Essential Computer Security

Tony Bradley on Facebook
Tony_BradleyPCW
- iPad Challenges Traditional Publishing Economics. http://bit.ly/bUk7qP about 47 minutes ago from TweetDeck
- DHS Urges "Sense of Urgency" for Cyber Security. http://bit.ly/aTRJhp about 48 minutes ago from TweetDeck
- Benefits of the FCC Broadband Plan. http://bit.ly/b4DPiY about 59 minutes ago from API
- RT @rstrohmeyer: Pretty much spot-on: Why Apple fans hate tech reporters http://bit.ly/9KBa7q<--well- they're certainly a passionate bunch about 1 hour ago from TweetDeck
- Still using Internet Explorer 6? Do yourself and all of us a favor--upgrade your browser already!!! http://bit.ly/dlzdGO about 1 hour ago from TweetDeck
“I am pleased to endorse Mr. Tony Bradley. As his editorial colleague, I have seen Tony produce outstanding technical publishing tailored to his customers' requests. Tony is a rare combination of technical savvy, business vision, and passionate commitment to customer service. I highly recommend Tony's services to any client.”
Paul Gil
About.com
My Sites

Encryption is Key

Posted on July 18th, 2009 by Tony Bradley

VoIP is subject to a variety of threats from simply eavesdropping on calls to call hijacking, caller ID spoofing, denial-of-service, and more. There are a number of security measures that can be put in place to protect VoIP communications from these attacks, but one of the most effective defenses against virtually all VoIP threats is encryption. It is important to encrypt both the signaling and the media channels. The signaling or control channel is where the communications sessions are established and torn down and generally rely on some variation of the SIP (Session Initiation Protocol) protocol. The media channel is where the audio and video data is transported. For Microsoft OCS 2007, the media channel uses the RTP (Real-Time Protocol) or SRTP (Secure Real-Time Protocol) protocols.

VoIP hardware and software vendors tend to have their own unique approaches to providing encryption just as they have their own unique approaches to the protocols used to establish and maintain communications. Unfortunately, the industry settled on a standard so the burden falls on the administrator to understand the strengths and weaknesses of the VoIP infrastructure they are using and what encryption options exist. In the absence of other options, IPSec or TLS encryption can be implemented to protect the communications data in transit.

Microsoft OCS 2007 and the Microsoft Unified Communications infrastructure are secure by default. Microsoft provides encryption and endpoint authentication using MTLS and TLS. Communications between servers inside the network uses MTLS (Mutual Transport Layer Security), while communications between servers and clients (including clients external to the network) uses TLS (Transport Layer Security). OCS 2007 uses SIP for VoIP signaling and RTP / SRTP for transporting audio / video on the media channel. The Microsoft Communicator client relies on HTTPS for secure communications.

By default, all signaling and media communications are encrypted. Microsoft uses SIP over TLS and SRTP to protect communications traffic on both channels. Microsoft’s Unified Communications infrastructure is more or less secure out-of-the-box. The Achilles Heel is when an OCS Mediation Server is talking with some audio gateways. If the gateway does not have the proper functionality OCS will communicate using SIP over TCP an standard RTP- leaving the communications on the signaling and media channel potentially exposed.

Follow me on Twitter

Tags: Blog // 1 Comment »

One Comment to “Encryption is Key”

Essential Computer Security » Encryption is Key
July 18th, 2009 at 9:53 am
[...] Read more from the original source: Essential Computer Security » Encryption is Key [...]

Computer Security In Plain English For Normal People

Tony_BradleyPCW

My Sites

Encryption is Key

One Comment to “Encryption is Key”

Recent Posts