OOMA security protocols

Got something else to discuss that is not covered by the previous forums? Post it here!
Post Reply
chad386
Posts: 4
Joined: Wed Apr 14, 2010 4:53 pm

OOMA security protocols

Post by chad386 » Wed Apr 14, 2010 5:10 pm

Hi,

I've searched the knowledgebase and forums for answers and have not found specific enough information.

In the knowledgebase for security, this is posted.

If my calls are routed over the Internet, how does Ooma ensure that my calls remain private and secure?

The Ooma system uses the latest security and data encryption technologies. As a result, Ooma is as secure as a traditional landline.


I would like to know exactly what type of encryption is used. A phone rep told me it was VPN. I would like to know what type of VPN, as in IPsec? SSL/TLS? SSH maybe?

Also, I have read speculation that the OOMA telo contains a hardware firewall of some type. I have my OOMA installed as recommended between router and modem. I would like some clarification to this issue. I of course, am not worried about my home network since my network is still behind my router, which is configured with security in mind. I was just wondering about the firewall capabilities of the telo device itself. and if it does have one, what sort of traffic is it filtering?

I just installed my telo and am using home distribution of the OOMA dialtone. I am VERY PLEASED with the service thus far. Painless setup and call sound quality is great. I just think OOMA as a company should be a little more forthcoming with security details/protocols and have this information plainly published in the knowledgebase. The above example of a knowledgebase answer would satisfy only the most casual of users. It's basically dodging the question, and then saying, "just trust us."

Help, anyone?

Groundhound
Posts: 2711
Joined: Sat May 23, 2009 9:28 am
Location: Atlanta, GA

Re: OOMA security protocols

Post by Groundhound » Wed Apr 14, 2010 5:18 pm

I'm not sure what flavor of VPN is used, perhaps one of the Ooma mods can elaborate. AFAIK, the firewall abilities of the Ooma device are NAT, but not SPI.

chad386
Posts: 4
Joined: Wed Apr 14, 2010 4:53 pm

Re: OOMA security protocols

Post by chad386 » Wed Apr 14, 2010 5:32 pm

Thanks GroundHound, for the response. Hopefully a mod will chime in with some specifics.

The only reason I bought OOMA is I did hear that the whole "distributed termination" tech had been canned. Do you know if this is true? It has been removed from the TOS, but just wanted to make sure. That could be a security nightmare if re-implemented.

I don't doubt OOMA's dedication to security protocols. I just need to see the evidence of it if I am to keep the service.

Groundhound
Posts: 2711
Joined: Sat May 23, 2009 9:28 am
Location: Atlanta, GA

Re: OOMA security protocols

Post by Groundhound » Wed Apr 14, 2010 5:46 pm

chad386 wrote:The only reason I bought OOMA is I did hear that the whole "distributed termination" tech had been canned. Do you know if this is true? It has been removed from the TOS, but just wanted to make sure. That could be a security nightmare if re-implemented.
There are a bunch of old blogs out there referring to this that were never updated, so the question pops up occasionally. This was abandoned some time ago, I believe when the original Ooma Hub emerged from beta. Whatever the security precautions there may have been as part of the idea, the bad press that would result from re-implementing this would, IMO, far outweigh any termination cost-savings benefit - so I don't think this is something to worry about.

User avatar
Bobby B
Ooma Moderator
Posts: 1457
Joined: Mon Feb 18, 2008 8:41 pm
Location: Palo Alto, CA
Contact:

Re: OOMA security protocols

Post by Bobby B » Wed Apr 14, 2010 6:10 pm

The control/signaling traffic is securely encrypted in a VPN Tunnel. The voice data is security encrypted using SRTP. If you have the right hardware (like an old school Network hub) and a PC with wireshark, you can take a sniffer trace from the MODEM or TO INTERNET ports if you want to delve further into the security protocols.

Also, you can read this post about DT:
viewtopic.php?f=6&t=710&p=3075&hilit=termination#p3075
Bobby B

User avatar
Davesworld
Posts: 343
Joined: Sun Sep 27, 2009 6:06 pm
Location: Everett, Wa
Contact:

Re: OOMA security protocols

Post by Davesworld » Wed Apr 14, 2010 6:21 pm

Bobby B wrote:The control/signaling traffic is securely encrypted in a VPN Tunnel. The voice data is security encrypted using SRTP. If you have the right hardware (like an old school Network hub) and a PC with wireshark, you can take a sniffer trace from the MODEM or TO INTERNET ports if you want to delve further into the security protocols.

Also, you can read this post about DT:
viewtopic.php?f=6&t=710&p=3075&hilit=termination#p3075
I always wondered about the RTP packets whether or not they are RTP or SRTP and now I know at last. In a possible BYOD sense, most good ATAs support SRTP.

dknyinva
Posts: 268
Joined: Sat Feb 07, 2009 7:21 am
Contact:

Re: OOMA security protocols

Post by dknyinva » Thu Apr 15, 2010 5:33 am

It used to be that Ooma was using OpenVPN port 1194, but It's been changed. OpenVPN is an SSL/TLS based VPN

User avatar
bw1
Posts: 1781
Joined: Wed Mar 18, 2009 9:06 am
Location: MI

Re: OOMA security protocols

Post by bw1 » Thu Apr 15, 2010 5:40 am

Here is some more info: viewtopic.php?f=9&t=1131&p=5680#p8177

Note that encryption ends once you leave Ooma servers the same as it would be for other service providers whether it's through the standard PSTN or VoIP.

chad386
Posts: 4
Joined: Wed Apr 14, 2010 4:53 pm

Re: OOMA security protocols

Post by chad386 » Thu Apr 15, 2010 3:24 pm

Ok. Thanks for all the responses.

sfhub
Posts: 348
Joined: Fri Jan 22, 2010 6:22 am

Re: OOMA security protocols

Post by sfhub » Mon Apr 19, 2010 11:06 am

dknyinva wrote:It used to be that Ooma was using OpenVPN port 1194, but It's been changed. OpenVPN is an SSL/TLS based VPN
So what is it using now instead of OpenVPN?

Post Reply