- Release & Upgrade
- OM50G V177 P2.2
- OM20G V177 P2.2
- Wewei
- NeeHau Client V2.0.0.23 (with OM20/20G/50/50G)
- OM20G V177 P2
- OM50G V177 P2
- OM80E V177 P3
- OM200G V177 P3
- MX8G V367
- HX4G V367
- FAQ
- Analog VoIP adapter
- Can voip phones be used at home?
- Are VoIP calls secure and can the call be encrypted?
- How SIP works in the VoIP Gateway
- General
- Network and Improper Operation
- Configurations
- Voice Quality
- Firmware Upgrade
- Application Notes
- How to Integrate MX Gateway with OM IP-PBX
- Interconnect Two PBXs with FXO Gateways
- Interconnect Two or More Extension Lines with FXS Gateways
- Connecting MX100G-S SIP-ISDN Gateway to Elastix
- Connecting MX100G-S SIP-ISDN Gateway to Asterisk
- Expanding PBX Extensions to Remote Sites through IP Network
- Multi-site Configuration for Gateways with Analog PBX
- How to Troubleshoot Caller ID Detection Issues on FXO Port
- Security Configuration Guide for New Rock OM Series IP-PBX
- Connecting FXO Gateway to Asterisk
- Connecting FXO Gateway to Elastix
- Tie Trunk Configuration for OM with Elastix
- Training Materials
- What is VoIP gateway?
- What’s the Difference between VoIP Gateway and SIP Trunk?
- Smart Switchboard Introduces Exclusive Premium Customer Services
- What's the Difference Between VoIP Gateway and ATA?
- What's the Difference Between VoIP gateway and SBC?
- New Rock’s New Gateway Security measures
- Global VoIP Gateway Service Provider
- How to Setup VoIP Gateway - A Complete Installation Guide
- What is HX&MX VoIP Gateway Default Password?
- Auto Provisioning
- Six Practices for Audio Security
- “PSTN failover” - Strong Support for High-availability IP Audio Communications
- New Rock IP-PBX: Your All-In-One IP Office Telephony System
- Connecting E1/T1-Based PBX to IP Telephony Networks
- Popular IP-PBX Features Favored by Highly Efficient Officers
- Five-star Customer Services
- Top Three Advantages of Gateways with Imbedded VPN Clients
- Low-Cost, High-Quality Gateway
- Smart FoIP
- Two Typical Applications for Telephone Networks
- IPv6’s Top Three Advantages in VoIP Applications
- MX100G-S SIP-ISDN Trunking Gateway Training
- MX Series VoIP Gateway Training
- Installation & Maintenance
- IP-PBX Installation (Video)
- OM20G&OM50G Quick Installation Guide
- OM80E Quick Start Guide
- OM200G Quick Start Guide
- OM500 Quick Installation Guide
- HX4G&MX8G Quick Reference Guide
- MX60E Quick Installation Guide
- MX120G Quick Installation Guide
- MX100G-S Quick Start Guide
- SX3000 Quick Installation Guide
- PT2400 Quick Installation Guide
- PT4800 Quick Installation Guide
Are VoIP calls secure and can the call be encrypted?
Update Time:2020-08-04 11:23:36 Browse Times:569 Amount Downloads:1
Why VoIP security matters?
Now that VoIP is gaining wide acceptance and becoming one of the mainstream communication technologies with its various pros, an attacker would love to exploit your VoIP network when you’re not looking. Security is becoming essential to every business. Your VoIP security can be hacked easily no matter you have a large organization or a small business. Businesses make and receive confidential phone calls all the time, with confidential details among some of the sensitive data users share. A disruption to your phone system would be nothing short of catastrophic.
Can VoIP be hacked?
There are some common VoIP security threats.
Toll Fraud
A common attack against business phone systems where the malicious agent attempts to gain access to your long-distance, toll-bearing trunks. If the attacker is able to make calls using your long-distance account, they can make calls for free, while you are left liable for the fees.
Phone System Exploitation
Hackers can gain access to a phone system via endpoints by either exploiting vulnerabilities in the unprotected system or using software to crack the system administrator’s credentials. These credentials give unlimited access to system functionality and stored information.
Denial of Service (DoS)
An attack which compromises your system in such a way that it is inaccessible to users. DoS attacks can target specific services such as access to remote UC features and the ability to dial out trunks – or even bring down your entire system.
