VOIP AND DATA

ENCRYPTION
SECURING COMMUNICATION CHANNELS

Prepared by: East African Data Handlers

TABLE OF
CONTENTS
EXECUTIVE SUMMARY 3
SCOPE, APPROACH, AND METHODOLOGY 4
PROJECT DELIVERABLES 5
OVERVIEW 6
CONCLUSION 10
  EXECUTIVE SUMMARY

East African Data Handlers Ltd is the leading Data Recovery across East Africa region and
its environs. We stand tall in providing IT security services and helping the organization to
carve out their business needs flawlessly and without any fears for hacking with an ever-
increasing number of successful vulnerability and penetration testing.

Our proven track record in implementing projects of national importance gives us in depth
knowledge in banking, financial and trade sectors, with large-scale enterprise-wide
integrated solutions. Protecting data while managing it for legal and regulatory demands is
increasingly complex, burdensome and often detracts focus from an organization's core
business priorities.

East Africa Data Handlers is pleased to assist our client in conducting VoIP Encryption
which will be conducted in a highly discrete manner both externally and internally for your
organization, by using our highly skilled and experienced IT experts in our company.

This assessment will enable the client encrypt both data and VoIP, secure communication
between remote sites and the headquarters.
SCOPE, APPROACH,
AND METHODOLOGY
EADH will perform a VoIP encryption within the headquarters
and across the remote sites.

The main objective is to design a security framework for secure

communication with efficient authentication techniques,
minimize the threat in the communication, maintain the secrecy
of the information and develop an environment for restricted
transfer of VoIP and data over internet protocol.

i)  VoIP Encryption
VoIP network consists of the IP phones, PBX Switch, Cisco
Switch and Cisco Router. The workstation clients are connected
in Star topology network in every remote station. The voice and
data is both transmitted and received over the Microwave dishes
and VSAT and received with the same medium in respective
destinations. The IP phones are connected in a Mesh Topology
network in all the remote stations and the headquarters.

ii)  Data Encryption

Data from the remote sites to the headquarters and vice versa
will be encrypted and decrypted once they reach their
destinations. All the workstation clients are connected in Star
Topology making the encryption to be centralized.
PROJECT
DELIVERABLES
The purpose of the assignment is to provide detailed information
on security risk, vulnerabilities and necessary counter measures
with recommended corrective actions.

Scope of the Security Assessment

The scope of this assignment comprises of three remote sites

where one site uses Microwave for transmission of both voice
and data while another site uses Very Small Aperture Terminal
(VSAT) and the last site uses both Microwave and VSAT
transmission technologies. All communication made between
the remote sites and the headquarters and other remote sites
should be encrypted.
 OVERVIEW
Highlights  Requirements

Technical Specs Medium of transmission 

Network Design  Encryption at which network OSI
Network Topology exp layer model
Voice & Data Encryption

Network 1 is composed of a Cisco Switch, Cisco Router, VoIP phones, PBX Switch, Server and
workstation. The workstation is configured into a Star Topology while the switch is between the router
and the workstation. The router routes both the VoIP and data traffic via VSAT and Microwave mode of
transmission to the headquarters and other remote sites. Some of these remote sites uses either VSAT
or Microwave mode of transmission.

Network 2 have the same network devices and configurations but uses a different mode of data and
voice transmission which is VSAT technology as a mode of transmission.

Network 3 is configured as network two with one Cisco router and switch. The router is connected to
Microwave for transmission of both voice and data in an encrypted format. Once the encrypted traffic
reaches its destination it’s then decrypted to the designed user client’s IP phone or workstation.
Voice transmission over IP uses Session Initiation Protocol (SIP) on Mesh Topology or Peer-to-peer while
data transmission uses Star Topology. The maximum delay time in each remote site for Microwave is 10
milliseconds for data and 5 milliseconds for voice while VSAT is 1,000 milliseconds for data and 500
milliseconds for voice.

The headquarters network is comprised of a Cisco core Switch that is connected to two Cisco routers.
Cisco router one which is path decision maker router and cisco router two also known as Microwave
Gateway Router are connected to each other. The Cisco router one is connected to the VSAT, it makes
the path decision to either route the packets via VSAT or Microwave. The Cisco core switch is connected
to a Cisco router one-the path decision maker, behind it is the headquarters network and data center
consisting of physical and virtualized servers and storage area network.

The network is designed and configured in Star topology whereas the IP phones are connected in a Mesh
topology. Voice and data are both encrypted within the network and while on transit to designated
destinations.

Both the VoIP and data packets will be encrypted at the Presentation Layer on the OSI Layer Model. The
encryption should be effective when transmission has been triggered therefore the same encrypted
packets should be decrypted at the destination whether the headquarters or remote sites. The solution
should suite both VSAT and Microwave transmission technology without the interruption of the normal
network set up i.e. removal of any network device.
Network One

Network Two
Network three
Headquarters Network 
 CONCLUSION
This scope defines the capability to design a secure framework for communication
using VoIP.  

This in turn uses efficient encryption and decryption techniques for maintaining the
confidentiality of the information or data to be transmitted over the channel.