Are VoIP calls secure and can the call be encrypted?

Why VoIP security matters?
Now that VoIP is gaining wide acceptance and becoming one of the mainstream communication technologies with its various pros, an attacker would love to exploit your VoIP network when you’re not looking. Security is becoming essential to every business. Your VoIP security can be hacked easily no matter you have a large organization or a small business. Businesses make and receive confidential phone calls all the time, with confidential details among some of the sensitive data users share. A disruption to your phone system would be nothing short of catastrophic.
Can VoIP be hacked?
There are some common VoIP security threats.
Toll Fraud
A common attack against business phone systems where the malicious agent attempts to gain access to your long-distance, toll-bearing trunks. If the attacker is able to make calls using your long-distance account, they can make calls for free, while you are left liable for the fees.
Phone System Exploitation
Hackers can gain access to a phone system via endpoints by either exploiting vulnerabilities in the unprotected system or using software to crack the system administrator’s credentials. These credentials give unlimited access to system functionality and stored information.
Denial of Service (DoS)
An attack which compromises your system in such a way that it is inaccessible to users. DoS attacks can target specific services such as access to remote UC features and the ability to dial out trunks – or even bring down your entire system.
Social Engineering
A social engineering attack occurs when a malicious agent is able to gain access to your system by fraudulently networking with your staff. For example, an attacker may pretend to be a member of your IT department in order to obtain network or endpoint access.
Man in the Middle
This attack occurs when your encrypted traffic is intercepted. While your services appear to be working normally, if the attacker can intercept authentication credentials, they can use this information to perform a DoS or Toll Fraud attack or gain access to privileged information.
Is VoIP secure?
So, is VoIP secure? Yes, VoIP can be secure. In fact, VoIP can be more secure than traditional telephony. However, depending upon your provider’s set up and your own, some VoIP calls may be more secure than others.
Are VoIP calls encrypted?
There are the ways for VoIP encryption.
VoIP call encryption uses Transport Layer Security (TLS) and Secure Real-time Transport Protocol (SRTP). These VoIP protocols work together to establish high-grade security in every call.
All IP-PBX and VoIP communications must have some in-built encryption so that your communication and collaboration setup is all the more reliable, strengthened and most importantly, secure.
Ask your VoIP provider about call encryption to ensure your SIP devices can use TLS and SRTP.
Let us have a look at two ways of VoIP encryption:
1 .One option is SIP Signaling Encryption using Transport Layer Security (TLS). With this setup, all the information is passed on from the client to the server. TLS which needs a secure certificate to identify each side, is used here for SIP signaling payload encryption.
2. SRTP (Secure Real-Time Transport Protocol) is the secure version of RTP. It is used to deliver audio and video over IP protocol with encryption, message authentication and integrity. To strengthen the security and VoIP encryption methods, TLS should be used with SRTP on all VoIP systems. This ensures SIP signaling and voice/video sessions are end-to-end encrypted and safe from any malicious activity.
How we reduce the risks in the New Rock VoIP gateway setting?

1. Pay attention to alerts and alarm levels on device (HX4G,MX8G,MX60E and MX120G)web GUI. The administrator can see the total number of security incidents after logging in the device, click the Basic > Alarms to view the details. After confirmation, the entry will not be displayed.

2. Change the default Web password for the device.
Note: The operator password cannot be the same as the administrator password.
3. Change the default SIP port for the device.
4. Check the anti-brute force mechanism including CAPTCHA for logging into Web GUI limiting the number of login attempts, and access whitelist of trusted IP addresses.
Main manifestation: The same attack source IP address are made to the Web GUI or SSH in a short time. The IP addresses whose login attempts exceeding the specified limit will be added to the locked IP address list with the locked time which can be set by minute or hour or day.
5. Disable the Telnet and SSH services on the device.
Note: You need to set root and operator password to access SSH.
6. Block the inbound Ping request on the device.
Note: Ping is allowed by factory default but it is recommended to change, as the hacker could trigger an attack if he detects an address.
7. Added restrictions on special number of roads.
8. Let the operator open only those international call areas that need to be opened.
9. Check the voice security configuration
Note: When the gateway cannot call outside, first check whether the connection is normal（as long as there is a FXO connection, the defense mechanism is effective) , then examine the configuration.
10. Set the access whitelist.
11 .Change the http and https port.
12. Configure static defense.
Notes: ①Multiple rules can be added and working from the top down.
②Individual IP address of IP address segments can be configured but domain names are not supported.
③Configuration protocol types are optional including TCP,UDP and any.
④The local port can be configured in the range 0~65535.
13. Configure dynamic defense.
14. Enable TLS and SRTP encryption.
Notes: There must be a supported device or soft switch in the environment.
It is recommended to force TLS encrypted signaling and SRTP encrypted voice to be selected and to be checked/enabled on the line because it is disabled by default.
15. Establish a VPN connection.