Once you’re done with that, adding skype-in/skype-out features to receive and place calls from/to the traditional telephony/mobile network is fairly easy, but will be covered in a separate post. In this post, we attempt to build a free, secure, SIP based communication system to provide encrypted voice and video communication, buddy lists, instant messaging, presence and remote desktop sharing/control on a self-hosted system. Since version 2.6 of our sip:provider platform, we got everything in our hands to build a secure and self-hosted Skype-like communication service solely based on open source software.
#JITSI VOIP CLIENT HOW TO#
In Part 3 you will learn how to protect existing VoIP deployments with the sip:provider acting as a Session Border Controller (SBC). This is Part 2, describing the process of setting up a Skype-like service using the sip:provider CE.
#JITSI VOIP CLIENT SERIES#
In Part 1 of our series “Build your own VoIP System” we learned about the very basics of how VoIP and SIP in particular works. Run by FHNW, the University of Applied Sciences Northwestern Switzerland.Build your own VoIP System – Part 2: An open Skype Replacement 05. The project will add client side DNSSEC validation and certificate checking to Jitsi, thus making end-to-end SIP communication secure. This avoids nearly all situations where a server tries to redirect the client to a malicious server.
A DNSSEC aware client can be sure that a validated response is the one intended by the owner of the requested domain name. DNSSEC can guarantee the integrity and authenticity of replies. A malicious server would therefore silently be able to listen to all metadata traffic. Transporting the metadata over TLS to the server does not really solve the problem as some governments run certification authorities that are trusted by the operating systems and web browsers. When a VoIP account is configured to use a specific server, it passes all traffic to the address obtained from the possibly rogue DNS server. Jitsi, or any other client application, relies on the replies from the DNS servers. As conventional DNS provides no security mechanisms, a rogue DNS can very easily supply the user with faked responses to requests and therefore redirecting him to an arbitrary server. Users usually receive the addresses of DNS servers from their internet provider. At first sight signaling data seems not important, but looking at the newest developments in the Far East and North African countries it implies that some unfriendly people might only be interested in the metadata.ĭNS is responsible for converting names into network addresses to locate servers. Securing the connection to the server through TLS helps, but the connection can still be compromised when a rogue certificate can be obtained (for example from a government CA). While these technologies provide a high level of security for the user data, the signaling metadata is blindly sent to the servers returned from DNS a query. Trying to not being just another SIP Client it incorporates security mechanisms like ZRTP for encrypted media streams (audio, video, desktop sharing, etc.) and OTR for instant messages. Jitsi (formerly known as SIP Communicator), is a Java based open source VoIP and Instant Messaging client supporting various protocols such as SIP and XMPP.
0 kommentar(er)
