1. Manuals
  2. Brands
  3. Snom Manuals
  4. IP Phone
  5. M9
  6. Administrator's manual

Snom m9 DECT Administrator's Manual page 30

Hide thumbs Also See for m9 DECT:
Table of Contents

Advertisement

snom m9 DECT Administrator Guide
Encrypted Calls
The snom m9 supports media and SIP signaling encryption for making secure VoIP calls using TLS/SRTP.
These features are provided via RFC 4346 (TLS), RFC 3711 (SRTP), and Internet draft draft-ietf-mmusic-sde-
scriptions-12 (SDP Security Descriptions for Media Streams)
Signaling Encryption
Transport Layer Security or TLS is a cryptographic protocol that provides communications security over the
Internet. TLS enables a device and server to use a secure connection for communication which is not suscep-
tible to eavesdropping or data thefts on the Internet. TLS is analogous to HTTPS.
The snom m9 provides the user with the option to use TLS functionality for SIP signaling (also known as
SIPS), thereby providing a high level of call control security on the Internet as well as in other security-sensitive
networks. The TLS/SIPS functionality can be enabled on the snom m9 by appending the transport=tls
parameter to the SIP outbound proxy. E.g. the following Outbound Proxy setting would enable the snom m9 to
use TLS (port 5061) for registration and call setup with sip:myserver.com.
Outbound Proxy: sip:myserver.com:5061;transport=tls
Note: TLS usage can also be configured via DNS SRV setup. In this case, the snom m9 will automatically
select the port and transport provided by DNS SRV lookup.
This signaling is used between the base station and the IPBX, so it must also support these protocols to pro-
tect the conversation between the base station and the handset.
Media Encryption
For media encryption, the snom m9 relies on RFC 3711 (SRTP) for Packet Encryption and Internet draft draft-
ietf-mmusic-sdescriptions-12 for Key Exchange. The Key Exchange protocol allows the snom m9 to exchange
RTP Keying information with its peer in SIP signaling messages when a call is placed or answered. This ex-
changed information is then used to establish an "encrypted" audio stream between the snom m9 and its peer.
Media encryption can be switched on using the RTP Encryption setting. This setting toggles between SAVP/
AVP). In summary, TLS encrypts the signalling or call setup and teardown messages, and SRTP encrypts and
protects the audio steam or voice packets.
22
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Snom m9 DECT

Related Products for Snom m9 DECT

Table of Contents