Network Requirements and Preparation

9 ?

24

ShoreTel, Inc.

Media Encryption

In addition to using a VPN or a firewall, another method of enhancing the security on

your network is to enable the ShoreTel media encryption feature. Media encryption, as

the name suggests, encrypts calls between users on a ShoreTel system. The encryption

scrambles communications between callers so an intruder on the network cannot

eavesdrop on the conversation.

The ShoreTel encryption algorithm utilizes dynamically generated keys to encrypt the

RTP data for the media stream. The payload inside the RTP packets is encrypted by the

sending party, and the transmission is decrypted by the receiving party. The ShoreTel

algorithm was selected due to its reliability, simplicity and its efficiency ? it places very

little burden on the switch's CPU even during maximum loads.

Details:

?

TCP/IP and UDP packet headers are not encrypted.

?

Only calls inside a ShoreTel network will be encrypted. Once the call passes

through TDM filtering or SIP, the encryption is stripped away and the conversation

is no longer encrypted.

?

The encryption algorithm handles the key exchange between the sending and

receiving parties at the time of call setup. If the call starts off without encryption,

and encryption is enabled during the middle of a call, the call will remain

unencrypted.

?

There is no difference in the user experience for encrypted and unencrypted calls.

Encryption is essentially transparent, and the user will not know if the call is being

encrypted or not.

?

Encryption is not supported on the SoftSwitch, so calls to voice mail or auto

attendant are not encrypted.

Supported Platforms

The media encryption feature is supported on the following hardware.

Table 9-13 Platforms Supporting Media Encryption

Platform Type

Model

Switches

? ShoreGear 40/8

? ShoreGear 60/12

? ShoreGear 120/24

?ShoreGear E1

?ShoreGear T1

IP Phones

? IP110

? IP210

? IP212k

? IP230

? IP530

? IP560

? IP560g