Views

VoIP Security

The Wiki of Unify contains information on clients and devices, communications systems and unified communications. - Unify GmbH & Co. KG is a Trademark Licensee of Siemens AG.

Revision as of 14:32, 3 April 2009 by Horemu (talk | contribs)
Jump to: navigation, search

Regarding IP telephony the subject VoIP Security becomes more and more important. VoIP must have the same confidentiality, authenticity, availability and anonymity as traditional telephony solutions.

Buzzwords to improve the above mentioned properties are PKI, SPE/SRTP and TLS.

HiPath platforms like HiPath 2000 or HiPath OpenOffice ME use the most current technology to protect voice and signalling data from unauthorized access.

How to use secure VoIP on optiPoint SIP phones in general: pdf-de.png  Gesicherte Sprachübertragung in SIP 7

Please have a look also at the administrator documentation to IP phones of the optiPoint and OpenStage families and the service documentation for the IP platforms.


Signalling and Payload Encryption (SPE)

Documentation

Activate Signalling and Payload Encryption (SPE) on a optiPoint HFA Phone

To enable security support on the optipoint HFA phones following settings must be done via local configuration or administration web page.

  • Configure transport mode: Administration -> System -> Signaling & Payload Encryption (SPE)
    • Configure C-TC TLS port in accordance to the CGW configuration (AMO-CGWB: (…), TYP=globif, TLSP=<C-TC TLS port>;), default: 4061
    • H.225 TLS port: 1300 (fixed)
    • Transport mode: TLS
    • Certificate check can now be enabled, in this case certificate must be downloaded via DLS

SPE config HFA.jpg

Certificate Management

Documentation

How to implement and set up a secure environment and provide optiPoint phones with configuration data by the use of XML files via secure Web server:

General information about certificates, PKI, currently used security parameter in HiPath and TLS:

IEEE 802.1X

Documentation

How to configure IEEE 802.1X by DLS:

Basic Requirements For 802.1x Certificates