Archives November 21, 2021

Basics of SIP over UDP, TCP, & TLS

Sip Over UDP, TCP, & TLS (The Transport Layer’s)

Are your SIP calls transmitted securely? To find out, check how your calls are being transported. There are three common protocols used in SIP: UDP, TCP, and TLS. Each protocol has a use-case, which don’t always include security as a priority. Let’s take a deeper look at the differences between these three SIP protocols.  

User Datagram Protocol (UDP)

UDP, or user datagram protocol, is the default layer for VoIP applications because of its excellent delivery speeds. This protocol provides only the essentials needed to transport voice and media messages, rapidly and efficiently moving these packets between hosts. UDP is good for speed and efficiency. 

How Does UDP Work? 

  1. Gathers data, adding unique header information to the packet. Data consists of origination and termination ports, packet length, and checksum. 
  2. UDP packets (datagrams) are condensed into IP packets and moved to their destination.

Transport Control Protocol (TCP)

TCP, or transport control protocol, provides users with reliable voice and messaging delivery across the Internet. This protocol is responsible for delivering the packets in a specific order, regardless of how long it takes. TCP is great for reliable packet delivery. 

How Does TCP Work? 

Configuring TCP uses a three-way handshake between the client and a server. It’s composed of three messages that enable endpoints to synchronize (SYN) and acknowledge (ACK) each connection property, including port addresses.

  1. The client selects a sequence number (SYN).
  2. The server selects its own sequence number and acknowledges the clients’ sequence number (SYN/ACK).
  3. The client acknowledges the server’s number (ACK).

Transport Layer Security (TLS)

TLS, or transport layer security, protocol is the top and most powerful layer responsible for securing SIP voice and media messages. This protocol uses cryptographic encryption to provide end-to-end security. TLS is best for encryption, authentication, data integrity, and secure SIP trunking in general. 

How Does TLS Work? 

Like TCP, TLS begins with a handshake:

  1. The protocol initiates parties to negotiate a shared encrypted key code between the client and server.
  2. It permits both endpoints to authenticate themselves and verify who they say they are.
  3. With its own framing mechanism, the protocol inscribes each message with an authentication code to ensure message integrity and authenticity.

SIP Common Method Of Attacks

SIP Security Threats: Common Methods of Attack

Because SIP trunking requires an Internet connection, your business phone systems may be more susceptible to cyberattacks. Below are some examples of common SIP threats you could be vulnerable to without enhanced network security. 

  • Spoofing. Scammers spoof – or impersonate IP addresses by “sniffing” data packets – business numbers to make unauthorized calls and gain access to critical information used for fraudulent activities. 
  • Call Flooding. Attackers spoof a network user, flooding the phone system with calls so legitimate callers are unable to reach the organization. 
  • Eavesdropping. The act of intercepting personal or confidential communications over the Internet without consent to obtain sensitive information.
  • SIP Modification Attack. Hackers tamper with signals, call flows, key codes, and more to compromise data integrity. 
  • DoS/DDoS. Denial of service and distributed denial of service attacks send so much malicious traffic to a network that it can no longer communicate properly, preventing legitimate calls from getting through. 
  • Spam. Hackers targeting callers with robocalls and phony requests.
  • Phishing. Like spam, these attacks prey on vulnerable users to get sensitive and personal information as if they were coming from a trusted source.
  • Toll Fraud. Attackers artificially rack up expensive toll charges from international numbers on lines outside an organization’s phone system, taking a cut of revenue generated from the calls.

Best Practices for Secure SIP Calling

  1. Regular system updates. Applying system updates to your operating systems can help protect your network from exploitation and malicious attacks. 
  2. Use a VPN. Many companies set up their VoIP platforms on a Virtual Private Network (VPN) to protect their traffic regardless of where their teams are located. VPNs automatically encrypt traffic, providing businesses a higher level of security than a simple at-home WiFi network. 
  3. Setup Firewalls. A barrier against untrustworthy networks, firewalls protect your network from specific traffic based on your security parameters. 
  4. Examine Call Logs. Review the company’s call logs to track any unusual call behavior. You can monitor your call volume in a variety of views using a call analytics dashboard. 
  5. Establish Security Best Practices. Implement routine security training for all employees and encourage them to report suspicious behavior.