[asterisk-users] Encrypting the Conversation

Mon Jul 10 18:16:47 MST 2006

> That is at the server iself - you could then argue that the transit RTP 
> could be tapped by a corrupt tech working for your ISP or provider, which 
> could happen also with physical lines, the difference being that the RTP 
> tap is so virtual it can be made to leave no trace. A physical tap can be 
> found by a routine inspection on the lines, an RTP tap cannot. If we want 
> Asterisk to be a step forward in the right direction, security concerns 
> *must* be addressed at some stage.
>

First let me say, I'm not totally against the idea of SRTP.  There are 
certainly times when a VPN solution is unfeasible that it could be useful. 
In cases where you are trying to encrypt back to the PSTN to protect your 
call to that point, could also be another useful implementation for the 
paranoid or well justified security conscious.  The idea though, that anyone 
anywhere can monitor your call just isn't true.  Or at least isn't true 
without a lot of work consider what would be involved here.

1) First off, you would need to know the endpoints of the call.  Capturing 
all the random RTP streams out there just isn't practical.  The nefarious 
individuals of the world generally aren't going to work that hard so unless 
they have this information in particular, they will likely move on

2) You would need to be able to spoof, or otherwise compromise high end 
networking equipment within the ISP network.  Generally, most people are 
using providers that are peered no more than 15 hops away.  Most of those 
hops are on-net.  Most large providers have pretty sophisticated IDS 
running.  Heck I've even set off Comcast's a few times with my security 
analysis for other companies.  This is not to say such a measure would not 
be possible, but you would be taking a lot of work to go this far.

3) If you have gone this far already, you either have balls of steel or you 
are an industrial espionage spy.  These guys, and gals, are not going to be 
stopped by ANY security measure if they want to get in.  Of course that is 
no reason to leave the door unlocked and hence SRTP on that leg of the VoIP 
journey might be useful.

The problem is, no measure is going to stop an on network attack.  If a 
disgruntled ISP tech has access to the SIP gateway on either side, any 
amount of encryption isn't going to do anything.  If you can control the 
endpoints you can pretty much do anything you want.  As always though, the 
weak point of any security is the people that run it.  And managing that 
kind of security issue is a whole different topic all together.

With all that said,  I stand by my best practice concept of security 
happening on your network level devices.  Such a design offers a scalable, 
centrally managed security model of which your "trusted" personnel will have 
access.  It allows your communication hardware to focus on communication, a 
function it is optimized for, while your security hardware focuses on 
security.  Additionally it leverages the infrastructure that most business 
users have already at this point while minimizing costs, and offering a 
"reasonably" secure platform.

So to summarize and clarify my stance.

1) SRTP good in small doses where applicable
2) General Asterisk security ALWAYS a good idea.
3) VPN and other specialized security technologies are generally he most 
appropriate for scalability and overall security

Regards,

Raymond McKay
President
RAYNET Technologies LLC
http://www.raynettech.com
(860) 693-2226 x 31
Toll Free (877) 693-2226 