Media Encryption Network Requirements and Preparation 3
ShoreTel 14 Planning and Installation Guide 63
Media Encryption
In addition to using a VPN or a firewall, another method of enhancing the security on your network is to
enable the ShoreTel media encryption feature. Media encryption, as the name suggests, encrypts calls
between users on a ShoreTel system. The encryption scrambles communications between callers so
an intruder on the network cannot eavesdrop on the conversation.
The ShoreTel encryption algorithm utilizes dynamically generated keys to encrypt the RTP data for the
media stream. The payload inside the RTP packets is encrypted by the sending party, and the
transmission is decrypted by the receiving party. The ShoreTel algorithm was selected due to its
reliability, simplicity and its efficiency – it places very little burden on the switch's CPU even during
maximum loads.
TCP/IP and UDP packet headers are not encrypted.
Only calls inside a ShoreTel network will be encrypted. Once the call passes through TDM or
analog trunks or via SIP, the encryption is stripped away and the conversation is no longer
The encryption algorithm handles the key exchange between the sending and receiving parties at
the time of call setup. If the call starts off without encryption, and encryption is enabled during the
middle of a call, the call will remain unencrypted.
There is no difference in the user experience for encrypted and unencrypted calls. Encryption is
essentially transparent, and the user will not know if the call is being encrypted or not.
Encryption is not supported on the SoftSwitch, so calls to voicemail or auto attendant are not
Supported Platforms
The media encryption feature is supported on the hardware listed in Figure 20.
Table 20: Platforms Supporting Media Encryption
Platform Type Model
Switches ShoreTel 1U Half-width voice switches
ShoreTel 1U Full-width voice switches
Terms of Use | Privacy Policy | DMCA Policy