For SIP:
Is there a secure version?
Can SIP calls be evesdropped by someone else on the lan or internet??
Is there an encrypted version?
Thanks, Martin
For SIP:
Is there a secure version?
Can SIP calls be evesdropped by someone else on the lan or internet??
Is there an encrypted version?
Thanks, Martin
There are two parts in SIP: The control channel (SIP) and the signal itself (RTP).
For RTP: SRTP
See e.g.:
There is sRTP for the media stream.
Yes provided you have access to the data. Ethereal can capture, decode and manipulate the media.
See IETF web site for sRTP.
Yes, it can be EASILY eavesdropped. To see how, download the latest ethereal - you can actually export the audio of a capture to an ".au" file and play it back, email it to friends to laugh at, etc.
Thanks.
So, unencrypted sip calls are easily eavesdropped if the link is accessible... (See ethereal.)
Do the commercial VoIP providers encrypt the signal traffic?
Or are all your VoIP internet calls 'out in the open'?
Regards, Martin
dont think so.
Some of the IP PBX manufacturers support encryption (e.g. Avaya. Cisco maybe Mitel), but i dont think there are any mature standards for this, and little interoperability between equipment types.
sort of - but they could only be intercepted if the "bad guy" had access to a link on the route between the 2 end points - exactly the same as for a TDM / ISDN / "normal" phone call.
this may be similar to the arguments about just how useful https is in practice - i havent come across any documented instances where a credit card number or other info is disclosed by snooping on a conversation between end points - it is much easier to break into the client PC or web server and get at the data there.
[...]
Hence the weakest and most vulnerable parts are at each end on the local lans... (Assuming that we can 'trust' our telcos.)
Thanks, good answer.
Regards, Martin
If you want hardware with SRTP support, look at the SIPURA SPA-2000.
For UK/EU -
So you are saying that one's ISP or LAN admin can easily eavesdrop on all SIP calls, even if the SIP network one uses employs MD5 and MD5-sess for DIGEST authentication and encryption?
In other words, do they not have to crack MD5 and MD5-sess before they can eavesdrop?
Also, when a SIP network says they support MD5 and MD5-sess for DIGEST authentication and encryption, does this mean that they are encrypting every word of every conversation, or just the authentication process?
Thanks in advance!
Roddaman
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.