLS) and Secure RTP (SRTP). With encryption, sessions are kept private with no chance of eavesdropping. For inter-office traffic, calls using your VPN are obviously secure. Not all VoIP providers use encryption since it costs money in overhead.
Is eavesdropping a serious threat? If you are a company in a very competitive business where it would be worth a competitors money to spy on you, then yes. But why expose yourself to any such threats? It all comes down to implementing the correct technology. We can assist you, if you would like.
Regards,
Steve Garson
Better Cost Control and MPLS-Experts
Agree with Steve. SIPS (SIP over TLS to protect SIP signalling) and SRTP (to protect the media stream) are commonly used to mitigate the risk of eavesdropping, in addition to authenticating SIP requests and responses which includes integrity protection.
Yes I too agree with Steve.Eavsdropping is a threat to each and every firm, since you never know which of your converstion may leak out or point to your next plan which can be used by your competitors against you.
You may deploy 3DES encryption and have regular penetration test run on your voip network.Hvae regular health checkups of your system as well
Jignesh
Wayne,
Although I agree with the previous answers, one of the items which is rarely discussed is related to whether your media remains encrypted from endpoint to endpoint, never being decrypted in any other location other than the endpoint devices. Depending on implementation, this fact is not always true with SRTP. Session Board Controllers may decrypt the media, which opens a vector of attack for the media. Complicating this further are the number of implementations which do not implement TLS. Server performance is often provided as the answer as to why it is not. Translation: It's not economical to deploy.
Jihnesh mentions 3DES. Our approach is to encrypt with AES 256bit utilizing unique encryption keys for communications, even offering the ability to simultaneously utilize different keys for voice, chat and file transfer simultaneously, and have the ability to change keys in the middle of a communications session. Finally, we believe that self service key management with Diffie-Hellman exchanges provides a cost effective model.
Finally, our view includes that this capability should be transparent to the platform it is running on, be it a PC or a smart phone.
If you are interested in more, please visit www.idranksecurity.com.
Peter Rung
peter.rung@idranksecurity.com
Twiitter: IDRSec
Answer This Question