Upgrade 3CX to v18 and get it hosted free!
Home | SIP | SIP security

SIP security

Author image
Posted by , on October 9, 2003

SIP security is a vast and somewhat challenging field.

  • Authentication: Can users steal other users identity?
  • Integrity: Is the SIP message received the same as the one sent?
  • Confidentiality: Is someone else listening on your SIP call setup?
  • Privacy
  • Non-repudiation: Making sure we can trace callers

In addition, the RTP media stream, the actual conversation audio, may need to be confidential.

Client security

  • Replay

Server security

  • Denial of service attacks

IETF RFCs

  • RFC 3329 Security Mechanism Agreement for the Session Initiation Protocol (SIP)
  • RFC Draft SIP digest authentication relay attack

Additional Reading

Multimedia services using SIP face a range of challenges including traversing Firewalls which were never designed to be VoIP aware, exposing a publicly accessible address for a client which invited hacking and so on. Some of the basic issues surrounding SIP and security are examined.

PATTON Electronics whitepaper…

Ever wonder who eavesdrops on your VoIP conversations? Unencrypted VoIP compromises information security for companies that handle sensitive information and the carriers that serve them. This Patton white paper explains how you can make your Internet Telephony solution completely secure. Find out why VoIP-over-VPN technology is more expedient than emerging CODEC-based approaches such as SRTP and SIP TLS. You’ll also learn how Internet Key Exchange (IKE) simplifies VoIP installation at the same time it strengthens information security

See also

Article Reviews

Write a Review

Your email address will not be published. Required fields are marked *

Required Field. Minimum 5 characters.

Required Field. Minimum 5 characters, maximum 50.

Required field.There is an error with this field.

Required Field.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

There are no reviews for this article. Be the first one to write a review.

Related Posts:

SIP Trunking vs PRI
December 2, 2021
Have you converted to Voice over Internet Protocol yet? If so, you are probably looking for a way to integrate VoIP technology with traditional analog phone lin...
PortSIP Softphone App provides push to talk
December 6, 2019
PortSIP Softphone is the industry’s most reliable and feature-rich communication application for iOS, Android and Windows. Based on SIP Standards, it becomes ...
SIP method update
September 11, 2003
From RFC 3311: UPDATE allows a client to update parameters of a session (such as the set of media streams and their codecs) but has no impact on the state of a ...
Use a second internet connection for SIP
April 23, 2008
Situation: Asterisk is running on a box which is internet router for a LAN and has two internet connections. Assume that the default gateway sits on the first i...
SIP method subscribe
February 23, 2004
From RFC 2848: When a SUBSCRIBE request is sent to a PINT Server, it indicates that a user wishes to receive information about the status of a service session. ...
How to setup SIP on a Cisco 7940-7960 IP telephone
October 1, 2005
Note: If you intend to use any XML IP Phone Applications on your phones, be aware that the SIP image of the Cisco IP Phones has limitations compared to the Skin...
sipX
June 2, 2005
sipX – The SIP PBX for Linux Original project: sipXecs Original Website: http://www.sipfoundry.org This project has also been forked and continues with th...
SIPML5
May 15, 2013
After the world’s first SIP video clients for Android and iOS (early 2009), Doubango Telecom open sourced the SIPML5 Project. SIPML5 is the world’s ...
Mitel MiNET to SIP Conversion
May 1, 2007
The typical Mitel phone ships from the vendor in MiNET mode and the firmware version present will most likely not support SIP mode. This guide explains how to c...
Sipura Technology Inc.
September 3, 2005
Sipura was purchased by Linksys and the Sipura product line has been rebranded to Linksys Update Jan 2009: Linksys Voice products (what was Sipura) are now goin...
Get 3CX - Absolutely Free!
Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.