VoIP & Video Conferencing
Securing Your Audio and Video Conferencing System
Why is this an issue?
In today's fast-moving world, the ability to manage a geographically dispersed company (personnel, projects, resources) effectively is essential. Many companies use audio and video conferencing systems for this. Such systems generally use public networks: the Internet and leased channels. The information exchanged via the channels is sensitive and needs to be protected. When protecting audio/video conferencing, the following issues may arise:
- The audio/video conferencing system lacks integrated data protection tools.
- Integrated data protection tools of the audio/video conferencing system fail to meet today's requirements (weak cryptography, closed-source codecs).
- The protection system causes delays in the audio/video conferencing, affecting convenience and making the user disable the protection in some cases.
ViPNet products developed by Infotecs allow you to build a reliable, protected audio/video conferencing system meeting today's requirements.
ViPNet offers efficient protection for your audio/video conferencing system by creating a protected network. This solution is unique as the ViPNet technology allows the creation of a reliable, protected audio/video conferencing system with both wired and wireless channels, without significant investment in deployment of components.
- An unlimited number of ViPNet-protected audio/video conferencing hosts.
- You can create both desktop audio/video conferencing systems and remote workstations with audio/video conferencing software components.
- Full support for virtual addresses in multimedia protocols such as SIP, SCCP (Cisco skinny), H.323.
- Smooth passage of protected traffic via various NAT devices or in the event of Internet service provider interference.
Securing IP Telephony
Why is this an issue?
Despite its long-term and widespread usage in private and public sectors, VoIP technology give rise to a number of serious security issues: it is relatively easy to intercept VoIP calls and modify the contents of VoIP calls, and VoIP systems are prone to DoS attacks.
How to solve this issue?
Proprietary audio codecs
Some vendors propose resolving IP telephony security issues by using closed-source audio codecs. The entire protection strategy relies on the assumption that the audio coding algorithm is unknown to attackers but, once it is discovered, the system is no longer safe. At present, most vendors tend to use open-source audio codecs. This renders this protection method ineffective.
When an IP telephony system is built, a separate VLAN is usually allocated to connect all IP telephones. This has several disadvantages:
- After gaining access to the IP telephony system VLAN, an attacker can intercept all calls.
- This solution cannot secure an IP telephony system between two or more geographically separate offices.
Encryption and cryptographic authentication
This protection method is currently the most reliable. Modern IP telephony systems can be protected with different protocols such as SRTP, ZRTP or IPSec. However, each protocol has a number of major drawbacks:
- SRTP and ZRTP use “weak” cryptography, too short encryption keys or inferior encryption algorithms.
- IPSec requires keys to be exchanged in advance, it is often blocked by different Internet service providers, and does not always allow a protected connection to be established due to technology limitations.
Our solution to secure VoIP
VoIP protection is based on ViPNet offering the following features:
- Encryption and filtering of signal and voice traffic from all IP telephony network users.
- Smooth passage of VoIP traffic via NAT devices.
- Support for virtual addresses, including in SIP, H.323 and Cisco SCCP (Skinny Client Control Protocol) protocols, resolving the issue of overlapping IP address space of remote offices.
- Facilitates protection of heterogeneous IP telephony systems.
- Establishes protected communications between two or more local networks with overlapping IP addresses, without changing their topology.
- Protection of mobile IP telephony users.
- Passage of VPN traffic regardless of NAT devices or service provider interference.