<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
It is a lot easier to tap a network than to tap a T1.&nbsp; Most switches
are already SPAN capable, but you could buy a hub, build a passive tap,
do some ARP magic, or spoof a REINVITE to redirect the media.&nbsp; By
messing with ARP or a REINVITE and you effectively have a "key" to the
closet.&nbsp; There are "tools" to do this.&nbsp; However, it is much more of a
pain, expense, and obvious, to buy a T1 set so you can listen in.&nbsp; As
for analog lines, any schmuck can tap those, but it's also somewhat
obvious.<br>
<br>
Just because your MPLS network is "private" doesn't mean the underlying
provider can't see everything.&nbsp; What if they misconfigure something and
another customer is now the happy receiver of your data? How critical
is your data and how paranoid are you.<br>
<br>
My vote is for encryption.&nbsp; If you have issues, then fix them or
justify disabling it.<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Guy.Ram@t-systems.com">Guy.Ram@t-systems.com</a> wrote:
<blockquote
 cite="mid:831C37BCAD0D31499335687ED74E1E5D02C136AA@S4USJVSYAIC.ts-na.t-systems.com"
 type="cite">
  <meta http-equiv="Content-Type" content="text/html; ">
  <meta name="Generator" content="Microsoft Word 11 (filtered medium)">
  <o:SmartTagType
 namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="City">
  <o:SmartTagType
 namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
  <style>
<!--a:link
        {mso-style-priority:99;}
span.MSOHYPERLINK
        {mso-style-priority:99;}
a:visited
        {mso-style-priority:99;}
span.MSOHYPERLINKFOLLOWED
        {mso-style-priority:99;}
p.MSOPLAINTEXT
        {mso-style-priority:99;}
li.MSOPLAINTEXT
        {mso-style-priority:99;}
div.MSOPLAINTEXT
        {mso-style-priority:99;}
span.PLAINTEXTCHAR
        {mso-style-priority:99;}
span.PLAINTEXTCHAR0
        {mso-style-priority:99;}

 /* Font Definitions */
 @font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face

        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";}
span.PlainTextChar
        {font-family:Consolas;}
p.background-color--whitealign--left, li.background-color--whitealign--left, div.background-color--whitealign--left
        {mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman";}
p.background-color--whitealign--left0, li.background-color--whitealign--left0, div.background-color--whitealign--left0
        {mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman";}
span.plaintextchar0
        {font-family:Consolas;}
span.EmailStyle22
        {mso-style-type:personal;
        font-family:Arial;
        color:windowtext;}
span.EmailStyle23
        {mso-style-type:personal;
        font-family:Verdana;
        color:blue;
        font-weight:normal;
        font-style:normal;
        text-decoration:none none;}
span.EmailStyle24
        {mso-style-type:personal;
        font-family:Arial;
        color:navy;}
span.EmailStyle25
        {mso-style-type:personal;
        font-family:Verdana;
        color:blue;
        font-weight:normal;
        font-style:normal;
        text-decoration:none none;}
span.EmailStyle26
        {mso-style-type:personal-reply;
        font-family:Arial;
        color:navy;}
p.background-color--whitealign--left1, li.background-color--whitealign--left1, div.background-color--whitealign--left1
        {mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman";}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
 /* List Definitions */
 @list l0
        {mso-list-id:233666701;
        mso-list-type:hybrid;
        mso-list-template-ids:-1679020344 1357940954 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
        {mso-level-start-at:0;
        mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;
        mso-fareast-font-family:"Times New Roman";
        mso-bidi-font-family:"Courier New";}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
-->
  </style><!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
  </o:SmartTagType></o:SmartTagType>
  <div class="Section1">
  <p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
 style="font-size: 10pt; font-family: Arial; color: navy;">Hello,<o:p></o:p></span></font></p>
  <p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
 style="font-size: 10pt; font-family: Arial; color: navy;"><o:p>&nbsp;</o:p></span></font></p>
  <p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
 style="font-size: 10pt; font-family: Arial; color: navy;">Like your
kind response to this question:<o:p></o:p></span></font></p>
  <p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
 style="font-size: 10pt; font-family: Arial; color: navy;"><o:p>&nbsp;</o:p></span></font></p>
  <p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
 style="font-size: 10pt; font-family: Arial; color: navy;">Would folks
agree that for SIP traffic in
a private MPLS network should not necessarily require encryption. What
is your
advise for the normal <st1:City w:st="on"><st1:place w:st="on">Enterprise</st1:place></st1:City>
? I&#8217;m trying to understand where it makes prudent sense to enable
encryption and where it&#8217;s redundant.<o:p></o:p></span></font></p>
  <p class="MsoNormal"><font face="Arial" size="2"><span
 style="font-size: 10pt; font-family: Arial;"><o:p>&nbsp;</o:p></span></font></p>
  <p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
 style="font-size: 10pt; font-family: Arial; color: navy;">I&#8217;m trying
to counter this
statement:<o:p></o:p></span></font></p>
  <p class="MsoPlainText"><i><font face="Courier New" size="2"><span
 style="font-size: 10pt; font-style: italic;"><o:p>&nbsp;</o:p></span></font></i></p>
  <p class="MsoPlainText" style="margin-left: 0.25in;"><i><font
 face="Courier New" size="2"><span
 style="font-size: 10pt; font-style: italic;">that encryption
of the media stream should be encouraged. Although the MPLS network is
private,
it is easy to setup a traffic sniffer on computers and to tap and
record calls.
This is unlike the ISDN world where telecoms equipment is usually
locked up and
inaccessible to most employees. Companies do accept encryption as
normal
overhead&#8221;<o:p></o:p></span></font></i></p>
  <p class="MsoPlainText" style="margin-left: 0.25in;"><font
 face="Courier New" size="2"><span style="font-size: 10pt;"><o:p>&nbsp;</o:p></span></font></p>
  <p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
 style="font-size: 10pt; font-family: Arial; color: navy;">What I&#8217;ve
been told that most
enterprise networks are switched, so the connection from the desk goes
to a
switch and then right to the VoIP system, so it&#8217;s basically non-trivial
to tap a phone line that way. VoWiFi is different, but there are more
issues than
security with that. Legacy environment equivalent for wired VoIP.<o:p></o:p></span></font></p>
  <p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
 style="font-size: 10pt; font-family: Arial; color: navy;"><o:p>&nbsp;</o:p></span></font></p>
  <p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
 style="font-size: 10pt; font-family: Arial; color: navy;">Also that
Encryption will increase delay,
reduce quality, and increase BW consumption. I don&#8217;t see a lot of need
for encryption except across a peering point for example</span></font><font
 color="blue" face="Verdana" size="1"><span
 style="font-size: 8pt; font-family: Verdana; color: blue;">.<o:p></o:p></span></font></p>
  <p class="MsoNormal"><font color="blue" face="Verdana" size="1"><span
 style="font-size: 8pt; font-family: Verdana; color: blue;"><o:p>&nbsp;</o:p></span></font></p>
  <p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
 style="font-size: 10pt; font-family: Arial; color: navy;">Thanks,<o:p></o:p></span></font></p>
  <p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
 style="font-size: 10pt; font-family: Arial; color: navy;">-guy<o:p></o:p></span></font></p>
  </div>
  <pre wrap="">
<hr size="4" width="90%">
_______________________________________________
VoiceOps mailing list
<a class="moz-txt-link-abbreviated" href="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/voiceops">https://puck.nether.net/mailman/listinfo/voiceops</a>
  </pre>
</blockquote>
</body>
</html>