VoIP Security
341
SECURITY SUPPORT WITH MITEL VOIP
A number of devices in the Mitel IP product range now include additional security measures.
These include:
•
Encryption of voice and signalling payload data
•
Network Access Authentication (802.1X)
Encryption is used to “hide” the information that is carried in the payload from unauthorized
users and applications.
Network access authentication is a method to restrict connections to the network, or guide the
device to particular parts of the network.
DATA ENCRYPTION
Encryption hides both the signalling information and the voice streaming. The network
connection, or path, remains the same whether the data in the payload is secured or not. Both
secure and non-secure devices use the same network paths to establish voice connections.
Although quite complex, data encryption involves two main aspects. These are:
•
key exchange
•
data encryption and decryption
Encryption scrambles the data using the available key information such that it cannot be easily
read and decoded by a third party. Only the endpoints have the necessary key information to
encode and decode the data correctly. The method used to pass this key information between
endpoints is known as the key exchange.
There are a number of standard methods to encrypt data. These are very secure in their coding,
and have been field tested over a number of years with critical information such as financial
and personal data. From a user view, all that is important is to know is that the data is secured.
The method used to encrypt the data is negotiated by the endpoints. If one or both of the
endpoints do not support encryption, the connection may still be established, but will be
unsecured. That is, a voice call can still be established with equipment that doesn’t support
encryption methods.
BANDWIDTH CONSIDERATIONS (VOICE AND SIGNALLING
ENCRYPTION)
The secure connection uses data encryption to modify the contents of the payload so that
someone collecting data packets will be unable to read the contents. It doesn’t modify the
contents of the IP header, since this is still needed to pass data over the existing Layer 3 routers
and Layer 2 network switches. If the headers were also encrypted, then every router in the path
would need to know how to decipher the information.
The data in the payload is intended for a particular application. It is the application that knows
how to decode the information. For the Voice over IP application, this payload contains the
signalling information or voice streaming.
Summary of Contents for MiVOICE BUSINESS
Page 1: ...Mitel MiVoice Business RELEASE 7 2 ENGINEERING GUIDELINES ...
Page 15: ...Chapter 1 ABOUT THIS DOCUMENT ...
Page 16: ......
Page 22: ...Engineering Guidelines 8 ...
Page 23: ...Chapter 2 SYSTEM OVERVIEW ...
Page 24: ......
Page 28: ...Engineering Guidelines 14 ...
Page 29: ...Chapter 3 TYPICAL CONFIGURATIONS ...
Page 30: ......
Page 73: ...Chapter 4 PHONES AND VOICE APPLICATIONS ...
Page 74: ......
Page 95: ...Phones and Voice Applications 81 Figure 9 ICP Connection Paths and Limitations ...
Page 100: ...Engineering Guidelines 86 ...
Page 101: ...Chapter 5 POWER ...
Page 102: ......
Page 128: ...Engineering Guidelines 114 ...
Page 129: ...Chapter 6 PERFORMANCE ...
Page 130: ......
Page 135: ...Chapter 7 APPLICATIONS ...
Page 136: ......
Page 142: ...Engineering Guidelines 128 ...
Page 143: ...Chapter 8 EMERGENCY SERVICES ...
Page 144: ......
Page 151: ...Chapter 9 IP NETWORKING ...
Page 152: ......
Page 167: ...Chapter 10 LICENSING ...
Page 168: ......
Page 183: ...Chapter 11 BANDWIDTH CODECS AND COMPRESSION ...
Page 184: ......
Page 209: ...Chapter 12 NETWORK CONFIGURATION CONCEPTS ...
Page 210: ......
Page 244: ...Engineering Guidelines 230 ...
Page 245: ...Chapter 13 NETWORK CONFIGURATION SPECIFICS ...
Page 246: ......
Page 309: ...Appendix A CAT 3 WIRING ...
Page 310: ......
Page 315: ...CAT 3 Wiring 301 Figure 55 CX MX MXe AX and LX Minimum Cable Standard ...
Page 316: ...Engineering Guidelines 302 ...
Page 317: ...Appendix B INSTALLATION EXAMPLES ...
Page 318: ......
Page 335: ...Appendix C LLDP AND LLDP MED CONFIGURATION EXAMPLES ...
Page 336: ......
Page 347: ...Appendix D VOIP AND VLANS ...
Page 348: ......
Page 353: ...Appendix E VOIP SECURITY ...
Page 354: ......
Page 381: ... ...