How to be secure with VoIP?

           Well, this information is written for technically advanced people to explain different aspects of VoIP security and how Australian Phone Company assist to protect our subscribers and what can be done additionally to increase security level.

          There are a few types of security breaches in VoIP. The first one is related to SIP username and passwords as well as brute-force attacks. Customer device password is one of the most vulnerable points where hackers may get access. If third party got access to customer password it may be used to make any type of calls behave of true customer. Customer should take care about own passwords, don’t store this data, remove email that may have this information. We always set long and complicated password ourselves to avoid brute-force scenario. Also we ban all IP addresses if got a number of unsuccessful registration attempts. You may temporary lost connection to our server if tried to register with wrong password. Also if your IP address is statically and never change over the time we may recommend adding additional IP address filter on our side by enabling registration attempts for your account only from pre-defined IP. It will additionally protect your account in unlikely case of password leaking. Please drop us a mail to This email address is being protected from spambots. You need JavaScript enabled to view it. if you want to white list your IP address.

          The second aspect of VoIP security is signaling and voice interception. When our connections from our soft switch up upstream providers are generally encrypted, one of vulnerable place may be piece of the Internet between our soft switch and you. In very unlikely case when hacker has technical ability to sniff Internet packets inside your home/office network or between your network and out switch he may decode signaling messages that consist calling numbers and other technical information about call (Device password is encrypted and cannot be decoded) as well as voice conversation. Australian Phone Company offers two additional level of Voice encryption over VoIP. The first one is TLS (Transport Layer Security, Secure Socket Layer SSL) encryption done for all signaling messages. When TLS transport is used instead of traditional UDP customer’s application performs an additional checking to validate server and encrypt all signaling traffic similar to HTTPS protocols for web site. The second level is SRTP (Secure Real-time Transport Protocol) when all voice conversation is encrypted and cannot be sniffed. Both methods should work together: SRTP without TLS doesn’t make a sense, hacker may intercept encryption keys in signaling and decrypt SRTP; TLS without SRTP cannot encrypt voice conversation.

          If you want to enable an additional TLS/SRTP security for your device you need to drop us a mail to This email address is being protected from spambots. You need JavaScript enabled to view it. and ask to reconfigure your device to TLS/SRTP instead of traditional UDP/RTP. Since that time your device should be working only in TLS/SRTP mode, unsecure connections will not be allowed any more. The second step is configuration for your softphone/hardware. Please note there is only limited number of contemporary devices or software clients that support TLS/SRTP. You need to check your device first. To make your device ready you need to complete next steps:

  • Set domain name as sip2.australianphone.com.au
  • Enable TLS
  • Enable SRTP

Please refer to picture below for Zoiper application example:

 zoiper domainzoiper tls srtp

If everything correct you see indication that connection is encrypted. (Usually that is closed lock).

zoiper enrypted voip 

Good luck and be secure with VoIP.

   

facebook share  Share your experience about us in your Socials !

   
© AUSTRALIAN PHONE COMPANY 2011-2018
...