Cisco Systems®Multi-Service routers and Integrated Multi-Service Router series media verification and encryption features ensure that voice sessions are not affected by eavesdropping.
Cisco's Unified Communication System consists of voice and IP communication products and applications, enabling organizations to communicate more efficiently-helping them streamline business processes and immediately obtain support for appropriate personnel and resources, and increase profits. Cisco Unified Communication series is an important component of Cisco commercial communication solutions. Cisco commercial communication solutions are an integrated solution suitable for enterprises of all sizes, including network infrastructure, security and network management products, wireless connections, and life cycle service methods, as well as flexible deployment and outsourcing management options, final user and partner financing service packages, and third-party communication applications.
Product Overview
Enterprises are currently using IP communication to reduce operating expenses, increase productivity, and simplify network management. Cisco multi-service routers and integrated multi-service routers include vro platforms from the Cisco 1700 series to the Cisco 3800 series, provides powerful and Scalable IP communication solutions for the most stringent enterprise environments.
Cisco multi-service routers and integrated multi-service routers have a wide range of voice security features, which can provide high-level security protection for enterprises deploying IP communication solutions. The multi-layer architecture of Cisco based on the self-defense network model starts from the network itself and extends to the end point and application. Cisco's SAFE blueprint provides a detailed architecture of best practices and tools to secure enterprise networks.
The media encryption technology implemented by secure real-time transmission protocol (SRTP) can encrypt voice conversations, so that the internal or external eavesdroppers who obtain the access right of the voice domain cannot understand their meaning, this provides protection. The SRTP specially designed for speech grouping supports the AES encryption algorithm, which is an ietf rfc 3711 standard.
The media encryption technology of the Cisco router is combined with the media encryption features of the Cisco uniied CallManager software and the Cisco uniied IP phone, which fully guarantees the security of gateway-to-Gateway calls and IP-to-Gateway calls. Therefore, you can provide secure analog call, fax call, or IP Call and gateway call based on the gateway interface type that the media is terminated. With Transport Layer Security TLS) technology, the voice encryption key generated by Cisco uniied CallManager can be securely sent to the Cisco uniied IP Phone through the encrypted signaling path, and through IP Security IPSec) the protected link is sent to the gateway safely.
From Cisco IOS®Vro 12.3 (11) T2. by upgrading to the Advanced Enterprise Services and Advanced IP Services IOS software feature set, you can provide media encryption features on the vro. PVDM2, EVM-HD, NM-HD-AIM-VOICE and NM-HDV2 Voice Gateway network module digital signal processing module DSP) all provide the above features.
Feature table
Table 1 lists the details of media authentication and encryption solutions.
Table 1 feature table |
Verification and encryption features |
- Implement media encryption for voice RTP information stream using SRTP
- Use secure RTCP for RTP Control Protocol (RTCP) Information exchange
- SRTP to RTP rollback for calls between a security endpoint and an insecure endpoint
- The WAN failover process supports Secure calls in Cisco uniied SRST mode.
- Uses SRTP to encrypt the call media and supports compressing RTP (CRTP)
|
Verification and encryption algorithms |
- Support for AES-128 encryption algorithms
- HMAC Security Hash Verification Algorithm (SHA 1)
|
Signaling verification and encryption features |
- Gateway-to-Cisco uniied CallManager signaling and encryption use IPSec for Media Gateway Control Protocol (MGCP) and H.323 Gateway
- Transport Layer Security (Transport Layer Security)
|
Protocol Support |
- MGCP 0.1 (using Cisco uniied CallManager to support MGCP gateway)
- H.323 (Supported on H.323 gateway and IPIP gateway; available for Cisco uniied CallManager interoperability)
- SCCP in SRST mode (Cisco uniied IP phone number)
|
Module support |
- PVDM module: PVDM2-8, PVDM2-16, PVDM2-32, PVDM2-48, PVDM2-64
- Analog voice module: EVM-HD (with PVDM), NM-HD-1V, NM-HD-2V, NM-HD-2VE
- Digital VOICE module: NM-HDV2, NM-HDV2-1T1/E1, NM-HDV2-2T1/E1, NM-HDV (all versions), AIM-VOICE-30, AIM-ATM-VOICE-30
|
Encoding/decoder support |
|