We aim to keep your calls and data secure.
To ensure the confidentiality of communications, all voice packets passed between the remote VoIP phone and the Mitel Border Gateway are encrypted using the Secure Real-time Transport Protocol (SRTP), a security profile for RTP, which has emerged as the de facto industry standard for securing voice streams over IP. Secure RTP adds confidentiality, message authentication and replay protection to that protocol. Specifically, Secure RTP defines a set of default cryptographic transforms and allows new transforms to be introduced in the future. The security benefits of Secure RTP include:
- Confidentiality of the RTP payloads, as well as protection against replayed packets
- Low bandwidth cost, i.e., a framework preserving RTP header compression efficiency, and limited packet expansion
- Low computational cost
- High tolerance to packet loss and re-ordering, and robustness to transmission bit errors in the encrypted payload
Secure RTP is ideal for protecting VoIP traffic because it can be used in conjunction with header compression and has no effect on IP Quality of Service (QoS). These attributes provide significant advantages, especially for voice traffic using low bit rate voice codec’s such as G.729.
In order to protect the confidentiality and integrity of the MiNET signaling, the MiNET connection between the remote IP phone and the Teleworker Solution server is fully encrypted using industry standard TLS/SSL encryption.
IP Phone Authorization
In addition to protecting the confidentiality of the voice stream and Convergence signaling, Convergence’s gateway is designed to prevent unauthorized remote phone users from gaining access to corporate voice resources. This is accomplished by restricting access to specified IP Phones based on a unique identifier sent by the phone to Convergence’s Gateway in a MiNET control message. That unique identifier is the MAC (Media Access Control) address of the phone. The first time an IP Phone attempts to send a registration message to the Convergence gateway, its MAC address is automatically logged and entered into a table that is displayed on the solution’s web interface. By default, the phone is disabled and therefore will not be able to connect to the outer layer of the Gateway.