How secure is SIP ?

Discussion in 'UK VOIP' started by Doz, Aug 22, 2006.

  1. Doz

    Doz Guest

    How secure is sip ?

    I hear people banging Skype on security... just wondered if SIP was secure ?
     
    Doz, Aug 22, 2006
    #1
    1. Advertising

  2. Doz

    Ivor Jones Guest

    "Doz" <> wrote in message
    news:10yntt60h5fx3$.8jptkbef4lkw$
    > How secure is sip ?
    >
    > I hear people banging Skype on security... just wondered
    > if SIP was secure ?


    Nothing is *totally* secure, it depends on how much time, money and
    expertise you have available to crack it..!

    Although I'd hazard a guess that unless you're GCHQ or the CIA, it would
    be proably be easier to bug the room in which the person is making the
    call..!

    Ivor
     
    Ivor Jones, Aug 22, 2006
    #2
    1. Advertising

  3. Doz

    alexd Guest

    Doz wrote:

    > How secure is sip ?


    Not at all. The signalling is in plaintext and the audio streams are
    unencrypted RTP, by default.

    > I hear people banging Skype on security... just wondered if SIP was
    > secure?


    SIP is as secure as the network you are using it on!

    --
    <http://ale.cx/> (AIM:troffasky) ()
    18:23:42 up 28 days, 23:45, 3 users, load average: 0.01, 0.06, 0.15
    This is my BOOOOOOOOOOOOOOOOOOOOOMSTICK
     
    alexd, Aug 22, 2006
    #3
  4. Doz

    Martin Guest

    Ivor Jones wrote:
    > "Doz" <> wrote in message
    > news:10yntt60h5fx3$.8jptkbef4lkw$
    >> How secure is sip ?
    >>
    >> I hear people banging Skype on security... just wondered
    >> if SIP was secure ?

    >
    > Nothing is *totally* secure, it depends on how much time, money and
    > expertise you have available to crack it..!
    >
    > Although I'd hazard a guess that unless you're GCHQ or the CIA, it would
    > be proably be easier to bug the room in which the person is making the
    > call..!


    *If* (and it's a big if) you're in a position to watch the packets go
    past on the internet (or on your local Ethernet on route to the
    Internet) then you can use open-source software to record a nice .WAV
    file! I think Ethereal does that now. That is, standard SIP just sends
    all voice traffic in the clear.

    If you watch the packets go past in Ethereal, you can see that there's
    some attempt to protect the signalling traffic to try to guard against
    call fraud, but it isn't immediately obvious how secure that is. That
    is, I'm not sure whether I should be worried about the possibility of
    call fraud.

    In the absence of a robust security analysis, my gut feeling is that SIP
    is probably good enough to use on ADSL, but should be avoided on
    unencrypted wi-fi, cable internet (if the downlink is shared) and on any
    other untrusted networks where packet interception is likely to occur.

    - Martin.
     
    Martin, Aug 23, 2006
    #4
  5. On Wed, 23 Aug 2006 22:32:08 +0100, Martin <>
    wrote:

    >*If* (and it's a big if) you're in a position to watch the packets go
    >past on the internet (or on your local Ethernet on route to the
    >Internet) then you can use open-source software to record a nice .WAV


    Not _quite_ as simple as saving to a .wav file - unless you happen to
    be using G711.

    >file! I think Ethereal does that now. That is, standard SIP just sends
    >all voice traffic in the clear.


    It's not really that SIP is in the clear that causes the problem, it's
    just initiating the session after all, it's that RTP is used to carry
    the voice data. I expect that SRTP, which allows for encryption of the
    RTP payload, will become more popular in time.
     
    Darren J Longhorn, Aug 23, 2006
    #5
  6. Doz

    Doz Guest

    On Tue, 22 Aug 2006 17:24:58 GMT, alexd wrote:

    > Doz wrote:
    >
    >> How secure is sip ?

    >
    > Not at all. The signalling is in plaintext and the audio streams are
    > unencrypted RTP, by default.
    >
    >> I hear people banging Skype on security... just wondered if SIP was
    >> secure?

    >
    > SIP is as secure as the network you are using it on!


    Thanks for the sensible and straight fwd reponses.. ta.
     
    Doz, Aug 25, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. KerplunKuK

    Secure and non secure warnings

    KerplunKuK, Aug 24, 2004, in forum: Computer Support
    Replies:
    8
    Views:
    557
    Blinky the Shark
    Aug 24, 2004
  2. Miss Mary
    Replies:
    1
    Views:
    1,462
    sean.archer
    Sep 21, 2007
  3. Replies:
    0
    Views:
    603
  4. Replies:
    0
    Views:
    702
  5. cade

    Secure Auditor secure your windows

    cade, Apr 28, 2008, in forum: Computer Security
    Replies:
    0
    Views:
    506
Loading...

Share This Page