Login Register

Security

Controlling who can access what information and who has to stay out can be achieved with these features.

  • TLS and SRTP. Calls can be encrypted using TLS and SRTP. The PBX uses a PKI infrastructure based on X.509 certificates to set up trust relationships. The same mechanisms are used to secure the traffic to the built-in web server.
  • Intrusion detection. Automatic intrusion detection puts IP addresses on a list of denied access for a certain time, dramatically reducing the risk of brute-force password attacks gaining access to the system. Addresses can be explicitly approved on a net mask basis to avoid false alarms.
  • Strict password requirements. The strongest security mechanisms are useless when users use weak passwords or don't use passwords at all. A programmable password policy can filter user passwords from the web interface to avoid trivial passwords.
  • Built-in certificates. Provisioning of snom phones can be secured to use the built-in certificates of selected snom phones.
  • File system encryption. User passwords are encrypted on the file system, so that even when someone should gain file system access there are no plain text passwords on file.

More information can be found on the security whitepaper.

Privacy

In areas where sensitive information needs to be exchanged over the phone, privacy has become a major concern in VoIP. In principle, it can be ensured in two ways:

Using a PKI-based trust network. In most cases, it is reasonable to encrypt the packet based on certificates and private keys, which are stored on the server and on the endpoints. It works well when you are able to keep the private key safe.

Using end-to-end encryption. In this case only the endpoints for the communication are involved in the encryption. The PBX will not be able to decode the packets, for example for recording the call.

What is ZRTP?

ZRTP negotiates the security parameters for a call not through the SIP packets, but through the media stream itself. It uses a clever trick that the persons have to read out a short text in their own voice, which is difficult for someone who would intercept the conversation.

How does Vodia support ZRTP?

The Vodia PBX detects ZRTP packets in the RTP stream and passes them through to the other side of the call. Then it is up to the involved endpoints to set up a ZRTP encrypted media stream. There are several ZRTP soft phones available for various platforms, for example Linphone or CSipSimple that work with the Vodia PBX.

Vodia offers a special firmware version for VoIP phones. Because those devices are not running any other software except the VoIP phone software itself, customers can be sure that there is no malware running on the device. This can be extremly important when highly sensitive information needs to be echanged over the phone.

© 2015 Vodia Networks Inc. All rights reserved.