Got something else to discuss that is not covered by the previous forums? Post it here!
#53030 by chad386
Wed Apr 14, 2010 5:10 pm
Hi,

I've searched the knowledgebase and forums for answers and have not found specific enough information.

In the knowledgebase for security, this is posted.

If my calls are routed over the Internet, how does Ooma ensure that my calls remain private and secure?

The Ooma system uses the latest security and data encryption technologies. As a result, Ooma is as secure as a traditional landline.


I would like to know exactly what type of encryption is used. A phone rep told me it was VPN. I would like to know what type of VPN, as in IPsec? SSL/TLS? SSH maybe?

Also, I have read speculation that the OOMA telo contains a hardware firewall of some type. I have my OOMA installed as recommended between router and modem. I would like some clarification to this issue. I of course, am not worried about my home network since my network is still behind my router, which is configured with security in mind. I was just wondering about the firewall capabilities of the telo device itself. and if it does have one, what sort of traffic is it filtering?

I just installed my telo and am using home distribution of the OOMA dialtone. I am VERY PLEASED with the service thus far. Painless setup and call sound quality is great. I just think OOMA as a company should be a little more forthcoming with security details/protocols and have this information plainly published in the knowledgebase. The above example of a knowledgebase answer would satisfy only the most casual of users. It's basically dodging the question, and then saying, "just trust us."

Help, anyone?
#53031 by Groundhound
Wed Apr 14, 2010 5:18 pm
I'm not sure what flavor of VPN is used, perhaps one of the Ooma mods can elaborate. AFAIK, the firewall abilities of the Ooma device are NAT, but not SPI.
#53032 by chad386
Wed Apr 14, 2010 5:32 pm
Thanks GroundHound, for the response. Hopefully a mod will chime in with some specifics.

The only reason I bought OOMA is I did hear that the whole "distributed termination" tech had been canned. Do you know if this is true? It has been removed from the TOS, but just wanted to make sure. That could be a security nightmare if re-implemented.

I don't doubt OOMA's dedication to security protocols. I just need to see the evidence of it if I am to keep the service.
#53033 by Groundhound
Wed Apr 14, 2010 5:46 pm
chad386 wrote:The only reason I bought OOMA is I did hear that the whole "distributed termination" tech had been canned. Do you know if this is true? It has been removed from the TOS, but just wanted to make sure. That could be a security nightmare if re-implemented.

There are a bunch of old blogs out there referring to this that were never updated, so the question pops up occasionally. This was abandoned some time ago, I believe when the original Ooma Hub emerged from beta. Whatever the security precautions there may have been as part of the idea, the bad press that would result from re-implementing this would, IMO, far outweigh any termination cost-savings benefit - so I don't think this is something to worry about.
#53035 by Bobby B
Wed Apr 14, 2010 6:10 pm
The control/signaling traffic is securely encrypted in a VPN Tunnel. The voice data is security encrypted using SRTP. If you have the right hardware (like an old school Network hub) and a PC with wireshark, you can take a sniffer trace from the MODEM or TO INTERNET ports if you want to delve further into the security protocols.

Also, you can read this post about DT:
viewtopic.php?f=6&t=710&p=3075&hilit=termination#p3075
#53038 by Davesworld
Wed Apr 14, 2010 6:21 pm
Bobby B wrote:The control/signaling traffic is securely encrypted in a VPN Tunnel. The voice data is security encrypted using SRTP. If you have the right hardware (like an old school Network hub) and a PC with wireshark, you can take a sniffer trace from the MODEM or TO INTERNET ports if you want to delve further into the security protocols.

Also, you can read this post about DT:
viewtopic.php?f=6&t=710&p=3075&hilit=termination#p3075


I always wondered about the RTP packets whether or not they are RTP or SRTP and now I know at last. In a possible BYOD sense, most good ATAs support SRTP.
#53060 by dknyinva
Thu Apr 15, 2010 5:33 am
It used to be that Ooma was using OpenVPN port 1194, but It's been changed. OpenVPN is an SSL/TLS based VPN
#53366 by sfhub
Mon Apr 19, 2010 11:06 am
dknyinva wrote:It used to be that Ooma was using OpenVPN port 1194, but It's been changed. OpenVPN is an SSL/TLS based VPN

So what is it using now instead of OpenVPN?

Who is online

Users browsing this forum: Google [Bot], Majestic-12 [Bot] and 14 guests