Manualshelf

System information

ManualsBrandsATech Machine ManualsComputer equipmentLIBRA-02 M
671672673674675676677678679680
Encrypting Audio with Secure RTP
If you can sniff the packets coming out of an Asterisk system, you can extract the audio
from the RTP streams. This data can be fed offline to a speech processing system, which
can listen for keywords such as “credit card number” or “PIN” and present the data it
gathers to someone who has an interest in it. The stream can also be evaluated to see
if there are DTMF tones embedded in it, which is dangerous because many services ask
for passwords and credit card information to be input via the dialpad. In business,
strategic information could also be gleaned from captured audio.
Using Secure RTP can combat this problem by encrypting the RTP streams. More in-
formation about SRTP is available in “Encrypting SIP calls” on page 150.
Spoofing
In the traditional telephone network, it is very difficult to successfully adopt someone
else’s identity. Your activities can (and will) be traced back to you, and the authorities
will quickly put an end to the fun. In the world of IP, it is much easier to remain
anonymous. As such, it is no stretch to imagine that there are hordes of enterprising
criminals out there who will be only too happy to make calls to your credit card com-
pany or bank, pretending to be you. If a trusted mechanism is not discovered to combat
spoofing, we will quickly learn that we cannot trust VoIP calls.
What Can Be Done?
The first thing to keep in mind when considering security on a VoIP system is that VoIP
is based on network protocols, and needs be evaluated from that perspective. This is
not to say that traditional telecom security should be ignored, but we need to pay
attention to the underlying network.
Basic network security
One of the most effective things that can be done is to secure access to the voice network.
The use of firewalls and VLANs are examples of how this can be achieved. By default,
the voice network should be accessible only to those things that have a need. For ex-
ample, if you do not have any softphones in use, do not allow client PCs access to the
voice network.
Unless there is a need to have voice and data on the same
network, there may be some value in keeping them separate (this can have other benefits
as well, such as simplifying QoS configurations). It is not unheard of to build the in-
ternal voice network on a totally separate LAN, using existing CAT3 cabling and ter-
minating on inexpensive network switches. This configuration can even be less
expensive.
Segregating voice and data traffic.
VoIP Security | 637