SIP over the internet
-
@Dashrender said:
OK so the option is out there...
Besides @thecreativeone91 does anyone else use it?
What about encrypting when sending SIP to the endpoints (phones)?
This adds a lot of complexity and really depends on the scenario. If you want to send to mobile endpoints it gets difficult - one of the reasons that I'm looking forward to Pertino on smart phones. If you have a static office, using IP locking covers most of the bases.
-
@Dashrender said:
That may or may not be true, but for my purposes let's assume my endpoints will connect over the internet.
Like anything, it depends on your scenario. What is it you are attempting to protect against?
-
Eavesdropping.
-
@Dashrender said:
Eavesdropping.
If that is an actual concern, then you need to encrypt. In general, that's not a very reasonable concern. If it is a requirement for healthcare or other that goes beyond traditional phones, then you'd need that.
Let me ask this.... how have you handled this in the past with traditional phones since those are dramatically easier to eaves drop onto?
-
And if you didn't do it in the past, why do you feel that you should now after introducing SIP which provides a small amount of additional protection against eaves dropping?
-
@scottalanmiller said:
@Dashrender said:
Eavesdropping.
If that is an actual concern, then you need to encrypt. In general, that's not a very reasonable concern. If it is a requirement for healthcare or other that goes beyond traditional phones, then you'd need that.
Let me ask this.... how have you handled this in the past with traditional phones since those are dramatically easier to eaves drop onto?
You've eluded to this before when it comes to faxes, how is it so much easier to eaves drop on traditional phone lines vs VOIP traffic?
How is VOIP at all more secure than PSTN? -
@Dashrender said:
@thanksajdotcom said:
@Dashrender said:
OK so the option is out there...
Besides @thecreativeone91 does anyone else use it?
What about encrypting when sending SIP to the endpoints (phones)?
If you're going to encrypt and it's a fully hosted PBX, you'd want encryption everywhere. If it's an on-premise, no need to encrypt internal traffic, obviously.
That may or may not be true, but for my purposes let's assume my endpoints will connect over the internet.
Which is what I figured. If you're encrypting one but not the other, what's the point of using encryption at all?
-
Traditional is only easier with physical access. VoIP depending on the ACLs/Firewall you have potential to gain access anywhere. Granted the NSA is already doing it for landlines and cell phones.
-
@Dashrender said:
You've eluded to this before when it comes to faxes, how is it so much easier to eaves drop on traditional phone lines vs VOIP traffic?
How is VOIP at all more secure than PSTN?PSTN is circuit switching rather than packet switching for one. That means that tapping a PSTN path is trivial while guaranteeing the tap on a VoIP path is impossible. The second is that PSTN is so easy that you can go to any wire and without actually tapping it join the conversation bi-directionally using very simple equipment. PSTN is standard and simple. Any hobbyist can tap PSTN with minimal effort. Kids can do it.
Tapping VoIP is certainly doable if you don't encrypt. But the effort might be 10x or 100x more. You can't just "go find a line" and you can't just slap together some electronics and stand by the line to do it. You need serious gear and a lot of know-how and luck that you are getting a line that has the packets on it.
One is truly trivial. One is quite hard.
-
@thecreativeone91 said:
Traditional is only easier with physical access. VoIP depending on the ACLs/Firewall you have potential to gain access anywhere. Granted the NSA is already doing it for landlines and cell phones.
That's true, but that's what makes it easier. They are about equal without access. With access PSTN is completely trivial. And getting physical access is super easy since PSTNs have rigid endpoints and are exposed on the poles and external to the building. VoIP has potentially mobile end points and potentially no access externally.
-
Here is another way to look at it..... ever "accidentally" gotten access to someone's VoIP call? I bet not. Ever "accidentally" gotten connected to a PSTN call that wasn't yours and had access to either listen or possibly even talk? Sure, who hasn't. It's rare. But my point is that it is so easy to tap the PSTN that the phone carriers accidentally tap people into lines with some regularity. There is no protection at all.
-
As @scottalanmiller states, it is trivial to tap a POTS line.
Anyone can open a box on the outside of your building, or even down the street and clip on to pairs until they find your call.
How will you tap a VoIP call? You have to get on the network between the PBX or phone and the SIP trunk provider. How easy is that to do?
-
@Dashrender You have not yet replied with WHY you are trying to protect against eavesdropping.
What is driving this?
-
@JaredBusch said:
@Dashrender You have not yet replied with WHY you are trying to protect against eavesdropping.
What is driving this?
My personal paranoia.
Without physical access PSTN is not trivial.. .but yes physical access is trivial as long as you re local to the connections, but if you're some hack in China, there is little to no chance they are going to tap your PSTN connection, but they definitely have the ability to try to hack your VOIP connection.
I realize I probably have a completely unfounded fear here, and as someone already said.. we all know that the NSA is already tapping everything.
Another thing - I like privacy for the sake of privacy. Frankly I'm amazed how many people don't.
-
@Dashrender said:
Without physical access PSTN is not trivial.. .but yes physical access is trivial as long as you re local to the connections, but if you're some hack in China, there is little to no chance they are going to tap your PSTN connection, but they definitely have the ability to try to hack your VOIP connection.
But even without physical access, VoIP is as safer or possibly still safer. PSTN is just SO much more dangerous when there is physical access.
You really think someone in China wants to listen to you talk?
They can tap your PSTN just like your VoIP. Don't get confused into thinking the PSTN is secure. You need to read more about the history of hacking. Hackers came from the phone systems to computers, not the other way around.
-
@scottalanmiller said:
They can tap your PSTN just like your VoIP. Don't get confused into thinking the PSTN is secure. You need to read more about the history of hacking. Hackers came from the phone systems to computers, not the other way around.
Oh Yes, I've read some of Mitnick's adventures.
-
@Dashrender said:
Another thing - I like privacy for the sake of privacy. Frankly I'm amazed how many people don't.
Then you'd move to VoIP first and look to make it MORE secure afterwards. PSTN is the least secure thing, along with cell phones and texts. Those are the things you'd use last. VoIP is more secure. Sure, you can REALLY secure VoIP, if you are extra paranoid. But using the insecure because you fear the moderately secure doesn't make sense and doesn't reflect a desire for privacy.
-
@Dashrender said:
@scottalanmiller said:
They can tap your PSTN just like your VoIP. Don't get confused into thinking the PSTN is secure. You need to read more about the history of hacking. Hackers came from the phone systems to computers, not the other way around.
Oh Yes, I've read some of Mitnick's adventures.
He was late. It's the older 1970s stuff in Silicon Valley that's really hilarious and interesting. The phone system is not designed to be secure. It's designed to be replaced, which it was, long ago by VoIP.
-
I'm definitely not looking to stay on PSTN for security/privacy sake, please don't misconstrue that.
My quest is more on the, we're using SIP over the internet, why does it seem that encryption is the exception, not the rule?
I see no reason for me not to dump PSTN as soon as I'm able.
-
@Dashrender said:
Frankly I'm amazed how many people don't.
Why? What do I care if someone wants to dedicate their life to tapping my phone? If it is worth that kind of effort they can listen to be check on my dad's health. If people want to spy on you they are going to, period. There is a reasonable level of security that makes you not be low hanging fruit, do that stuff. But there is a point of paranoia that does you no good and actually might flag you as a target for being weird.
No one has needed encrypted calls for a hundred years. Why now? Now that no one uses phones seems an odd time to be concerned.
And tapping a phone call, eavesdropping, on VoIP is HARD. I mean really, really hard. It's not a very reasonable concern. Do you actually think someone might try to do this to you?