Social Engineering
A social engineering attack occurs when a malicious agent is able to gain access to your system by fraudulently networking with your staff. For example, an attacker may pretend to be a member of your IT department in order to obtain network or endpoint access.
Man in the Middle
This attack occurs when your encrypted traffic is intercepted. While your services appear to be working normally, if the attacker can intercept authentication credentials, they can use this information to perform a DoS or Toll Fraud attack or gain access to privileged information.
Is VoIP secure?
So, is VoIP secure? Yes, VoIP can be secure. In fact, VoIP can be more secure than traditional telephony. However, depending upon your provider’s set up and your own, some VoIP calls may be more secure than others.
Are VoIP calls encrypted?
There are the ways for VoIP encryption.
VoIP call encryption uses Transport Layer Security (TLS) and Secure Real-time Transport Protocol (SRTP). These VoIP protocols work together to establish high-grade security in every call.
All IP-PBX and VoIP communications must have some in-built encryption so that your communication and collaboration setup is all the more reliable, strengthened and most importantly, secure.
Ask your VoIP provider about call encryption to ensure your SIP devices can use TLS and SRTP.
Let us have a look at two ways of VoIP encryption:
1 .One option is SIP Signaling Encryption using Transport Layer Security (TLS). With this setup, all the information is passed on from the client to the server. TLS which needs a secure certificate to identify each side, is used here for SIP signaling payload encryption.
2. SRTP (Secure Real-Time Transport Protocol) is the secure version of RTP. It is used to deliver audio and video over IP protocol with encryption, message authentication and integrity. To strengthen the security and VoIP encryption methods, TLS should be used with SRTP on all VoIP systems. This ensures SIP signaling and voice/video sessions are end-to-end encrypted and safe from any malicious activity.
How we reduce the risks in the New Rock VoIP gateway setting?
Note: The operator password cannot be the same as the administrator password.
3. Change the default SIP port for the device.
4. Check the anti-brute force mechanism including CAPTCHA for logging into Web GUI limiting the number of login attempts, and access whitelist of trusted IP addresses.
Main manifestation: The same attack source IP address are made to the Web GUI or SSH in a short time. The IP addresses whose login attempts exceeding the specified limit will be added to the locked IP address list with the locked time which can be set by minute or hour or day.
5. Disable the Telnet and SSH services on the device.
Note: You need to set root and operator password to access SSH.
6. Block the inbound Ping request on the device.
Note: Ping is allowed by factory default but it is recommended to change, as the hacker could trigger an attack if he detects an address.
7. Added restrictions on special number of roads.
8. Let the operator open only those international call areas that need to be opened.
9. Check the voice security configuration
Note: When the gateway cannot call outside, first check whether the connection is normal(as long as there is a FXO connection, the defense mechanism is effective) , then examine the configuration.
10. Set the access whitelist.
11 .Change the http and https port.
12. Configure static defense.
Notes: ①Multiple rules can be added and working from the top down.
②Individual IP address of IP address segments can be configured but domain names are not supported.
③Configuration protocol types are optional including TCP,UDP and any.
④The local port can be configured in the range 0~65535.
13. Configure dynamic defense.
14. Enable TLS and SRTP encryption.
Notes: There must be a supported device or soft switch in the environment.
It is recommended to force TLS encrypted signaling and SRTP encrypted voice to be selected and to be checked/enabled on the line because it is disabled by default.
15. Establish a VPN connection.
Now that VoIP is gaining wide acceptance and becoming one of the mainstream communication technologies with its various pros, an attacker would love to exploit your VoIP network when you’re not looking. Security is becoming essential to every business. Your VoIP security can be hacked easily no matter you have a large organization or a small business. Businesses make and receive confidential phone calls all the time, with confidential details among some of the sensitive data users share. A disruption to your phone system would be nothing short of catastrophic.
Can VoIP be hacked?
There are some common VoIP security threats.
Toll Fraud
A common attack against business phone systems where the malicious agent attempts to gain access to your long-distance, toll-bearing trunks. If the attacker is able to make calls using your long-distance account, they can make calls for free, while you are left liable for the fees.
Phone System Exploitation
Hackers can gain access to a phone system via endpoints by either exploiting vulnerabilities in the unprotected system or using software to crack the system administrator’s credentials. These credentials give unlimited access to system functionality and stored information.
Denial of Service (DoS)
An attack which compromises your system in such a way that it is inaccessible to users. DoS attacks can target specific services such as access to remote UC features and the ability to dial out trunks – or even bring down your entire system.
