How to be secure with VoIP?
Well, this information is written for technically advanced people to explain different aspects of VoIP security and how Australian Phone Company assist to protect our subscribers and what can be done additionally to increase the security level.
There are a few types of security breaches in VoIP. The first one is related to SIP username and passwords as well as brute-force attacks. Customer device password is one of the most vulnerable points where hackers may get access. If the third party got access to customer password it may be used to make any type of calls behave of a true customer. Customer should take care about own passwords, don’t store this data, remove email that may have this information. We always set long and complicated password ourselves to avoid brute-force scenario. Also, we ban all IP addresses if got a number of unsuccessful registration attempts. You may temporarily lose connection to our server if tried to register with the wrong password. Also if your IP address is statically and never change over the time we may recommend adding additional IP address filter at our side by enabling registration attempts for your account only from pre-defined IP. It will additionally protect your account in unlikely case of password leaking. Please drop us a mail to This email address is being protected from spambots. You need JavaScript enabled to view it. if you want to white list your IP address.
The second aspect of VoIP security is signalling and voice interception. When our connections from our soft switch up upstream providers are generally encrypted, one of vulnerable place maybe piece of the Internet between our soft switch and you. In the very unlikely case when a hacker has technical ability to sniff Internet packets inside your home/office network or between your network and out switch he may decode signalling messages that consist calling numbers and other technical information about the call (Device password is encrypted and cannot be decoded) as well as voice conversation. Australian Phone Company offers two additional levels of Voice encryption over VoIP. The first one is TLS (Transport Layer Security, Secure Socket Layer SSL) encryption done for all signalling messages. When TLS transport is used instead of traditional UDP customer’s application performs an additional checking to validate server and encrypt all signalling traffic similar to HTTPS protocols for the web site. The second level is SRTP (Secure Real-time Transport Protocol) when all voice conversation is encrypted and cannot be sniffed. Both methods should work together: SRTP without TLS doesn’t make a sense, a hacker may intercept encryption keys in signalling and decrypt SRTP; TLS without SRTP cannot encrypt voice conversation.
If you want to enable an additional TLS/SRTP security for your device you need to drop us a mail to This email address is being protected from spambots. You need JavaScript enabled to view it. and ask to reconfigure your device to TLS/SRTP instead of traditional UDP/RTP. Since that time your device should be working only in TLS/SRTP mode, un-secure connections will not be allowed any more. The second step is the configuration for your softphone/hardware. Please note there is only a limited number of contemporary devices or software clients that support TLS/SRTP. You need to check your device first. To make your device ready you need to complete the next steps:
- Set domain name as sip.australianphone.com.au (No IP Address is allowed)
- Set Network port: 5061
- Enable TLS
- Enable SRTP
- Make sure that you have TLSv1 in your side enabled
Please refer to the picture below for Zoiper application example:
If everything correct you see an indication that connection is encrypted. (Usually, that is a closed lock).
Good luck and be secure with VoIP.