In VoIP - How is Encryption better than VPN Tunneling
Importance of Security in VoIP: VoIP, for long, has been termed as a cheap and unsecure mode of communication whereby the voice packets are traversed through public internet. There is control over the packets flow and hence highly unsecure.
Unsecure communication never gets its due place in serious business environment and hence VoIP is never treated as a genuine secure way of conversation about sensitive matters.
Along with voice quality restrictions, this is another main reason for hindrance in VoIP growth among serious enterprises and individuals.
Possible Solutions: There are 2 prominent solutions to this security problem: First is VPN Tunneling being implemented in client side devices plus client side PC softphones & Mobile Softphones.
Second, and the rarely present, solution is "Encryption/Decryption" of VoIP packets.
VPN Tunneling Explained: The client creates a dedicated secure connection with the server and then start sending data through this secure dedicated channel. The protocol followed between client & server is a declared and known protocol like with OpenVPN, Microsoft PPTP etc.
Encryption/Decryption Explained: The client encrypts the data (both signaling & RTP) before sending them over internet. The encryption of data is done through a proprietary logic & algorithm that is only known to the developer of the encryption/decryption. The data then is sent to the server where the same algorithm is used to decrypt the data and sent it across to the SIP server.
Benefits & Disadvantages of Encryption/Decryption over Tunneling: Since, tunneling uses standard protocol hence it can be easily detected by any firewall. Because of easy detection the tunnel can be blocked or stopped at any level. As VPN tunneling is invoked by independent programs, most of the times, many PC firewalls do not detect and authorize this. Some VPNs tunneling enabled softphones use more than one protocols such as pptp and more than one ports are used. These ports are most of the times blocked by ADSL routers. Hence, tunneling based softphones create quite a few problem behind firewall functioning. Encryption/Decryption solves all these issues and make the conversation work seamlessly and make it work in all these problematic conditions as well.
Since, the server side component of Encryption/Decryption is also developed and handled by the vendor, hence, the load balancing can be done effectively in case of Encryption/Decryption. Moreover, since the Encryption server is SIP Protocol sensitive, load balancing can be done on SIP Dialog basis. That means server can remember which message was sent to which server. Same holds true for load distribution or load balancing as well, whereby, the load handling is done much more efficiently in case of Encryption/Decryption. Voice communication is far more secure in case of encryption./decryption because the algorithm is proprietary and hackers are completely unaware of it. Since, standard protocols are followed in tunneling hence the cracks for the same are also well known.
No comments:
Post a Comment