Featured Articles from IP Phones
5 Solutions to Security Challenges in IP Communications
Confidentiality and security are absolute business priorities – particularly when important legal details are being discussed on open phone lines.
Fortunately, this no longer needs to be a problem. Cost-effective solutions are available, even when using ordinary IP phones. Yealink (News - Alert) has studied the problem carefully and has the right answers.
Whether you want to install an IP Communication system that is hosted, or one that is cloud-based, help is now at hand. But first you need to understand how your potentially vulnerable data can be hacked by undesirable third parties.
Four different types of security breaches occur thousands of times around the world every day: phone privacy, eavesdropping, phone attack and toll fraud.
- Phone (News - Alert) privacy – Without precautions, it is very easy for outsiders to access your call logs, steal your contacts and know which international numbers you have been calling. All without your permission!
- Eavesdropping – A private call must remain a private call. Important sensitive information is often exchanged. Allowing intruders to hack into private conversations is unacceptable. Even the thought that someone else might be listening destroys confidence. It can interrupt crucial conversations and introduce suspicion and mistrust.
- Phone attack – Open APIs make it easy to deliberately attack phones. This can be prevented.
- Toll fraud – Hackers can steal SIP credentials and then make fraudulent calls at your expense. Don’t worry. There is an easy solution, if you use the right phones and network set-up.
Yealink is a global SIP phone provider that has invested very heavily into making security a number one priority for all modern international businesses.
Many years of R&D have resulted in a turnkey Yealink solution that solves all four threats simultaneously from the following five different aspects.
1. Network Access
Security here is maximized by having two Ethernet ports on your phone – one for SIP, the other for PC. If intruders do manage to access your intranet through the PC port of a lobby/conference phone, how does Yealink prevent them from copying confidential data?
Yealink’s 802.1XEAP-MD5/TLS/MDA (News - Alert) can permit or deny network connectivity, depending on the identity of the end-user or device. Only company staff members are allowed to access the intranet.
But how does Yealink guarantee voice quality when transmitted through the Internet?
The answer is that we employ QoS technology. This allows an IP phone to join voice VLAN and a PC to join data VLAN. QoS technology provides three major benefits.
The first guarantees voice quality as a high priority with adequate bandwidth. The second makes sure the phone works well, even if a network storm happens in data VLAN. The last is that no illegal modification to the phone’s configuration can be made through data VLAN.
For overseas companies, building up low-cost VPN connections with remote staff is also troublesome. Yealink provides phones with a built-in VPN client to bring you a secure, low-cost remote connection.
2. Security in Conversation Protection
Stopping hackers from capturing business contact information is crucial. In SIP endpoints, there are 2 core steps to take when establishing a conversation. The first is signaling negotiation which controls contact information. The second is media control which controls the voice/video transmission. Yealink tackles the problem from both sides.
For signaling security, we use SIP over TLS to authenticate contact identities of the two parties and to encrypt the SIP signaling message. For media security, we use SRTP. This is a RFC standard to secure the conversation. SRTP can encrypt voice/video data. All that the hackers can hear is ‘white’ noise!
3. Privacy Security
Invasion of privacy is an unpleasant experience. Yealink’s specially designed phone lock means that with one touch you can secure your phone when away from your desk. Your contact information is safe! To unlock the phone, simply enter your PIN.
Yealink’s accessory, Kensington Lock, has proved to be a useful solution for lobby or conference phones. Simply lock down the phones and no one can remove or steal them.
4. Provisioning Security
Files that configuration SIP credentials are easy to intercept when provisioning phones. Yealink uses HTTPS technology to tackle this problem.
HTTPS mutual authentication installed in IP phones is a perfect solution. The HTTPS checks bi-directional authentication from phone to server using a SSL/Verisign certificate. Phones and servers can then trust each other and transmit configuration files securely by encrypting data through the AES key.
Yealink provides another alternative to secure provisioning for those who don’t use HTTPS. This is encrypting config files. By simply using a small encryption tool, you can enter a random AES key 2 to encrypt the config files. You then have the reassurance that files are in a safe state.
There are two main ways to develop applications. The first is open APIs called Action URI/URL. This is an http-based CTI protocol. Through Action URI, people can click to dial through Outlook. XML browser is another useful API. This can be used to develop additional applications, such as Google (News - Alert) weather, stock information, customization display and phone configurations.
APIs are easily attacked by hackers. To ensure security, Yealink supplies a dual security guarantee solution. Your trusted phone IP list only accepts CTI control from trusted PC/servers. When any server tries to control the phone, an “Allow Remote Control” warning pops up. With this dual security control feature, no one except the user can control your phone without your permission.
It’s worth taking a moment to review, from a network layer perspective, Yealink’s solutions for today’s most common IP communication security challenges. On a network layer, we implement 802.1X/VLAN/VPN/PC port disabling. On an IP network layer, we use SRTP/TLS/Digest authentication. On an application layer, we use HTTPS/Trusted list/Encryption.
With these multiple solutions, Yealink effectively stops users from becoming victims of privacy invasion. At the same time, we ensure that communications run smoothly.
Users can talk freely and confidentially, knowing for certain that no one is able to intercept their business communications.
Edited by Alisen Downey