Social Engineering
A social engineering attack occurs when a malicious agent is able to gain access to your system by fraudulently networking with your staff. For example, an attacker may pretend to be a member of your IT department in order to obtain network or endpoint access.
Man in the Middle
This attack occurs when your encrypted traffic is intercepted. While your services appear to be working normally, if the attacker can intercept authentication credentials, they can use this information to perform a DoS or Toll Fraud attack or gain access to privileged information.
Is VoIP secure?
So, is VoIP secure? Yes, VoIP can be secure. In fact, VoIP can be more secure than traditional telephony. However, depending upon your provider’s set up and your own, some VoIP calls may be more secure than others.
Are VoIP calls encrypted?
There are the ways for VoIP encryption.
VoIP call encryption uses Transport Layer Security (TLS) and Secure Real-time Transport Protocol (SRTP). These VoIP protocols work together to establish high-grade security in every call.
All IP-PBX and VoIP communications must have some in-built encryption so that your communication and collaboration setup is all the more reliable, strengthened and most importantly, secure.
Ask your VoIP provider about call encryption to ensure your SIP devices can use TLS and SRTP.
Let us have a look at two ways of VoIP encryption:
1 .One option is SIP Signaling Encryption using Transport Layer Security (TLS). With this setup, all the information is passed on from the client to the server. TLS which needs a secure certificate to identify each side, is used here for SIP signaling payload encryption.
2. SRTP (Secure Real-Time Transport Protocol) is the secure version of RTP. It is used to deliver audio and video over IP protocol with encryption, message authentication and integrity. To strengthen the security and VoIP encryption methods, TLS should be used with SRTP on all VoIP systems. This ensures SIP signaling and voice/video sessions are end-to-end encrypted and safe from any malicious activity.
How we reduce the risks in the New Rock VoIP gateway setting?
1. Pay attention to alerts and alarm levels on device (HX4G,MX8G,MX60E and MX120G)web GUI. The administrator can see the total number of security incidents after logging in the device, click the Basic > Alarms to view the details. After confirmation, the entry will not be displayed.
2. Change the default Web password for the device.Note: The operator password cannot be the same as the administrator password.
3. Change the default SIP port for the device.
4. Check the anti-brute force mechanism including CAPTCHA for logging into Web GUI limiting the number of login attempts, and access whitelist of trusted IP addresses.
Main manifestation: The same attack source IP address are made to the Web GUI or SSH in a short time. The IP addresses whose login attempts exceeding the specified limit will be added to the locked IP address list with the locked time which can be set by minute or hour or day.
5. Disable the Telnet and SSH services on the device.
Note: You need to set root and operator password to access SSH.
6. Block the inbound Ping request on the device.
Note: Ping is allowed by factory default but it is recommended to change, as the hacker could trigger an attack if he detects an address.
7. Added restrictions on special number of roads.
8. Let the operator open only those international call areas that need to be opened.
9. Check the voice security configuration
Note: When the gateway cannot call outside, first check whether the connection is normal(as long as there is a FXO connection, the defense mechanism is effective) , then examine the configuration.
10. Set the access whitelist.
11 .Change the http and https port.
12. Configure static defense.
Notes: ①Multiple rules can be added and working from the top down.
②Individual IP address of IP address segments can be configured but domain names are not supported.
③Configuration protocol types are optional including TCP,UDP and any.
④The local port can be configured in the range 0~65535.
13. Configure dynamic defense.
14. Enable TLS and SRTP encryption.
Notes: There must be a supported device or soft switch in the environment.
It is recommended to force TLS encrypted signaling and SRTP encrypted voice to be selected and to be checked/enabled on the line because it is disabled by default.
15. Establish a VPN connection.
Leave a Comment Fill in your info. and we're ready to answer your questions. | |
We will do our best to contact you as soon as possible. In the meantime, please email us or contact a New Rock partner for more information.
Thank you for your interest in New Rock.
Thank you for your interest in New Rock.
- Support
- Release & Upgrade
- FAQ
- Application Notes
- Training Materials
- Demo
- Installation & Maintenance
- Others
- Videos
- Contact Us
+86 21-61202700
global@newrocktech.com
5/F Block B, Building 1,No.188 Pingfu Road,
Xuhui District, Shanghai
200231, China
Copyright © New Rock Technologies, Inc. All Rights Reserved.