Page History

Voice over IP communication systems consist of many components, of which the phones are the ones easiest accessible and therefore a possible entry point for hackers. This paper is meant to give a guideline to our partners which parameters of a Snom phone should be auto-provisioned to ensure the maximum possible security, without compromising the simplicity of the deployment or the ease of use of the phones.

Step-by-step guide

Secure the phone web user interface and set strong and individual user credentials

Accessing the phone web user interface and entering data can mean a security risk, when the communication between web browser and web server is not encrypted. Therefore, the web server of the phone should always either put into https-only mode or turned off completely, if there is no necessity to access the phone via web browser.

Configure a maintenance mode user

The service mode (or maintenance mode) is a special user account to access the phone as and switch it temporarily from user mode to admin mode. On logout, the phone will return into user mode. This account can be used for controlling the phone remotely and performing actions triggered by HTTP requests coming from 3rd party applications (e.g. Click-to-dial CTI).

Secure signalling and voice communication

VoIP calls are vulnerable to a variety of threats that traditional telephone calls are not. Eavesdropping or hijacking phones or SIP accounts are just two of the most common ones. Encryption is one of the essential security technologies for computer data. To have a secure voice over IP communication, both the signalling packets (SIP) and the audio stream (RTP) need to be encrypted.

Securing the SIP traffic

Transport Layer Security (TLS) can provide a secure communication channel between two communicating entities. The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. 

A device incorporating TLS can be configured to allow only secure SIP signaling to other devices. This mandates that the client first sets up a TLS/SSL connection to the server and then exchanges encrypted SIP messages with it on the secure connection. Since this secure communication is based on a shared secret known only by the server and the client, this mechanism makes it very difficult and again if not impossible for an eavesdropper to view, manipulate, or replay the messages exchanged.

The best available transport mechanism can be chosen automatically by creating DNS service records (DNS-SRV) with priorities for UDP, TCP and TLS.

For further information on TLS authentication please visit: TLS Support

Media Encryption

Media communications can also be secured by incorporating some form of encryption method. VoIP phones may encrypt audio streams via SRTP (Secure Real-time Transport Protocol). SRTP is a security profile for RTP that adds confidentiality, message authentication, and replay protection to that protocol. SRTP is ideal for protecting Voice over IP traffic because it can be used in conjunction with header compression and has no effect on the Quality of Service. It creates a unique key stream for each RTP packet, therefore making it almost impossible for eavesdroppers to retrieve the original RTP stream from the encrypted SRTP stream. SRTP also provides replay protection which is undoubtedly important for multimedia data. Otherwise, it would be possible for an adversary to perform simple manipulations on data that subverted security. For example, in a voice application, the phrase "yes" could be substituted for "no" if replay protection is not present.

Image Added

For further information please visit: SRTP - Secure Real-Time Transport Protocol

Example of a minimum configuration for a secured handset

<?xml version="1.0" encoding="utf-8"?>
<settings>
  <phone-settings>
    <!-- PHONE WEBSERVER PROTECTION -->
    <webserver_type perm="R">https</webserver_type>
    <http_user perm="R">username</http_user>
    <http_pass perm="R">7X@y8Ob%4308<http_pass>
    <use_hidden_tags perm="R">on<use_hidden_tags>
    <web_logout_timer perm="R">5</web_logout_timer>
    <!-- MAINTENANCE USER ACCOUNT -->
    <service_mode_login perm="R">maintenance<service_mode_login>
    <service_mode_pass perm="R">J#Iwc68521P4</service_mode_pass>
    <admin_mode_upon_http_login perm="R">on</admin_mode_upon_http_login>
    
    <!-- MEDIA & SIGNALLING ENCRYPTION -->
    <user_outbound perm="R">my.hostedpbx.com;transport=tls</user_outbound>
    <user_srtp perm="R">on</user_srtp>
    <user_savp perm="R">mandatory<user_savp>
 </phone-settings>
</settings>

Voice over IP communication systems consist of many components, of which the phones are the ones with the easiest accessible and therefore a possible entry point for hackers. This paper is meant to give a guideline to our partners which parameters of a Snom phone should be auto-provisioned to ensure the maximum possible security, without compromising the simplicity of the deployment or the ease of use of the phones.

