Weconex offers out-of-the-box TLS support for numerous SIP gateways. In addition to TLS, enterprise customers have the option to enable SRTP and encrypt the underlying RTP media (audio stream) to protect actual conversations – not just sip packet flow. Weconex is one of the few providers to offer full SRTP support on inbound DID number products – not just on the outbound leg of the call.
Secure SIP signalling
Transport Layer Security (TLS) is a cryptographic protocol that provides message security. As it relates to SIP, TLS protects SIP messages sent by your PBX or softphone with encryption. SIP headers contain your called and calling numbers and other authentication data. With TLS properly configured, these messages become impossible for the attacker or eavesdropper in the middle, to read or modify.
In addition to message security, with TLS turned on, VoIP can be unlocked on many mobile networks around the world that normally block SIP. Switching to TLS also solves some of the NAT issues inherent to internet access over 3G/LTE. In many non-deregulated, restrictive jurisdictions such as the Gulf states, use of TLS over non-standard port can unlock SIP calling in a heavily censored environment.
Available SRTP add-on to encrypt your audio traffic
The optional Secure Real-time Transport Protocol (SRTP) was developed by a team of cryptographic experts from Cisco and Ericsson, and published by the IETF in 2004. SRTP encrypts your RTP audio streams between your on-site IP PBX or Unified Communication platform and the regional Weconex gateway. Use of SRTP on the trunk ensures that no third parties are able to decrypt, modify or tamper with the audio stream during the call.
Weconex has hands-on experience with enterprise deployments based on SRTP for a diverse community of customers in many countries. Our Sales Engineering team is happy to assist with your new or planned Unified Communication project that requires transport security.
You can choose to only use TLS without SRTP (as in some Lync/Skype for Business setups when adding external SIP providers), or to use TLS and SRTP. FreeSWITCH supports SRTP via SDES. Asterisk 1.8 has native support for SRTP. Cisco CUBE, 3CX, Sonus, Genband and Avaya have their own implementations and can be configured to support SRTP. In addition to SRTP, clients can use a dedicated cross-connect at participating data centers such as Telecity AMS04 and One Wilshire. If you’re colocating your PBX with a hosting provider or running virtual PBX instances.