Explanation of Cisco Access Router's media verification and encryption features

Currently, Cisco access routers are widely used, and the features of media verification and encryption are one of the features of Cisco access routers. So I studied how to use the secure RTP media verification and encryption features, I would like to share it with you here and hope it will be useful to you. The media authentication and encryption features provided by the Cisco Access Router prevent eavesdroppers from accessing TDM or simulating voice sessions on The Voice Gateway port. These reliable and scalable features provide a secure environment for IP communication over LAN) or WAN.

Product Overview

Branch Offices of large enterprises and small and medium-sized enterprises have carried out IP communication to reduce operating costs, increase productivity, and simplify network management. A wide range of Cisco access routers from Cisco 1700 to Cisco 3800 platforms are specifically designed to provide a wide range of powerful and Scalable IP voice communication solutions for the most demanding enterprise environments. Cisco access routers provide a wide range of voice security features to provide the highest level of security protection for enterprises that have deployed these IP communication solutions. Unlike other vendors that rely on gradually increasing single-point products to protect their communication solutions, Cisco's self-defense network-based multi-layer solutions start with the network itself, and all the way to the endpoints and applications. This comprehensive hierarchical security method is second to none in the industry. Customers can refer to the 'cisco SAFE blueprint 'to learn more about the best method architecture and tools to help protect network security.

Although level-1 Defense Controls and prevents access to audio and video domains, using secure RTPSRTP) Media encryption provides higher-level protection. It encrypts the voice session and presents it in a way that is hard to crack in the face of internal and external hackers who have access to the voice domain. SRTP is specially designed for voice grouping. It supports AES encryption algorithms and complies with the Internet Engineering Task Group (IETF) RFC 3711 standard. The bandwidth efficiency of media encryption using RTP is higher than that of IPSec.

The media encryption feature of the Cisco Access Router is also compatible with Cisco CallManager and media encryption features on Cisco IP phones to protect calls from IP phones in the first-level MGCP mode to gateways. This allows the customer to perform secure common call, analog call, or fax call between the IP phone and the gateway, depending on the Gateway Interface Type of the terminal media. The voice encryption key derived from Cisco CallManager is sent to the Cisco IP Phone or the gateway on the IPSec through an encrypted signaling path to Transport Layer Security (TLS.

The media encryption feature on the Cisco Access Router is provided starting from the IOS software V 12.3 (5th generation) T (ios pi-5 version, you can upgrade to the Advanced Enterprise Services and Advanced IP Services IOS software feature set. PVDM2, NM-HD and NM-HDV2 Voice Gateway network modules provide these features through digital signal processing module DSP.

Application

The media verification and encryption features of Cisco access routers are combined with the media encryption features on Cisco IP phones and Cisco CallManager to provide a secure environment for IP communication across the WAN or LAN. As shown in, SRTP is used to encrypt voice calls from the voice network module in branch. This provides secure calls between analog phones or fax machines in the office. Likewise, users can also use TDM in branch A to send secure calls to Cisco IP phones at Headquarters. The signaling between the gateway and Cisco CallManager in branch A is protected by IPSec, while the signaling between the Headquarters IP Phone and Cisco CallManager is protected by TLS.

Media verification and Encryption

Media verification currently provides end-to-end encryption for voice calls from Cisco IP phones to Cisco IP phones. The media encryption feature of the Cisco Access Router enables the router to support secure calls from IP phones to gateways and between gateways. The customer is now able to use IETF-based RFC3711-based security RTP to send encrypted calls to the PSTN gateway. SRTP only encrypts the load of the voice group without adding an encryption header. Therefore, SRTP-encrypted voice groups cannot be differentiated from RTP voice groups, so that QoS service quality can be supported.) compression of RTP and other features is not required. In addition, secure RTP uses AES encryption algorithms with larger keys to provide higher security. Voice encryption keys are generated by call, ensuring higher security protection. The media verification function can also verify the identity of the gateway or IPSS phone for encrypted calls. Using SRTP media encryption is suitable for voice protection on the LAN to prevent internal threats. In addition, media encryption can be deployed on an ip wan or the Internet, using the same VPN infrastructure for data.