Even though VoIP Telephony is securer than existing PSTN telephony, VoIP Telephony is not absolutely safe from tapping. With packet capture devices like 'VoIP DNA (?)', VoIP calls can easily tapped and that's why we need to pay attention to the security of VoIP telephony.
VoIP security solution without degradation of voice quality
"Don't we only need additional VPN device for secure VoIP communication? You might say that, but it is not an ultimate solution. Because VPN is not a security solution mainly designed for VoIP communication, there are several shortcomings. VPN based VoIP security encrypts the whole network traffic and it causes network delay causing degraded voice quality. On the other hand, VoiceFinder AP2520S only encrypts voice data with built-in encryption function that eliminates the possibility of voice degradation due to the network delay.
Moreover, VPN VoIP network requires a Gatekeeper only for VPN internal network and it leads to higher investment compare to VoiceFinder AP2520S. Adding to that, additional VPN device can be a burden for companies.
VoiceFinder AP2520S is an ideal solution eliminating these problems without asking additional VPN devices and can utilizes external public Gatekeeper realizing stability and low investment.
VoIP security function for a specific area
VoiceFinder AP2520S can offer secured VoIP service to limited areas. This can be a big merit for a site emphasizing lower investment. For VPN VoIP service, the VPN should be applied to the whole VPN VoIP calls even when only limited area requires secured VoIP service. That is, to establish a call with VoIP gateway connected to VPN device, the other side is required to have VPN device. Establishing VPN for the whole network, even only limited areas ask for secured VoIP service, means squandering of resources.
Then, is there a way to use secured VoIP with specific counter parts and use ordinary VoIP communication for other counter parts at the same time? VoiceFinder AP2520S can be the right solution. AP2520S secure VoIP gateway makes possible encrypted communication for specific areas and ordinary VoIP communication for other areas. That is, AP2520S offers real-time encrypted communication when the gateway on the opposite side supports encryption and otherwise, offers ordinary VoIP communication.
Figure 1: AP2520S Secure VoIP Gateway intelligent communication structure
High-speed encryption by built-in security processor
VoiceFinder AP2520S is a most realistic solution for the customers asking VoIP Telephony security solution.
VoiceFinder AP2520S secure VoIP gateway guarantees high quality voice service along with SRTP Protocol based superior VoIP security function. Companies and public offices emphasizing secured communication, AP2520S secure VoIP gateway can be a perfect solution without additional VoIP security devices. Cutting-edge voice compression algorithm and AddPac's enhanced QoS management function realize superior voice quality with limited investment on introduction and maintenance of the gateway. Especially, it offers VoIP encryption with built-in security process without any delay in processing.
Embedded encryption key management system
AP2520S is supplied with the encryption key by the embedded AP-KMS (Key Management System). It blocks the possibility of vulnerable encryption key management.
Various network service supported
AP2520S operates both on fixed and dynamic IP address of leased line, ADSL, and Cable Modem networking environment. Also, VoiceFinder AP2520S supports various network protocols such as IP-routing, bridging, PPP, NAT/PAT, and network management features such as SNMP MIB v2, Cisco-style CLI, web and etc. This secure VoIP gateway is designed using high-performance 32bit RISC microprocessor and H/W security processor architecture with fixed network interfaces of; 1-Port 10/100Mbps Fast Ethernet, 1-Port 10Mbps Ethernet, asynchronous serial port for console, key management Port.
Table 1: VPN based VoIP security vs. AP2520S Secure VoIP
Items
VPN based VoIP Gateway
AddPac Secure VoIP Gateway
Encrypted data
Whole network data (possible delay)
Only VoIP voice data
Secured area
All areas
Only selected areas. (Ordinary VoIP calls are possible for other areas)
Gatekeeper
Internal GK is mandatory
Not essential. Able to utilize external public GK
Origin of the encryption process
VPN device
Secure VoIP Gateway
Error on center line
Failure on the whole network
Failure on calls connected to main office
Simplified network formation
Low (In a large-scale VoIP network, it cannot emerged into mesh structure.)
High (Can be easily formed as mesh type and be expanded easily)
Investment
High (VPN devices and additional GK required)
Low
Network Diagram
Powerful 32bit RISC
Microprocessor Architectures
H/W based Security Processor
Two 10/100Mpbs Fast Ethernet for
LAN & WAN with Two(2) Voice Interface Modules
FXS, FXO, and E&M Voice
Modules for Octal(8) Voice Channels
ITU-T H.323 v3 VoIP Protocol with
ITU-T H.235 Security Feature
Standard SRTP for Secure VoIP
Applications
H.323, SIP, and MGCP triple stack
support
Multi-protocol Routing Solutions
between WAN and LAN Access with H.323 based VoIP Protocol
ITU-T H.323 v3 VoIP Protocol with
ITU-T H.235 Security Feature
SIP protocol support compliant
with IETF RFC3261 (or RFC2543)
Support Voice Processing Features
- VAD, DTMF,CNG,G.168, and T.38 G3 Fax Relay
- G.723.1,G.729A,G.711 Voice Compressions
AddPac APOS Internetworking
Software to provide Scalability, Functionality, Stability, and QoS Control
for AddPac VoIP Gateway
High-performance IP-Routing
Capability with Reliability
System Performance Analysis for Process, CPU, Connection I/F
Configuration Backup & Restore for APOS Managements
Debugging, System Auditing, and Diagnostics Support
System Booting and Auto-rebooting with Watchdog Feature
System Managements with Data Logging
IP Traffic Statistics with Accounting
Embedded management scheme
Other
Scalability
Features
DHCP Server & Relay Functions
Network Address Translation (NAT) Function
Port Address Translation (PAT) Function
Dynamic DNS support
Transparent Bridging (IEEE Standard) Function
¡æ Spanning Tree Bridging Protocol
Support
¡æ Remote Bridging Support
¡æ Concurrent Routing and Bridging
Support