In a VoIP network, which of the following is the best protocol to protect the signaling traffic for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications?
A. Session Initiation Protocol (SIP)
B. SRTP
C. TLS/SSL
D. MGCP
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. TLS/SSL.
This question is equivalent to “In a VoIP network, which of the following is the best protocol to protect SIP.” It’s not asking about the SIP protocol itself but the protocol to protect or secure it.
The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications.
Source: Wikipedia
SIP is an application-level protocol similar to HTTP. It’s text-based and designed without much consideration for security. It’s protected by TLS/SSL.
Harold explains security issues in VoIP very nicely as follows:
There are three types of VoIP traffic, call control, gateway control, and media (audio and video). The media traffic is transferred by the RTP (Real-time Transport Protocol) protocol; SRTP is its secure version.
A media gateway connects the VoIP network to the traditional PSTN network and vice versa. A media gateway typically hosts a collection of telephony interfaces, e.g., FXO/FXS, E&M, T1/E1, etc.
Reference
- Session Initiation Protocol
- VoIP protocol architecture
- VoIP Protocols
- Call control
- Real-time Transport Protocol
- Media Gateway Control Protocol
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
在VoIP網絡中,下列哪一項是保護信令流量的最佳協議,以啟動,維護和終止包括語音,視頻和消息傳遞應用程序在內的實時會話?
A. Session Initiation Protocol (SIP)
B. SRTP
C. TLS/SSL
D. MGCP
I think the correct answer is A. The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications