Securing SIP Trunks APPLICATION NOTE.

Size: px
Start display at page:

Download "Securing SIP Trunks APPLICATION NOTE. www.sipera.com"

Transcription

1 APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN) over the Internet using the Session Initiation Protocol (SIP) Voice over Internet Protocol (VoIP) standard. Deploying SIP trunks enables enterprises to take full advantage of VoIP and eliminate costly Time-Division Multiplexing (TDM) trunks and TDM gateways. Enterprises route calls over the carrier s IP backbone and use the same IP connection for all their communications. Once enterprises decide to deploy one or more SIP trunks, however, they must address several important security and deployment issues. In particular, enterprises must consider the following security questions: Do the enterprise and the service provider have the same security requirements? Do the service provider and the enterprise have the same security policies for employees, networks, and VoIP system? How can the enterprise maintain control over signaling, media, security, and routing policies? How does the enterprise address new SIP or media threats to the enterprise infrastructure or to the service provider s infrastructure? What changes must the enterprise make to the firewall/network address translation (NAT) device, IP PBX, private IP addresses, numbering plan, and other components? Must the enterprise network topology be exposed? How does the enterprise ensure user/caller ID privacy? How does the enterprise ensure the privacy of actual media communications? How is actual media privacy ensured? Is encryption required? If so, must it be end-to-end? To ensure the deployment of secure SIP trunks, enterprises must implement a solution that addresses all of these questions. Sipera Systems offers a comprehensive unified communications (UC) security solution that enables enterprises to do just that, while defining a security boundary between themselves and the service provider.

2 PROBLEM An enterprise s IP PBX and other UC infrastructure components are not only valuable enterprise assets; they are critical components required for VoIP and UC services. Typically, enterprises control network access to these components through the use of virtual local area networks (VLANs), access control lists (ACLs), and firewalls. However, when enterprises provide connectivity over SIP trunks, opening access to critical resources over WANs and opening ports on the firewall present serious security challenges. Maintaining control over their own security requirements may also raise issues. Different enterprise and service provider security requirements Typically, a SIP trunk provider has one set of security requirements whereas its enterprise customers have diverse security requirements. For example, enterprises standardize on different operating systems, implement security policies differently, define different firewall rules, require different password lengths, and may differ in their need to use two-factor authentication for remote users. In the case of VoIP and UC, these varying security requirements are particularly important. Instead of being forced to adopt the standards of their SIP trunk providers, enterprises must be able to enforce their own unique security standards and maintain control over all aspects of their unified communications to: Ensure secure deployment of their SIP trunks Improve overall network security Determine the specific signaling, media, and applications that are allowed or denied access to their networks to ensure the quality of service (QoS) required for VoIP and UC services Define fine-grained security policies that are enforced based on network, user, device, and time-of-day Protection against VoIP and UC protocol vulnerabilities VoIP offers many more real-time services than data including transfer, conference, and hold, making VoIP protocols more complex, flexible, and exploitable. (Because of this, more than 50 requests for comments, or RFCs, exist for SIP in the IETF, compared with only about10 for HTTP, which has been around more than twice as long.) With known ports open on the firewall to allow VoIP and UC traffic through, enterprises must perform deep-packet inspection and continuously police application traffic to protect the VoIP network, endpoints, and IP PBXs from thousands of application-layer attacks that can cause IP PBX crashes, lost services, and degradation of voice quality. These VoIP/UC-specific application layer attacks include: Reconnaissance Spoofing Eavesdropping Signaling and media manipulation Service theft/fraud Denial of Service (DoS)/Distributed DoS attacks Fuzzing and buffer overflow exploits VoIP spam VoIP phishing Confidentiality and privacy concerns When VoIP traffic is sent over the Internet, both signaling and media traffic must be encrypted to ensure complete privacy of real-time communications. Attackers can use sniffing methods to easily exploit signaling traffic for reconnaissance purposes and to learn detailed call-related information (such as caller and called party IP addresses, date, and time of the call). Media must be encrypted to ensure privacy of the actual communication. However, encrypting media traffic poses the additional challenge of ensuring acceptable QoS without degrading performance. The problem is compounded in terms of management and operational costs if the artificial requirement for a VPN client on the phone or a home VPN gateway is imposed. Private addressing, firewalls and network address translation (NAT) IP addresses in SIP messages and message headers that are exchanged between the service provider and enterprise network must be routable IP addresses in the service provider s network. Unlike data applications, VoIP uses dynamic ports for peer-to-peer media flows between phones. For SIP trunks to work, enterprises must make the following major changes to their firewall policies for performing NAT functionality and protecting internal, private IP addresses.