Step-by-step guide

Secure the phone web user interface and set strong and individual user credentials

Accessing the phone web user interface and entering data can mean a security risk, when the communication between web browser and web server is not encrypted. Therefore, the web server of the phone should always either put into https-only mode or turned off completely, if there is no necessity to access the phone via web browser.

Configure a maintenance mode user

The service mode (or maintenance mode) is a special user account to access the phone as and switch it temporarily from user mode to admin mode. On logout, the phone will return into user mode. This account can be used for controlling the phone remotely and performing actions triggered by HTTP requests coming from 3rd party applications (e.g. Click-to-dial CTI).

Secure signalling and voice communication

VoIP calls are vulnerable to a variety of threats that traditional telephone calls are not. Eavesdropping or hijacking phones or SIP accounts are just two of the most common ones. Encryption is one of the essential security technologies for computer data. To have a secure voice over IP communication, both the signalling packets (SIP) and the audio stream (RTP) need to be encrypted.

Securing the SIP traffic

Transport Layer Security (TLS) can provide a secure communication channel between two communicating entities. The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. 

A device incorporating TLS can be configured to allow only secure SIP signaling to other devices. This mandates that the client first sets up a TLS/SSL connection to the server and then exchanges encrypted SIP messages with it on the secure connection. Since this secure communication is based on a shared secret known only by the server and the client, this mechanism makes it very difficult and again if not impossible for an eavesdropper to view, manipulate, or replay the messages exchanged.

The best available transport mechanism can be chosen automatically by creating DNS service records (DNS-SRV) with priorities for UDP, TCP and TLS. (http://wiki.snom.com/FAQ/How_can_I_setup_snom3xx_phones_for_TCP_support)

For further information on TLS authentication please visit: http://wiki.snom.com/Category:HowTo: TLS Support

Media Encryption

Media communications can also be secured by incorporating some form of encryption method. VoIP phones may encrypt audio streams via SRTP (Secure Real-time Transport Protocol). SRTP is a security profile for RTP that adds confidentiality, message authentication, and replay protection to that protocol. SRTP is ideal for protecting Voice over IP traffic because it can be used in conjunction with header compression and has no effect on the Quality of Service. It creates a unique key stream for each RTP packet, therefore making it almost impossible for eavesdroppers to retrieve the original RTP stream from the encrypted SRTP stream. SRTP also provides replay protection which is undoubtedly important for multimedia data. Otherwise, it would be possible for an adversary to perform simple manipulations on data that subverted security. For example, in a voice application, the phrase "yes" could be substituted for "no" if replay protection is not present.

For further information please visit: http://wiki.snom.com/Category:HowTo:SRTP: SRTP - Secure Real-Time Transport Protocol

Example of a minimum configuration for a secured handset

<?xml version="1.0" encoding="utf-8"?>
<settings>
  <phone-settings>
    <!-- PHONE WEBSERVER PROTECTION -->
    <webserver_type perm="R">https</webserver_type>
    <http_user perm="R">username</http_user>
    <http_pass perm="R">7X@y8Ob%4308<http_pass>
    <use_hidden_tags perm="R">on<use_hidden_tags>
    <web_logout_timer perm="R">5</web_logout_timer>
    <!-- MAINTENANCE USER ACCOUNT -->
    <service_mode_login perm="R">maintenance<service_mode_login>
    <service_mode_pass perm="R">J#Iwc68521P4</service_mode_pass>
    <admin_mode_upon_http_login perm="R">on</admin_mode_upon_http_login>
    
    <!-- MEDIA & SIGNALLING ENCRYPTION -->
    <user_outbound perm="R">my.hostedpbx.com;transport=tls</user_outbound>
    <user_srtp perm="R">on</user_srtp>
    <user_savp perm="R">mandatory<user_savp>
 </phone-settings>
</settings>