Sign in to follow this  
Followers 0
Kayara

VOIP-over-PSTN Security?

7 posts in this topic

How secure is VOIP-to-PSTN traffic? For example, if I send a fax to someone's VOIP number, what security practices do VOIP companies have in place to protect conidentiality? Does anyone have any educational resources?

-1

Share this post


Link to post
Share on other sites

How secure is VOIP-to-PSTN traffic? For example, if I send a fax to someone's VOIP number, what security practices do VOIP companies have in place to protect conidentiality? Does anyone have any educational resources?

How secure do you think it is? 100% open :)

VOIP has way more options with security than the PSTN, which is traditionally has no security practices.

-1

Share this post


Link to post
Share on other sites

How secure is VOIP-to-PSTN traffic? For example, if I send a fax to someone's VOIP number, what security practices do VOIP companies have in place to protect conidentiality? Does anyone have any educational resources?

It depends on your VoIP provider. There are some encryption protocols which can secure the data portion of the call, providing endpoint to service provide protection, however at the point it drops onto the PSTN it is as 'in the clear' as any other normal phone call.

For most free, or low cost consumer services I would expect the security to be little to none. However it is worth noting that the 'voice stream' generally (not always) travels directly between the end-points, so applications like Zphone (http://zfoneproject.com/) can successfully encrypt VoIP calls. Zphone acts a 'bump in the wire', and auto-magically inserts itself in the network stack of your computer, and has been ported to some devices.

In terms of sending a fax from (say) your scanner to a remove VoIP based number, you may be able to provide some level of encryption. If you are using a remote service, I suspect there would be no encryption applied.

Cheers,

Mungewell.

0

Share this post


Link to post
Share on other sites

How secure is VOIP-to-PSTN traffic? For example, if I send a fax to someone's VOIP number, what security practices do VOIP companies have in place to protect conidentiality? Does anyone have any educational resources?

It depends on your VoIP provider. There are some encryption protocols which can secure the data portion of the call, providing endpoint to service provide protection, however at the point it drops onto the PSTN it is as 'in the clear' as any other normal phone call.

For most free, or low cost consumer services I would expect the security to be little to none. However it is worth noting that the 'voice stream' generally (not always) travels directly between the end-points, so applications like Zphone (http://zfoneproject.com/) can successfully encrypt VoIP calls. Zphone acts a 'bump in the wire', and auto-magically inserts itself in the network stack of your computer, and has been ported to some devices.

In terms of sending a fax from (say) your scanner to a remove VoIP based number, you may be able to provide some level of encryption. If you are using a remote service, I suspect there would be no encryption applied.

Cheers,

Mungewell.

security between VoIP vs PSTN....

any one with a screw driver and alligator clips can access any line that they have physical access to on the PSTN...

with VoIP i am sure that there are methods to wiretap the line electronically... but the amount of people with the knowledge and skill are greatly reduced...

0

Share this post


Link to post
Share on other sites

How secure is VOIP-to-PSTN traffic? For example, if I send a fax to someone's VOIP number, what security practices do VOIP companies have in place to protect conidentiality? Does anyone have any educational resources?

It depends on your VoIP provider. There are some encryption protocols which can secure the data portion of the call, providing endpoint to service provide protection, however at the point it drops onto the PSTN it is as 'in the clear' as any other normal phone call.

For most free, or low cost consumer services I would expect the security to be little to none. However it is worth noting that the 'voice stream' generally (not always) travels directly between the end-points, so applications like Zphone (http://zfoneproject.com/) can successfully encrypt VoIP calls. Zphone acts a 'bump in the wire', and auto-magically inserts itself in the network stack of your computer, and has been ported to some devices.

In terms of sending a fax from (say) your scanner to a remove VoIP based number, you may be able to provide some level of encryption. If you are using a remote service, I suspect there would be no encryption applied.

Cheers,

Mungewell.

security between VoIP vs PSTN....

any one with a screw driver and alligator clips can access any line that they have physical access to on the PSTN...

with VoIP i am sure that there are methods to wiretap the line electronically... but the amount of people with the knowledge and skill are greatly reduced...

codenomicron does require rather deep pockets...

0

Share this post


Link to post
Share on other sites

I wonder how widely-used ZRTP from ZPhone really is.

As for PSTN security, the likelihood of someone clipping on to my specific PSTN line (or that of the recipient) at the exact moment I send the sensitive data is very low.

My concern is that with VOIP-to-PSTN (or PSTN-to-VOIP) traffic, the VOIP side of things would be more vulnerable since it goes through the public Internet. Still, there's something to be said for the idea that intercepting VOIP traffic might require more skill and different resources than, say, intercepting email traffic on the Internet (excluding open wifi). Perhaps I trust VOIP less because it is newer technology. Most businesses openly talk about their https, SSL-encrypted Web sites, but say nothing about their phone calls and fax security practices.

0

Share this post


Link to post
Share on other sites

I wonder how widely-used ZRTP from ZPhone really is.

As for PSTN security, the likelihood of someone clipping on to my specific PSTN line (or that of the recipient) at the exact moment I send the sensitive data is very low.

My concern is that with VOIP-to-PSTN (or PSTN-to-VOIP) traffic, the VOIP side of things would be more vulnerable since it goes through the public Internet. Still, there's something to be said for the idea that intercepting VOIP traffic might require more skill and different resources than, say, intercepting email traffic on the Internet (excluding open wifi). Perhaps I trust VOIP less because it is newer technology. Most businesses openly talk about their https, SSL-encrypted Web sites, but say nothing about their phone calls and fax security practices.

If it's a MiTM attack, intercepting the VoIP traffic is pretty trivial. For example, Wireshark now days has a entire section for VoIP analysis. It also depends on if the VoIP-Fax gateway supports T.38 for fax, which might actually make it even easier. Sure, it _can_ be secured (SRTP, etc), but i've not seen providers who offer those features.

Also, I'm not sure if things like SRTP apply if T.38 is used. SRTP is fine if you're doing faxes the "old" way (really doing modulation/demodulation), but probably don't apply to T.38. Then theres the matter that SRTP doesn't handlding the signaling (I'm assuming SIP is used). So that might be open for interception. So, don't forget TLS for SIP! .. Anyways, just some random thoughts.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0