AV (Un)Encryption of PC2PC calls ?!
We are taking a small break from our edge topology series to bring your attention to something that could possibly be important if not now, maybe somewhere down the line.
I was asked this question from a customer and the more I thought about it, the more I thought others should know about this as well.
What I'm talking about is securing your PC 2 PC Audio \ Video (A\V) calls within your ogranization. By nature OCS is set to encrypt this media traffic by leveraging SRTP which is Secure Real Time Transfer Protocol which is a profile of RTP which is Real Team Protocol.
However the caveat is that the default setting is set for Encrption is supported but not required. What this means is that Encrypted calls are accepted however Unencrypted calls are not necessarily turned away. Now if you require that media connections be encrypted then you should change the default GPO settings. The following below are the GPO settings that are avaiilable from this policy....
|0 = Support encryption, but do not require it. Should only be used with the TLS network protocol. (default)1 = Require encryption. Unencrypted calls are not accepted. Should only be used with the TLS network protocol.2 = Do not support encryption. Encrypted calls are not accepted.|
In a nutshell, this could be a very intersting, intriguing or better yet perplexing setting that has not crossed your mind before. In the future we will deal with more interesting items like this specially since there are 76 different GPO settings that are availble with OCS 2007.
For those that were anticipating the 4th topology of the edge servers, I will pick that back up with the next blog. thanks...