Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Typical security for a voip network

Hi,

Someone told me (not a reliable source) that a co-worker decided to use a packet decoder to sniff the network. The person was able to save packets and replay data/voice converged conversations from people in the office using a packet decoder.

In order to protect data/voice traffic, do you think the typical solution would involve the deployment of IPSec to encrypt all data being transmitted accross the LAN?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Typical security for a voip network

Marlon,

Replay of RTP streams is entirely possible, this can in fact be done out of the box with the freeware app Ethereal. Cisco CallManager 4.x and above now support encryption for RTP traffic due to this. From a Service Provider standpoint, typically Frame Relay or MPLS is used and is generally accepted that IPSEC is not required overtop of them. As far as on the Internet, typically most VoIP for corporate use is encapsulated via IPSEC back to a HQ site.

Here is the link to the CCM security guide, which explains setting this up on CCM in more detail.

http://cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_book09186a00803c8c67.html

Please rate any helpful posts

Thanks

Fred

3 REPLIES

Re: Typical security for a voip network

Marlon,

Replay of RTP streams is entirely possible, this can in fact be done out of the box with the freeware app Ethereal. Cisco CallManager 4.x and above now support encryption for RTP traffic due to this. From a Service Provider standpoint, typically Frame Relay or MPLS is used and is generally accepted that IPSEC is not required overtop of them. As far as on the Internet, typically most VoIP for corporate use is encapsulated via IPSEC back to a HQ site.

Here is the link to the CCM security guide, which explains setting this up on CCM in more detail.

http://cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_book09186a00803c8c67.html

Please rate any helpful posts

Thanks

Fred

New Member

Re: Typical security for a voip network

Thanks.

As an analogy, I am wondering how the current analog phone lines (inside the company) could handle eavesdropping. Just curious. I guess that should be a question for my telco person...

Re: Typical security for a voip network

correct me if I am wrong, but in analog, someone actually has to "tap" into that copper pair for anyone to eavesdrop.

96
Views
0
Helpful
3
Replies