Securing Voice Communications
There are many areas where voice and unified communications can be secured, depending on the level of security needed by specific organizations. Chapter 8, “Securing Voice,” explains this security information in more detail. There is the filtering of bad traffic in the form of viruses and buffer overflows as well as the identification and encryption of SIP communication between servers and clients. Microsoft offers security for both models, using its Microsoft Forefront security product line for filtering attacks, viruses, and SPIM, which is SPAM for Instant Messaging and if it finds its way into your network, say hello to the most annoying experience of your IT administrative life. To encrypt the communications, SIP uses Transport Layer Security (TLS). More detailed information on TLS can be found via the IETF Web site at http://www.ietf.org under the RFC 2246. TLS is an evolution of Secured Sockets Layer (SSL), which is heavily used in the configuration of Web site and e-commerce applications online. Both require certificates that are generated from a Certificate Authority (CA). A CA can be private or public, meaning you can use the CA service provided within an internal Microsoft Windows Server environment to generate certificates for your internal SIP servers. An example of a public CA would be providers such as VeriSign, Entrust, and even GoDaddy that generate certificates that are widely trusted and are already installed as preconfigured root certificates on every new PC and Mac as well as on mobile devices such as Windows Mobile and Blackberry devices.
TLS uses an architecture that includes a CA that generates a root certificate trust and also generates certificates for servers and clients that trust against the root CA. This brokering of certificates as depicted in Figure 1.12 enables a VoIP/SIP environment to establish secure sessions between servers and between clients.
Figure 1.12 TLS/MTLS architecture
To provide security between servers exclusively, the use of Mutual Transport Layer Security (MTLS) certificates configure a trust between VoIP/SIP servers. Within the Microsoft Unified Communications infrastructure itself, Microsoft enforces the use of TLS and MTLS to ensure that the UC servers that communicate with one another and clients that communicate with these servers, between each other, and between federated partners or public ITSP networks, are trusted and secure.