In VoIP network with Asterisk being the server or SIP proxy the secure calling can be achieved by enabling TLS to encrypt the signalling and enabling SRTP or ZRTP to encrypt the media or data/voice. Once implemented SIP UA, softphone or IP phone, can be set to use TLS instead of UDP or TCP as it’s transport. The advantage of choosing TLS is that the SIP traffic exchanged between SIP UA and Asterisk will be encrypted, it means it will take a considerable amount of time and effort for the Man in The Middle to decrypt it without the encryption key, if not possible.
Below are screenshots of CSipSimple (Free and Open Source SIP softphone on Android) calling the other party and having end-to-end encryption during the call with Asterisk as the server:
The VoIP call would be relatively more secure then without the encryption.
I have wrote the manual on how to set this up in Asterisk in my Asterisk 101 Book Project. There are 3 sub-topics in this topic, they are:
- Secure SIP
- Secure RTP
Later after going through the topic in the end you must decide whether you want to implement TLS with SRTP or TLS with ZRTP. You cannot have both for a call, but you might have both implemented on your systems (for different calls).
Having TLS enabled is a must, and successfully configure and enable SRTP or ZRTP is crucial on any VoIP deployment.
Visit the full content in Asterisk 101 Book Project, Secure Calling topic.
Ps. You might want to at least skim the book or actually read it before or after reading the topic.