Security Support With Mitel Voip; Data Encryption; Bandwidth Considerations (Voice And Signalling Encryption) - Mitel mivoice business Engineering Manualline

SECURITY SUPPORT WITH MITEL VOIP

A number of devices in the Mitel IP product range now include additional security measures.
These include:
• Encryption of voice and signalling payload data
• Network Access Authentication (802.1X)
Encryption is used to "hide" the information that is carried in the payload from unauthorized
users and applications.
Network access authentication is a method to restrict connections to the network, or guide the
device to particular parts of the network.

DATA ENCRYPTION

Encryption hides both the signalling information and the voice streaming. The network
connection, or path, remains the same whether the data in the payload is secured or not. Both
secure and non-secure devices use the same network paths to establish voice connections.
Although quite complex, data encryption involves two main aspects. These are:
• key exchange
• data encryption and decryption
Encryption scrambles the data using the available key information such that it cannot be easily
read and decoded by a third party. Only the endpoints have the necessary key information to
encode and decode the data correctly. The method used to pass this key information between
endpoints is known as the key exchange.
There are a number of standard methods to encrypt data. These are very secure in their coding,
and have been field tested over a number of years with critical information such as financial
and personal data. From a user view, all that is important is to know is that the data is secured.
The method used to encrypt the data is negotiated by the endpoints. If one or both of the
endpoints do not support encryption, the connection may still be established, but will be
unsecured. That is, a voice call can still be established with equipment that doesn't support
encryption methods.
BANDWIDTH CONSIDERATIONS (VOICE AND SIGNALLING
ENCRYPTION)
The secure connection uses data encryption to modify the contents of the payload so that
someone collecting data packets will be unable to read the contents. It doesn't modify the
contents of the IP header, since this is still needed to pass data over the existing Layer 3 routers
and Layer 2 network switches. If the headers were also encrypted, then every router in the path
would need to know how to decipher the information.
The data in the payload is intended for a particular application. It is the application that knows
how to decode the information. For the Voice over IP application, this payload contains the
signalling information or voice streaming.
VoIP Security
341