Secure VoIP

VOIP setup and troubleshooting
Post Reply
fsm
Posts: 77
Joined: Thu Apr 01, 2010 10:46 pm
Location: Aus

Secure VoIP

Post by fsm » Thu May 02, 2019 10:13 am

Does Exetel support secure VoIP i.e. SIP over TLS and SRTP per-chance? Can we expect this anytime soon?

BTW, fellow VoIPera if you have an old VoIP password you might consider having a new longer one generated since efficient brute force attacks can be mounted using GPUs in video cards. The password I got from support earlier is now 14 characters comprising mixed case alphabetic characters and numbers. My original password was 11 single case alphanumerics which is not too shabby as some other VSPs but brute forcing the newer one will take on average at least 8 orders of magnitude longer. My original password was given at a time when you could change your VoIP password yourself so I changed it to something more memorable and in hindsight easier to brute force.

Unfortunately, the passwords are still sent by email It would be better if users could generate a new VoIP password in member facilities and one could set a hard VoIP spend limit.

KavindaS
Forum Admin
Posts: 2503
Joined: Wed Dec 23, 2009 3:59 pm
Location: Sydney

Re: Secure VoIP

Post by KavindaS » Thu May 02, 2019 5:51 pm

fsm wrote:
Thu May 02, 2019 10:13 am
Does Exetel support secure VoIP i.e. SIP over TLS and SRTP per-chance? Can we expect this anytime soon?
We do not have a plan on moving on the Secure SIP anytime soon, as it would only be optimal if all the carriers would use Secure Sip. Exetel being a reseller of services, we have several suppliers who we can force to use Secure SIP and not the other suppliers.
fsm wrote:
Thu May 02, 2019 10:13 am
Unfortunately, the passwords are still sent by email It would be better if users could generate a new VoIP password in member facilities and one could set a hard VoIP spend limit.
Kindly note, password emails are auto generated and there is no visibility to others. Considering possible members facility compromised issue, we have decided to remove the reset password option via members.
VoIP spend limit option is still enable in members facilities - services and usage - Manage - other settings - Voip spend threshold.

fsm
Posts: 77
Joined: Thu Apr 01, 2010 10:46 pm
Location: Aus

Re: Secure VoIP

Post by fsm » Fri May 03, 2019 6:50 pm

KavindaS wrote:
Thu May 02, 2019 5:51 pm
[We do not have a plan on moving on the Secure SIP anytime soon, as it would only be optimal if all the carriers would use Secure Sip. Exetel being a reseller of services, we have several suppliers who we can force to use Secure SIP and not the other suppliers.
Maybe it wouldn't be optimal but it would be beneficial to your users anyway. Hackers would not be able to get their hands on message digests to feed them into their brute force password cracking engines.User privacy would also be enhanced as no doubt the path from user to Exetel's SBC is more likely to be subject to eavesdropping than the paths to your upstream providers. Providing secure SIP to your users as an option has not impact on your relationship your suppliers. At most, you need to manage user expectations that there would be end to end security for their calls.
Kindly note, password emails are auto generated and there is no visibility to others.
I see you have more faith in transmitting password in clear text and the security of my mailbox than that of your own systems and staff.
Considering possible members facility compromised issue, we have decided to remove the reset password option via members.
I take no issue about how it is reset, but I would think it is beneficial to receive the new passwords in a secure manner. I hope you provide some security for the user changing their email address in facilities.
VoIP spend limit option is still enable in members facilities - services and usage - Manage - other settings - Voip spend threshold.
But that is just a soft limit that generates a courtesy email and does not limit further usage. It is of little use if the user does not receive the email.

KavindaS
Forum Admin
Posts: 2503
Joined: Wed Dec 23, 2009 3:59 pm
Location: Sydney

Re: Secure VoIP

Post by KavindaS » Fri May 03, 2019 8:40 pm

Thank you, for all your suggestions and the feedback given here. I have passed the information to the senior management, for their consideration.

Post Reply