[Asterisk-Users] VOIP security on an IAX connection.

Sean Kennedy skennedy at tpno.org
Thu Nov 18 10:16:38 MST 2004


lucas at eyeonsystems.com wrote:

>Gentlemen and ladies of the Asterisk community.
>
>I am considering implementing asterisk based IAX solution for a business
>that handles a lot of sensitive data. Internal security will be no
>worse than before as they plan on connecting to their current PBX to
>handle switching. The asterisk boxes will just handle their trunks
>between the offices. Other than VPN with a few levels of encryption on
>the VPN any ideas on other good and affordable ways to implement
>security on the IAX links?
>
>Thanks.
>lucas at eyeonsystems.com
>
Well, I think a vpn would do the trick.  Personally, I wouldn't even 
worry about encrypting the stream more than once, as long as you choose 
the right method. 

Add too many layers on, and you increase latency and possible packet 
loss.  Not good. 

Here, we are using openvpn, in the tls server/client model.  Keys are 
regenerated once an hour, so the best someone could do is sniff an 
hour's worth of data before they'd have to refigure the encryption.

If you are sure people are going to try breaking into the stream, you 
might wan to think about other security methods beyond encryption ( a 
really big bat, for example ).  Anything that adds latency is a "Bad 
Thing (tm)", and further, encrypting something more than once indicates, 
to me at least, that encryption is not the solution.

But what the hell, maybe I'm wrong.  Other opinions are certainly warrented.

Sean



More information about the asterisk-users mailing list