Secure Media Transmission

Besides signaling when projecting and deploying Unified Communications system, we might also be interested in encrypting the media transferred between devices.

There are three popular RTP encryption modes:

  • SRTP MIKEY / SDES (requires TLS encryption of signaling)
  • SRTP DTLS
  • ZRTP

SRTP

The Secure Real-Time Transport Protocol (or SRTP) defines a profile of RTP (Real-Time Transport Protocol) intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both unicast and multicast applications. It was first published by the IETF in March 2004 as RFC 3711.

Continue reading “Secure Media Transmission”

Make the right choice! The 8 steps that will help lead you to success with a UC&C partnership

Having worked in the communications industry for over 25 years, it’s great to see a technical advancement that meets the requirements of the consumer; to have smarter solutions for communications rather than just voice.

Sure, Voice over IP changed many things but it still majored on Voice being the main method of communication whereas Unified Communications and Collaboration allows a much greater array of communication solutions.

Spending a majority of my career in technical Roles, starting as an apprentice installation engineer, before progressing to Support Manager and Presales roles, many would believe my main focus to be technological, however I do not consider technology as the primary consideration. Continue reading “Make the right choice! The 8 steps that will help lead you to success with a UC&C partnership”

Protecting devices connected to the UC system

Devices connected to the UC system, such as SIP user terminals (VoIP phones and FXS Media Gateways) and SIP trunk media gateways, must also be secured using the best available policies.

Many currently available UC systems still do not implement proper policies or do not apply them by default. What security risks can this cause?

If TFTP is used, simply knowing the MAC address of the device allows acquisition of the provisioning file, which contains the SIP credentials to connect to any device.

Continue reading “Protecting devices connected to the UC system”

How to use the bravado of the adversary to drag him by his jersey to score a goal in his own goal post

I am about to tell you a story about something that happened to me a few days ago.

Steve Osler and I had a few laughs ‘sitting at the Kite bar,’ and this is how the idea of sharing my experience with the group came to be.

In all honesty, there isn’t much to tell, but the dynamics with which it occurred is quite funny (and even educational). No soda and popcorn needed, I will be brief…

As I was saying earlier, a few days ago I went to meet with a client. A multinational player in the hotel industry, who is the owner of a structure on 7 hectares with approximately 1,000 rooms.

The purpose of my trip was just a simple visit, but I found myself casually, and indirectly, in a confrontation with the competition: Mitel. Continue reading “How to use the bravado of the adversary to drag him by his jersey to score a goal in his own goal post”

Inspecting signaling over TLS/ SSL

Any UC solution must use state-of-the-art cryptographic tools to make sure that information exchanged remains secret.

For TCP connections, the de facto standard is Transport Layer Security (TLS) and, its predecessor, Secure Sockets Layer (SSL). Both of these are frequently referred to collectively as “SSL” and are cryptographic protocols that provide communications security over a computer network.

The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating computer applications. When secured by TLS, connections between an SIP, XMPP, or HTTP client (for example, a web browser) and a server (for example, wikipedia.org) have one or more of the following properties:

Continue reading “Inspecting signaling over TLS/ SSL”