VoIP Encryption on Grandstream

Akash jain Estimated Read Time: 2 Minutes
We are often asked this question about VoIP encryption. Especially when customers switch from analog PSTN systems to VoIP systems- how do I ensure the security of VoIP transmission, and eventually how to encrypt VoIP.

Just as PSTN systems are vulnerable to eavesdropping, VoIP without encryption is vulnerable to packet sniffing and data spoofing. VoIP encryption is the only thing preventing a malicious actor from intercepting your data (in this case, voice). Fortunately, a well-configured VoIP system provides unbreakable encryption.

Since VoIP is a layer above standard TCP/IP, there are already many secure protocols and algorithms for data encryption that can be used to encrypt VoIP as well. To a computer system, VoIP data is no different than any other binary data. The same well-known technologies, such as AES and TLS, that you use for web browsing and encryption of other data are also used for encryption of VoIP.

You must encrypt voice and metadata- Enable SRTP and SIP on TLS

All right - first, there's a protocol called Secure Real-time Transport Protocol (SRTP). If you are using a SIP service provider, check to see if they support SRTP. If you configure your own SIP server, make sure it supports SRTP.

SRTP can encrypt your data using AES - Advanced Encryption Standard. The keys on AES are 128 or 256 bits long, so it is almost impossible to crack them with today's computing power. So far there are no practical cracks for AES, neither in theory nor in practice, so it is very secure.

Grandstream provides an easy way to enable (and force) SRTP if it is supported by your SIP server. There are 4 policies to choose from - "No", "Enabled but not enforced", "Enabled and enforced" or "Optional".

However, SRTP only encrypts the voice portion of the VoIP. The other data is still transmitted in plain text if encryption is not enabled. Data such as the caller's name, number, and even username can be transmitted and intercepted.

To encrypt this data, you must enable SIP using TLS. If you have enabled SIP for TCP or UDP, this is not secure.

TLS (which replaces SSL) is widely used in Internet communications, such as browsing and email security. Grandstream also provides easy implementation of TLS certificate, private key and password, etc. through the web interface. By default, the UDP protocol is enabled on the system, but you can easily switch it to TLS.

VoIP is much more secure than analog - if VoIP Encryption is properly configured

Grandstream has your back. A well-configured system with SRTP and SIP over TLS can protect your data transmission. With strong AES encryption that has no known working attacks, and TLS for metadata, you can be sure your VoIP data is secure.

Read more →

Finding the right size of privacy filter

Admin Estimated Read Time: 2 Minutes
Your screen size is indicated by a single diagonal size without indicating the aspect ratio. This makes choosing the appropriate sized filter for your screen a bit more work than just specifying the diagonal size

Read more →

Samsung Changes Toner Packing

Admin Estimated Read Time: 1 Minutes
Samsung Electronics Co Ltd has changed the supplies part number , to comply with the UAEs new environmental Regulation.  According to samsung this change is not related to any different chip, onl

Read more →

Pantum Printers offer true value

Admin Estimated Read Time: 1 Minutes
A few years back, laser printers were a territory that most home users would mark as something that could be had for a higher upfront cost, but would offer privilege of low cost toners. Inkjets were p

Read more →

Lexmark Authorised Partner

Admin Estimated Read Time: 1 Minutes
In Recognition to our dedication and commitment, Lexmark awarded us the Authorized Premium Partner status. Now We have access to exclusive channel programs and promotions. For us, it's another special

Read more →