Eavesdropping Protection
This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.
Eavesdropping is when a malicious user intercepts, views, and potentially modifies the flow of information on a network. Information flowing between Speech Server and other external components include SIP message traffic, audio data, application resources, Event Trace Log (ETL) files, and event logs. Malicious users can use this information to gain unauthorized access to computers, cause problems with Speech Server, and invade the privacy of callers that interact with Speech Server.
When network traffic crosses an untrustworthy segment (such as the Internet), take measures to help protect the data against eavesdropping.
| Vulnerability | Counter measure | Additional Information |
|---|---|---|
SIP message traffic |
Use Mutual Transport Layer Security (TLS) |
|
Media traffic |
Use Secure Real-time Transport Protocol (RTP) Use Internet Protocol Security (IPSec) |
|
Application resources |
Use Secure Sockets Layer (SSL) |
|
ETL files and event logs |
Use logging protection properties in the application code |
See Also
Other Resources
How to: Set Up a Certificate for Secure SIP Peer Communication
How to: Configure a SIP Peer for Mutual TLS
How to: Configure an Application for Secure RTP Communications