Stephane M wrote:
> Hi,
>
> I just wonder if a communication is really secure ?

Standard installations aren't very secure.

The RTP (audio data) is not encrypted.

The SIP (call setup signalling) is not encrypted and not authenticated.

Often people use weak passwords on their SIP servers


> I mean, suppose that 2 peoplse connected to their own ASTERISK server,
> and 2 users are connected to this server...
>
> What do you think about the link between the phone and the server ?
> (Usually using SIP protocol)
> - Is that easy to intercept communications ?

If you can wireshark the network between the 2 end points, it is very
easily to get details of the calls.

But whether anybody would or not is another matter.


> - Is there a way to encrypt SIP communications ? if so, how can we do
> that ?

yes. SRTP - will protect the audio stream. SIPS will encrypt and
authenticate the SIP messages.

Snom phones support both SIPS and SRTP. I'm not sure about asterisk
support for security - I've never seen it working.


If I were looking for more secure communications, I would use a more
traditional SIP registrar, rather than asterisk. With SIPS enabled on
the server, and SRTP on the phones. Then audio data goes point to
point, rather than through the Asterisk server.


Tim