CyberGate supports Secure SIP

Aug 26, 2022 11:23:58 AM | CyberGate CyberGate supports Secure SIP

Now CyberGate supports Secure SIP (SRTP and SIP TLS) to secure and protect the connection and contents (audio, video) with your connected Device both ways.

Connect IP Devices to Teams with CyberGate

Enterprises use CyberGate to connect IP Devices to their Teams environment (Azure Tenant ID), with two-way audio and live video. Supported IP Devices are: SIP Video Door Intercom, IP Paging System or a SIP-enabled IP Camera. These devices use the Session Initiated Protocol (SIP) to setup and tear down calls to CyberGate, which in turn will deliver the audio + video call to its destination: Teams user "vincent.vangogh@mycompany.com".

So … what is Secure SIP?

CyberGate is a transactable Software-as-a-Service (SaaS) hosted in Microsoft Azure. Secure SIP is a new feature released in July 2022 which secures and protects the connection between your connected IP Device and CyberGate in Azure.Secure sip overview

Secure SIP is comprised of:

  • SIP - Transport Layer Security (SIP-TLS) - SIP is the protocol used to setup audio & video communications from the connected IP Device to CyberGate (and vice versa). TLS is the most widely adopted security protocol designed to provide communications security over an IP network. TLS provides a set of cryptographic functions for authenticity, data integrity checks, and encryption of communications. CyberGate supports only the secure TLS version 1.2. TLS versions 1.0 and 1.1 are not supported, because these have been deprecated by the IETF.
  • Secure Real-time Transport Protocol (Secure RTP or SRTP), RTP is used to transfer the actual "payload", in our case, the audio and video exchanged between e.g. a Video Door Intercom where visitor Vincent is calling into Teams User Rembrandt. Secure RTP enforces the Advanced Encryption Standard (AES) algorithm to encrypt and decrypt all incoming and outgoing messages, and protects against replay attacks. The authentication mechanism provides a means to validate a message's authenticity and integrity.

Important: in order to make use of the new Secure SIP feature in CyberGate, your connected IP Device must also support Secure SIP (SIP-TLS and SRTP)

Is Secure SIP supported on my connected IP Device?

Our Compatibility List documents for each Manufacturer which Device Type and Model passed the interoperability test. In the coming weeks we will add a new "tag" in the Compatibility List that indicates if Secure SIP – SIP TLS and SRTP - is supported on that particular Device. For the following Manufacturers / Devices we’ve already successfully completed the Secure SIP interop test: Commend (OD1, ID5, OD5, OD10), 2N (IP Base, Solo, Verso, Vario, Force), AXIS (A8105-E).

Please note that you may need to purchase an additional software license from your Device Manufacturer or Channel Partner to enable Secure SIP.

How to enable Secure SIP for your IP Device connected to CyberGate?

Enable & configure Secure SIP (SIP TLS and SRTP) in your connected IP Device, and from that point onwards CyberGate communicates with your device using Secure SIP.

Can we enforce Secure SIP in CyberGate for all our connected IP Devices?

Yes. Refer to the "Secure Only" option in the CyberGate Management Portal. The "Secure only" option enforces use of Secure SIP for communications with all of your connected IP Devices registered for your Teams environment (Azure Tenant ID). This also means that any existing or newly added IP Device that doesn’t support - or is not configured for - Secure SIP will not be able to communicate to CyberGate (anymore).

The (outbound) Firewall rules for (Secure) SIP are:

  • For SIP: Port 5060 TCP and UDP
  • For SIP-TLS: Port 5061 TCP
  • For (S)RTP audio & video: UDP 30000 – UDP 30199

Not sure if your IP Device supports Secure SIP? Contact your equipment manufacturer, or reach out to CyberTwice.

contact button

Written By: Marjet de Boer