How to protect yourself from wiretapping

How to protect yourself from wiretapping in such a scheme? WP810 phones, own server (FreePbx), conversations only with internal numbers, with each other.

  • If going across the WAN, use site VPNs.
  • Lock down the voice traffic to its own subnet not accessible by other machines.
  • Non standard ports used for signaling and RTP.
  • TLS & SRTP encryption for transport and the server.
  • Encrypt the harddrives.
  • Isolate the server (network and physical access) and lock down access.
  • Active logging review.

If the data being shared warrants it consider using an expert specialty service with a contract that offers recourse for your business in the event of a breach.

Not saying this is you, but the less you spend in security, the easier it will be to circumvent.

Internal Only is fairly simple to setup assuming the handsets support TLS and SRTP which I think they do. You’ll need to configure PJSIP to use TLS and SRTP, then configure the handsets to the same.

You’ll need to prevent freepbx from creating call recordings (can easily be set in extension settings) if you don’t want recordings of the calls.

And that’s about it. Simple really. Of course if you then want calls outside of your freepbx box to be encrypted then its way harder and often impossible to achieve unless you’re talking directly to other FreePBX’s in which case the same TLS/SRTP or IAX2+encryption will do the job.

Hope that helps.

If you really want to prevent wiretapping, you should have a look at ZRTP which offers end-to-end encryption. Unfortunately it isn’t supported by most phones and I don’t think it’s natively supported by FreePBX.

Who do suspect is the MITM ?



1 Like

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.