Traffic logging and VoIP encryption
For best practices, what traffic logging should be performed at firewalls? Is there an encryption for Voice over IP -- for example, to protect traffic from snooping on Internet?

    Requires Free Membership to View

    Login

    SearchUnifiedCommunications.com members gain immediate and unlimited access breaking industry news, expert advice on UC, technical guides, and more -- all at no cost. Join me on SearchUnifiedCommunications.com today!

    Kate Gerwig, Editorial Director

    By submitting your registration information to SearchUnifiedCommunications.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchUnifiedCommunications.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Typically best practices would entail traffic logging on ALL traffic coming through a perimeter firewall. Traffic of interest on the VoIP side would typically be User Datagram Protocol (UDP) traffic on port 5060 (SIP) and UDP traffic on the RTP ports opened on the perimeter firewall, typically 10000-30000. This is however a lot of information, so a log analyzer tool will probably be necessary.

Currently, there are a number of encryption technologies being proposed for VoIP by the Internet Engineering Task Force (IETF), the body which produces the documentation and recommendations for protocol design for the Internet. As typical Internet transmission of VoIP is accomplished through SIP, there are actually three protocols involved in the VoIP traffic: SIP, Session Description Protocol (SDP) and RTP. SIP and SDP are transmitted in cleartext over port 5060 and may be encrypted using Transport Layer Security (TLS) which some handsets and IP PBXs now support.

The media, which is transported using RTP, is where the standards are not yet fully developed. The two main contenders for this are Secure RTP (SRTP) and ZRTP, both of which utilize a variant of key exchange for encrypting the media stream. SRTP entails a separate key management system while ZRTP utilizes an in-band key exchange during the call setup. In other words, ZRTP is transparent to the user! However, neither of these proposals has gained widespread use in the vendor market, meaning you won't see many handsets supporting this yet.

This was first published in June 2006