SIP Peer Security
This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.
SIP peers are external components that provide telephony integration with Speech Server. To communicate with Speech Server, a SIP peer must be trusted, meaning that Speech Server must be explicitly configured to work with the SIP peer based on recognition of the IP address. If the SIP peer is not trusted, Speech Server does not accept calls from it.
The notion of trusted SIP peers provides a level of protection that depends on the assumption that the network itself is trustworthy. By default, transmissions between Speech Server and SIP peers are not encrypted. If connections with SIP peers must span untrustworthy networks (for example, network on which you are concerned eavesdropping can occur), take additional measures to help protect the data streaming between the two endpoints.
Two types of data stream between Speech Server and SIP peers that need to be protected:
- SIP messages
- Media (call audio)
Each data type requires a different technique to make it more secure. For SIP messages, you use Mutual Transport Layer Security (TLS). For media communications, you use Secure Real-time Transport Protocol (RTP). When using Telephony Interface Manager Connector (TIMC) as the SIP peer, you must use Internet Protocol Security (IPSec) to encrypt media communications instead of using Secure RTP.