3 Enterprise firewall policies must support opening dynamic ports for media, which weakens security. Enterprises must provide internal, private IP addresses that are routable in the service provider s network to support SIP message exchanges between enterprise and service provider networks. Access and authorization Before establishing a signaling or media session, remote users must be authenticated. This authentication can be done in a variety of ways, including the use of digest access authentication or certificates. Many enterprises require the use of two-factor authentication schemes such as RSA SecurID for remote access to prevent unauthorized calls on stolen or lost phones. Policy compliance for UC traffic To deploy SIP trunks without compromising established security policies, enterprises must also enforce fine-grained UC policies. VoIP and IT administrators must control voice, video, IM, and other UC applications by defining the way the applications are used and the networks, devices, and users that are authorized to interact with the applications. Policies for mobile users and devices must be dynamic and flexible to satisfy these requirements. SOLUTION The Sipera UC-Sec security appliances offer real-time UC security, including comprehensive threat protection, policy enforcement, access control, and privacy to address the issues of SIP trunk deployments. Built on the foundation of the Sipera VIPER engine and real-time platform, the UC-Sec appliances perform the following functions for securing SIP trunks: Serves as the demarcation point for the enterprise VoIP and UC network and enforces fine-grained security policies. Protects against SIP and Real-time Transport Protocol (RTP) threats by blocking them at the enterprise perimeter. Maintains privacy of the enterprise internal network, caller/user IDs, and communications. Performs firewall/nat traversal to simplify the deployment of SIP trunks. Demarcation of the enterprise and service provider VoIP/UC network Enterprises must enforce a demarcation point between their VoIP/UC boundary and the service provider using a UC security appliance like the firewalls and demilitarized zones (DMZs) they install in their data networks. The UC-Sec security appliance becomes this demarcation point and performs all security functions required to enforce enterprise security policies. UC-Sec also provides information from both the enterprise side and service provider side for QoS or service availability such that appropriate service level agreements (SLAs) can be verified and enforced. In addition, enterprises must define policies for VoIP and UC traffic that apply to the SIP trunk. For example, policies might define: Users that are allowed to make voice and video calls The SIP trunk to use for international dialing Trunks that require encryption and threat protection Calls that must be logged and whether or not to report the QoS Enterprises that have multiple departments with different security requirements and applications may require more flexible, fine-grained policy control. Frequently enterprises use multiple routes to reach the PSTN. Enterprises might also have multiple internal call servers and require flexible SIP routing policies at the edge. Sipera s UC-Sec offers fine-grained UC policy control based on network, user, device and time-of-day to give enterprises complete control over their UC infrastructure, devices, and users. Addressing the vulnerabilities and threats in SIP and RTP When traffic from the service provider WAN comes into the corporate intranet to high value assets such as VoIP servers, the traffic must pass through a VoIP security appliance, such as the UC-Sec product, which inspects and validates the traffic.

4 UC-Sec is VoIP-aware and performs deep-packet inspection and tracks call states, which is crucial for UC threat mitigation. The UC-Sec appliance also has a signature update mechanism to enable that same protection against new threats. Maintaining privacy of network topology and internal domains Enterprises require a VoIP/UC-aware appliance at the edge of their networks to hide internal network topology and SIP domain information. Sipera s UC-Sec changes private IP addresses to public IP addresses and changes private internal domains to public SIP domains in SIP messages to prevent exposure of the enterprise network topology. UC-Sec also supports: User/caller ID anonymity User privacy SIP standards that interwork with service providers SIP trunks Encryption of signaling traffic over Transport Layer Security (TLS) and encryption of media traffic over Secure RTP (SRTP) Communicating and interworking disjoint private networks Enterprise firewalls and DMZs enforce strict policies and perform NAT functions to ensure that internal enterprise networks and servers have private addresses that are not directly routable from external networks. Without overhauling these security policies, the Sipera UC-Sec appliance provides NAT traversal for signaling traffic and manages dynamic ports for media traffic. UC-Sec also participates in the signaling traffic to allow only those media sessions that follow the session specification agreed upon in the signaling channel. Unified Communications Security Life Cycle Unified Communications Security Life Cycle 1. Define Security Requirements Compare business objectives for UC with impact on information security compliance: HIPAA, PCI, FERPA, GLBA and others Define Security Assess Posture 2. Assess Security Posture Identify vulnerabilities, assess risk, determine gap between posture and requirements, consider impact on real-time application performance 4. Manage Compliance Review established posture, manage change, gather new requirements as business objectives and regulatory mandates change Manage Compliance Implement Measures 3. Implement Security Measures Optimize security posture and application performance; configure policy enforcement, threat protection, access control, privacy (encryption) Companies around the world rely on Sipera Systems to ensure their UC and VoIP deployments support compliance with information security requirements and mission-critical corporate objectives. Through dozens of successful vulnerability assessments, security architecture consulting projects, and security appliance deployments, Sipera has developed a standardized Unified Communications Security Life Cycle. This process represents a best practice for continuous improvement of the security architecture, enabling an enterprise to be certain that essential security functions can keep pace with the transforming communications infrastructure. To learn more about Sipera s solutions and for personal consultation about your UC security requirements, please visit

