security concern with freephoneline VOIP

This section is for general discussions surrounding digital phone service.

security concern with freephoneline VOIP

Postby zollen » 04/16/2011

I am absolutely new to VOIP world and recently I joined the freephoneline.ca. I am living in Toronto. I have a number of questions regarding to freephoneline services and VOIP securities. They sent me a ATA model: Grandstream HT286

1. Does freephoneline.ca utilizes both RIP and SIP, for VOIP?
2. Does my voice stream get encrypted by default?
3. Does HT286 offer any voice encryption or VOIP securities?
4. Would other more expensive ATA model (i.e. PAP2-NA) offers better VOIP securities and voice encryption?
5. What can I do as an end user to improve my VOIP securities?
6. What kind of VOIP securities does freephoneline.ca currently provide?
7. If I use CIBC telephone banking (for example), should I be worried about being eavesdropped?
zollen
Just Passing Thru
 
Posts: 3
Joined: 04/16/2011
SIP Device Name: HT286
Firmware Version: unknown
ISP Name: Bell High Speed Internet
Computer OS: window xp
Router: Bell rental router

Re: security concern with freephoneline VOIP

Postby bridonca » 04/16/2011

zollen wrote:I am absolutely new to VOIP world and recently I joined the freephoneline.ca. I am living in Toronto. I have a number of questions regarding to freephoneline services and VOIP securities. They sent me a ATA model: Grandstream HT286

Good for you, I am sure you will enjoy the service.
zollen wrote:1. Does freephoneline.ca utilizes both RIP and SIP, for VOIP?

freephoneline.ca uses SIP for a VOIP protocol. Not sure what RIP is, RTP perhaps? If so, SIP also needs an available port for RTP.
zollen wrote:2. Does my voice stream get encrypted by default?

No
zollen wrote:3. Does HT286 offer any voice encryption or VOIP securities?

No.
zollen wrote:4. Would other more expensive ATA model (i.e. PAP2-NA) offers better VOIP securities and voice encryption?

No
zollen wrote:5. What can I do as an end user to improve my VOIP securities?

Use Skype instead. SIP is not a really secure protocol with the voice traffic. It's packets are very easy to sniff.
zollen wrote:6. What kind of VOIP securities does freephoneline.ca currently provide?

They make it hard for one to guess your password. The password is pretty secure, the voice traffic, not so much.
zollen wrote:7. If I use CIBC telephone banking (for example), should I be worried about being eavesdropped?

I suppose, but then again the plain old telephone service is not much more secure either, and that is what most people use for telephone banking.
User avatar
bridonca
Technical Support
 
Posts: 1173
Joined: 11/16/2009
SIP Device Name: Netgear WGR615V
Firmware Version: latest
ISP Name: Eastlink
Computer OS: XP

Re: security concern with freephoneline VOIP

Postby FONGO_steve » 04/18/2011

This topic does not need to be sticky, I have changed it to a normal post...
Steve
Fongo
Development Support Specialist.
User avatar
FONGO_steve
Site Moderator
 
Posts: 2131
Joined: 07/16/2009
Location: Cambridge
SIP Device Name: Grandstream 286 & 701
ISP Name: Worldline.ca
Computer OS: Windows 7 Ultimate / Mac OS X
Router: TR1043ND w/ DD-WRT Mega
Smartphone Model: Galaxy S3
Android Version: 4.0.4

Re: security concern with freephoneline VOIP

Postby Ice » 04/19/2011

I'll contribute by saying this... I think part of Freephoneline boils down to (1) what this product/service actually is all about; and (2) expectations you may have.

Freephoneline is a plain and public telephone service that happens to be run over VoIP. The technology itself is simple because it is plainly for voice/telephony. There are ways to make it secure, but Freephoneline being "free" simply has the barebones, and slowly growing to include more features. There are various methods to encapsulate and/or secure/encrypt your voice connection but they are not standard.

One good thing about the Freephoneline's in-security include the direct interaction and transparency you get with the community and staff. Nowhere else will you have this same level of transparency, whether with Bell, Telus, voip.ms, etc. I'm sure there are secure voice/telephony providers and you'll most likely be able to put much better faith in their systems and security, however, don't forget the huge premium you will be paying for the service.

Everything people said here holds true... I don't see a significant security risk over other traditional landline/POTS systems. I think it's possible to have an internet connection + ATA box but no functioning computer for general use (but rare). :)
Ice
Lightly Seasoned
 
Posts: 151
Joined: 01/21/2010

Re: security concern with freephoneline VOIP

Postby Bloodsong » 06/10/2011

I'm a little late to this topic, but since I'm here, and network security is my background, I'll throw out a few tid-bits.

SIP is an open standards protocol, very transparent and easy to intercept and play with.
This being said, all of your traffic is essentially simple to intercept, if I have access to your network.
once it's "in the cloud" tracking any given information is next to impossible, each packet has the potential to be routed slightly differently depending upon the conditions of "the internet" between you and, in this case, freephoneline.

Truth is, most people do not have physical (perhapse wireless? I hope you use WPA2 with a secure password) access to your network. However all I need to listen to your phonecalls over POTS is a handset (not a complete phone, just the handset portion) and a pair of alligator clips, then to sit down with a hard-hat, orange vest, and toolbelt next to the phonebox down the street.

There is similarly depending on location, a high probability your calls are being recorded by your phone provider, and finally, police have an over-ride that allows them to bug/listen-in on anyone's POTS calls. (with a subpoena of course... but we all know the technology has been abused.)

