Sponsored By

Ease of Eavesdropping with VOIP?Ease of Eavesdropping with VOIP?

On Nortel's VOIP Security blog, Stephen Varty of the company's R&D labs has a post explaining why eavesdropping on VOIP calls may not be as easy as you think.

Eric Krapf

July 24, 2008

2 Min Read
No Jitter logo in a gray background | No Jitter

On Nortel's VOIP Security blog, Stephen Varty of the company's R&D labs has a post explaining why eavesdropping on VOIP calls may not be as easy as you think.

On Nortel's VOIP Security blog, Stephen Varty of the company's R&D labs has a post explaining why eavesdropping on VOIP calls may not be as easy as you think.What it comes down to, according to Varty, is that if you're an attacker trying to capture packets traveling across a network, you may find it difficult to positon yourself in the middle of a conversation in such a way that all the packets you need to capture will, in fact, pass before you. Therefore, he suggests, if eavesdropping is to occur, its likelihood may well skew towards more of an insider attack--i.e.,somebody who has access to one of the endpoints of the conversation, before the signaling and media packets are all broken up to go their various ways across the network.

Varty recommends the following actions be implemented to reduce the risk:

  • port based network access control,

  • VLANs,

  • signalling encryption such as TLS for SIP, and where available,

  • media encryption such as SRTP.

    I'd just add that, since right now most enterprise VOIP islands are connected via carrier leased lines or services like MPLS, eavesdropping shouldn't be an issue to a great degree. But if the Internet starts to be used more--say, if teleworking starts to balloon in response to gas prices--then more companies may look at encryption of both the signaling and the bearer traffic.

    I'd just add that, since right now most enterprise VOIP islands are connected via carrier leased lines or services like MPLS, eavesdropping shouldn't be an issue to a great degree. But if the Internet starts to be used more--say, if teleworking starts to balloon in response to gas prices--then more companies may look at encryption of both the signaling and the bearer traffic.

About the Author

Eric Krapf

Eric Krapf

Eric Krapf is General Manager and Program Co-Chair for Enterprise Connect, the leading conference/exhibition and online events brand in the enterprise communications industry. He has been Enterprise Connect.s Program Co-Chair for over a decade. He is also publisher of No Jitter, the Enterprise Connect community.s daily news and analysis website.
 

Eric served as editor of No Jitter from its founding in 2007 until taking over as publisher in 2015. From 1996 to 2004, Eric was managing editor of Business Communications Review (BCR) magazine, and from 2004 to 2007, he was the magazine's editor. BCR was a highly respected journal of the business technology and communications industry.
 

Before coming to BCR, he was managing editor and senior editor of America's Network magazine, covering the public telecommunications industry. Prior to working in high-tech journalism, he was a reporter and editor at newspapers in Connecticut and Texas.

See more from Eric Krapf

Editor's Spotlight

How Air Canada Tapped Amazon Connect to Modernize Its Contact Center Operations
Ccaas
How Air Canada Tapped Amazon Connect to Modernize Its Contact Center Operations
How Air Canada Tapped Amazon Connect to Modernize Its Contact Center Operations

Dec 16, 2024

How Talkdesk Delivers for Vertical Industries
Ccaas
How Talkdesk Delivers for Vertical Industries
How Talkdesk Delivers for Vertical Industries

Dec 5, 2024

How Vendors Could Help Small and Medium Businesses Navigate Change Amidst Rapid Change and Complexity
Ccaas
How Vendors Could Help Small and Medium Businesses Navigate Change Amidst Rapid Change and Complexity
How Vendors Could Help Small and Medium Businesses Navigate Change Amidst Rapid Change and Complexity

Dec 17, 2024

Subscribe to Our Weekly Newsletters
Stay informed and sign up for weekly No Jitter and WorkSpace Connect newsletters
Sign Me Up
Mar 17 - Mar 20, 2025
As the #1 communications, collaboration and CX Conference and Expo in North America, we empower IT professionals to confront and overcome today's most pressing challenges. Attend Enterprise Connect and join thousands of like-minded peers building a framework for future success. You’ll walk away with rich learning experiences, invaluable connections, business opportunities, and inspiring insights. Register with Promo Code CONNECT25 to save $200 on Conference passes.
Learn More