|
Typically best practices would entail traffic logging on ALL traffic coming through a perimeter firewall. Traffic of interest on the VoIP side would typically be User Datagram Protocol (UDP) traffic on port 5060 (SIP) and UDP traffic on the RTP ports opened on the perimeter firewall, typically 10000-30000. This is however a lot of information, so a log analyzer tool will probably be necessary.
Currently, there are a number of encryption technologies being proposed for VoIP by the Internet Engineering Task Force (IETF), the body which produces the documentation and recommendations for protocol design for the Internet. As typical Internet transmission of VoIP is accomplished through SIP, there are actually three protocols involved in the VoIP traffic: SIP, Session Description Protocol (SDP) and RTP. SIP and SDP are transmitted in cleartext over port 5060 and may be encrypted using Transport Layer Security (TLS) which some handsets and IP PBXs now support.
The media, which is transported using RTP, is where the standards are not yet fully developed. The two main contenders for this are Secure RTP (SRTP) and ZRTP, both of which utilize a variant of key exchange for encrypting the media stream. SRTP entails a separate key management system while ZRTP utilizes an in-band key exchange during the call setup. In other words, ZRTP is transparent to the user! However, neither of these proposals has gained widespread use in the vendor market, meaning you won't see many handsets supporting this yet.
|