So generally speaking, you are AT LEAST as secure as POTS... likely more.

There are projects like SIPS (Secure SIP, kind of like HTTPS) Where the SIP packets are encrypted using an SSL certificate. Of course, SIP is not what your voice is transferred by, and is often handled in relatively slow TCP packets. SIP is only a signalling technology, routing the calls to find User A and User B, ringing phones, transferring and all the other fun stuff.

The media/voice data is transferred over RTP, which also has a secure project called SRTP (See here: http://srtp.sourceforge.net/faq.html)
of course, security protocols and encapsulation methods add over-head which introduces it's own set of issues generally related to Quality of Service.

The easiest way to secure VoIP traffic is of course encapsulation (A secure tunnel) either from you to the far end use directly (avoiding a provider) or from you to your provider, where things will be viewed once more "in the clear" but avoids the possibility of sniffing between you and the provider.

Which brings the other issue in phone security in general.

As secure as your line might be, you are only as secure as the least secure portion of the call, be that your line, the other end of the call, or the provider in the middle. Generally speaking, I suggest you not worry about what happens to it outside your house because that's beyond your control.

When the SIP provider gets it and converts it to POTS/PSTN your security methods are instantly defeated anyway.

If you're not military you're probably over paranoid, if you need to worry about a particular conversation more than the average person, I suggest you find a way to have it in person, or write it in a complex cypher and mail/email it.
User avatar
Bloodsong
Tried and True
 
Posts: 362
Joined: 09/18/2009
Location: Simcoe County
SIP Device Name: Zoiper| Grandstream GXP2000
ISP Name: Tek Savvy Internet (DSL)
Computer OS: CentOS, Arch, Widows 7, AIX, AS/400
Router: Cisco ASA 5520
Smartphone Model: Samsung Galaxy Ace Q
Android Version: 2.3.6

Re: security concern with freephoneline VOIP

Postby Jake » 06/10/2011

I might be missing something here, but when I was an engineer back in the UK I could clip a butt phone on any telephone line I could get hold of and hear what was being said on that line. In this respect I would have thought that VOIP was a bit harder for the general person to hear what is being said that any Joe who could open a street box and listen to any call he wanted to.

I must point out that I had full permissions to test the lines I clipped to, no wrong doing was done in any way, I had legit reasons for doing so.
User avatar
Jake
Technical Support
 
Posts: 2737
Joined: 10/18/2009

Re: security concern with freephoneline VOIP

Postby bridonca » 06/10/2011

The general person does not know how to clip butt phones either, even though a 12 year old could do it. The only difference with VOIP is one can snoop in the comfort of their own home, and not necessarily even in the same country. Either way, there are better ways than telephone banking if security is valued.
User avatar
bridonca
Technical Support
 
Posts: 1173
Joined: 11/16/2009
SIP Device Name: Netgear WGR615V
Firmware Version: latest
ISP Name: Eastlink
Computer OS: XP

Re: security concern with freephoneline VOIP

Postby kmichetti » 05/22/2012

So basically anyone with wireshark and my public ip address can intercept my calls, Correct?
kmichetti
Just Passing Thru
 
Posts: 4
Joined: 05/06/2012

Re: security concern with freephoneline VOIP

Postby zombie999 » 06/24/2012

kmichetti wrote:So basically anyone with wireshark and my public ip address can intercept my calls, Correct?


Nope!
zombie999
Lightly Seasoned
 
Posts: 190
Joined: 10/17/2009

Re: security concern with freephoneline VOIP

Postby curt » 01/30/2016

Bloodsong wrote:So generally speaking, you are AT LEAST as secure as POTS... likely more.


According to the following article, VoIP is less secure than PSTNs:
http://www.techrepublic.com/article/security-of-voip-phone-systems-comes-up-short/

"...VoIP networks also appear to be more susceptible than PSTNs when it comes to eavesdropping. In his paper, Xin said, "Conventional telephone eavesdropping requires either physical access to tap a line, or penetration of a switch. With VoIP, opportunities for eavesdroppers increase dramatically because of the large number of nodes in the path between the connected nodes." "


Can someone explain why the article is wrong?

It also states:
"Use Encryption: Even simple encryption protocols offer a substantial improvement in security. Transport layer security is the preferred method."


The following article also recommends encryption, such as VPN:

http://www.designdata.com/wp-content/uploads/sites/321/whitepaper/top_ten_voip_security_issue.pdf

Does anyone have any opinions on VPN?
curt
Active Poster
 
Posts: 53
Joined: 12/18/2014
SIP Device Name: Desktop Application for Mac
Firmware Version: 3.2.7.0
ISP Name: Frontline
Computer OS: Mac OSX 10.13.4
Router: Huawei / Asus GX-D1081

Re: security concern with freephoneline VOIP

Postby bridonca » 01/30/2016

If you can secure both ends of the conversation, encrypting your VOIP would make sense. But that is rarely possible. Because there are so many security holes in VOIP, even Skype, it is strongly recommended you assume your connection is insecure, and deal with that reality.
User avatar
bridonca
Technical Support
 
Posts: 1173
Joined: 11/16/2009
SIP Device Name: Netgear WGR615V
Firmware Version: latest
ISP Name: Eastlink
Computer OS: XP


Return to General Discussions

Who is online

Users browsing this forum: No registered users and 1 guest

cron