[Asterisk-Users] VOIP security on an IAX connection.
Sean Kennedy
skennedy at tpno.org
Thu Nov 18 10:16:38 MST 2004
lucas at eyeonsystems.com wrote:
>Gentlemen and ladies of the Asterisk community.
>
>I am considering implementing asterisk based IAX solution for a business
>that handles a lot of sensitive data. Internal security will be no
>worse than before as they plan on connecting to their current PBX to
>handle switching. The asterisk boxes will just handle their trunks
>between the offices. Other than VPN with a few levels of encryption on
>the VPN any ideas on other good and affordable ways to implement
>security on the IAX links?
>
>Thanks.
>lucas at eyeonsystems.com
>
Well, I think a vpn would do the trick. Personally, I wouldn't even
worry about encrypting the stream more than once, as long as you choose
the right method.
Add too many layers on, and you increase latency and possible packet
loss. Not good.
Here, we are using openvpn, in the tls server/client model. Keys are
regenerated once an hour, so the best someone could do is sniff an
hour's worth of data before they'd have to refigure the encryption.
If you are sure people are going to try breaking into the stream, you
might wan to think about other security methods beyond encryption ( a
really big bat, for example ). Anything that adds latency is a "Bad
Thing (tm)", and further, encrypting something more than once indicates,
to me at least, that encryption is not the solution.
But what the hell, maybe I'm wrong. Other opinions are certainly warrented.
Sean
More information about the asterisk-users
mailing list