VoIP encryption - sRTP

There's a bit of a debate going on in the office on whether to encrypt our RTP traffic.  The VoIP network is on a VLAN and is internal only.  We're aware of some of the issues with encrypting data such as speed and QoS but what are the real risks with not encrypting our RTP traffic, such as what attacks are we opening our selves up to?  Is sRTP really worth it?
Who is Participating?
How confidential are your phone conversations?

Basically, the main threat is from the inside. If an internal "hacker" can compromise your switch and sniff your VoIP VLAN traffic, then they can in turn convert that traffic to an audio file. That's pretty much your biggest risk.

So if you trust your people on the inside, then there's really no reason to introduce more complexity to your VoIP deployment. If security is a big concern, and your telephone conversations need to maintain the highest confidentiality and security, then you need to implement sRTP.

In the end, not having sRTP is like having a landline at your house. Anybody can tap in to your line from outside your house with any Walmart phone. But it's illegal and can get you in a lot of trouble. Same here.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.