CounterPath eyeBeam 1.5 User Guide for Windows User Manual

CounterPath eyeBeam 1.5 for Windows

53

Setting up for Security outside of eyeBeam

When using TLS, you must have the root certificate that signs the proxy's chain of certificates. In most cases,
the root certification will already be installed. Procedures for the exchange of certificates are outside the scope
of this documentation. The certificates must be stored on the eyeBeam computer, in the root certificate store.

Setting up the root certificate on your computer ensures that the connection to the proxy is TLS secure (the first
hop). Any proxy in the chain (between you and the caller) that does not support TLS may cause an insecure link
in the chain. Therefore, if the other party is outside your domain, you cannot be completely sure that the call is
secured at the signaling level, which means that you cannot be sure that it is secured at the media level.

When a call with both signaling and media encryption is established, eyeBeam displays the encryption icon
(

). This icon indicates that the call is secure between each caller and their proxy (first and last hop) and that it

may or may not be secure for other hops.

When a call with no encryption or with only signaling encryption is established, eyeBeam displays the

unencrypted icon ( ).

Setting up for Security within eyeBeam

The options for media encryption are described in the following table.

Table 14: Security Options

Option

How Outgoing Calls are Handled

How Incoming Calls Are Handled

Make and accept only
encrypted calls

eyeBeam will place all calls with TLS. The call
invite will specify SRTP media encryption.

If the correct certificates are not in place or if the
other party does not accept encrypted calls, the call
will fail.

eyeBeam will only accept INVITEs that are for
encrypted calls.

If eyeBeam receives a call INVITE that is not
encrypted, the call will be rejected and will be
placed in the Blocked list in the Calls & Contacts
drawer.

Prefer to make and
accept encrypted calls

eyeBeam will place all calls with TLS. The call
invite will specify SRTP media encryption.

If the correct certificates are not in place or if the
other party does not accept encrypted calls, the call
will fail. eyeBeam will then place the call without
encryption.

eyeBeam will accept invites for both encrypted and
unencrypted calls.

Make unencrypted calls,
accept all calls

eyeBeam will place only unencrypted calls.

If the other party does not accept unencrypted
calls, the call will fail.

eyeBeam will accept invites for both encrypted and
unencrypted calls.

Do not allow encrypted
call

eyeBeam will place only unencrypted calls.

If the other party does not accept unencrypted
calls, the call will fail.

eyeBeam will only accept invites that are for
unencrypted calls.

If eyeBeam receives a call invite that is encrypted,
the call will be rejected and will be placed in the
Blocked list in the Calls & Contacts drawer.