Chapter 9: Network Requirements and Preparation Planning and Installation Guide
ShoreTel 11.1 131
9.12 Media Encryption
In addition to using a VPN or a firewall, another method of enhancing the security on your
network is to enable the ShoreTel media encryption feature. Media encryption, as the name
suggests, encrypts calls between users on a ShoreTel system. The encryption scrambles
communications between callers so an intruder on the network cannot eavesdrop on the
The ShoreTel encryption algorithm utilizes dynamically generated keys to encrypt the RTP
data for the media stream. The payload inside the RTP packets is encrypted by the sending
party, and the transmission is decrypted by the receiving party. The ShoreTel algorithm was
selected due to its reliability, simplicity and its efficiency – it places very little burden on the
switch's CPU even during maximum loads.
TCP/IP and UDP packet headers are not encrypted.
Only calls inside a ShoreTel network will be encrypted. Once the call passes
through TDM or analog trunks or via SIP, the encryption is stripped away and the
conversation is no longer encrypted.
The encryption algorithm handles the key exchange between the sending and
receiving parties at the time of call setup. If the call starts off without encryption,
and encryption is enabled during the middle of a call, the call will remain
There is no difference in the user experience for encrypted and unencrypted calls.
Encryption is essentially transparent, and the user will not know if the call is being
encrypted or not.
Encryption is not supported on the SoftSwitch, so calls to voice mail or auto
attendant are not encrypted.
9.12.2 Supported Platforms
The media encryption feature is supported on the following hardware.
Platform Type Model
Switches • ShoreGear 1U Half-width voice switches
• ShoreGear 1U Full-width voice switches
IP Phones • IP110
Table 9-15 Platforms Supporting Media Encryption