5 IMPLEMENTATION To enable secure SIP trunks, a single Sipera UC-Sec security appliance is deployed at the customer premise, between the internal and external firewalls, to provide complete network security, enforce security policies, and handle other SIP trunk deployment issues for the enterprise network. In the deployment shown in the following figure, Sipera UC-Sec performs border control functionality such as FW/NAT traversal (as shown in step 1), interworking, security policy enforcement based on fine-grained UC policies, and threat protection to prevent denial of service, spoofing, and stealth attacks. Because the UC-Sec product is a trusted host in the DMZ, SIP signaling traffic to the enterprise is received by the external firewall and sent to the Sipera appliance, which processes the signaling information. If the SIP signaling traffic is encrypted, UC-Sec decrypts all TLS-encrypted traffic and looks for anomalous behavior before forwarding the packets through the internal firewall to the appropriate IP PBX to establish the requested call session (as shown in step 2). Once a valid call has been set-up, RTP packets are allowed to flow through the external firewall to the Sipera UC-Sec product, which decrypts the SRTP traffic (if required) and looks for anomalous behavior in the media before passing on the RTP stream to the intended recipient (as shown in step 3). RESULT The popularity of SIP trunks is primarily due to cost savings and the increased reliability offered through service provider service level agreements (SLAs). SIP Trunks can deliver much lower cost local, toll-free, domestic, and international long distance services to any enterprise willing to replace its PSTN connectivity. They also offer a unique opportunity for large, distributed enterprises to consolidate their VoIP/UC infrastructure and connectivity to the PSTN. Therefore, it s not surprising that enterprises embrace SIP Trunks as a means to replace costly PSTN trunks and gateways, while using real-time, unified communications ubiquitously over IP networks. In some cases, enterprises use multiple SIP trunks with different providers for disaster recovery, redundancy, or to enable different applications. However, without solving network security and demarcation challenges, SIP trunks cannot be deployed on a large scale. The Sipera UC-Sec product offers a comprehensive security solution with threat protection, access control, policy enforcement, and privacy protection in a single device, enabling enterprises to address all of these challenges and securely deploy SIP trunks. ENTERPRISE IP PBX Intranet Internal Firewall 1. FW/NAT Traversal 2b. Apply VoIP/UC Policies Detect and Prevent VoIP/UC Threats Perform Interworking Functions 2c. Signaling Over TCP/UDP 2a. Encrypted signaling Over TLS 3a. SRTP Media ITSP 3c. RTP Media Sipera UC-Sec deployed in high-availability mode DMZ External Firewall PSTN 3b. Media Anomaly Detection & Prevention

6 UC Security Defined About Sipera Systems Sipera Systems, the leader in real-time Unified Communications (UC) security, is the choice of enterprises and service providers around the world to support their mission-critical UC deployments. Sipera offers groundbreaking, production-proven solutions that secure voice, video, messaging, collaboration, and other real-time communications in converged IP networks, boosting compliance with information security requirements. Backed by the industry-leading research of the VIPER lab, Sipera s solutions provide comprehensive threat protection, policy enforcement, access control, and encryption in a single flexible appliance. V# Sipera Systems Inc Firman Drive, Suite 600 Richardson, TX 75081, USA T: F: E: Copyright 2009 Sipera Systems, Inc. All rights reserved. Sipera, Sipera UC-Sec and related products, Sipera LAVA and Sipera VIPER are trademarks of Sipera Systems, Inc.

White Paper. avaya.com 1. Table of Contents. Starting Points

White Paper. avaya.com 1. Table of Contents. Starting Points White Paper Session Initiation Protocol Trunking - enabling new collaboration and helping keep the network safe with an Enterprise Session Border Controller Table of Contents Executive Summary...1 Starting

More information

SIP Trunking Configuration with

SIP Trunking Configuration with SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL

More information

Ingate Firewall/SIParator SIP Security for the Enterprise

Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...

More information

Securing Unified Communications for Healthcare

Securing Unified Communications for Healthcare Securing Unified Communications for Healthcare Table of Contents Securing UC A Unique Process... 2 Fundamental Components of a Healthcare UC Security Architecture... 3 Making Unified Communications Secure

More information

Security Best Practices for Enterprise VoIP. Preventing Attacks and Managing Risk

Security Best Practices for Enterprise VoIP. Preventing Attacks and Managing Risk Security Best Practices for Enterprise VoIP Preventing Attacks and Managing Risk A Sipera White Paper September 2007 Summary To take full advantage of unified communications (UC), enterprises are extending

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

SIP Trunking with Microsoft Office Communication Server 2007 R2

SIP Trunking with Microsoft Office Communication Server 2007 R2 SIP Trunking with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper By Farrukh Noman Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY

More information

Voice over IP Security

Voice over IP Security Voice over IP Security Patrick Park Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA vii Contents Introduction xvii Part I VoIP Security Fundamentals 3 Chapter 1 Working with

More information

Network Security Topologies. Chapter 11

Network Security Topologies. Chapter 11 Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network

More information

ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS

ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS ALCATEL-LUCENT OPENTOUCH SESSION BORDER CONTROLLER A SECURE SOLUTION FOR BORDERLESS CONVERSATIONS APPLICATION

More information

SIP Security Controllers. Product Overview

SIP Security Controllers. Product Overview SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running

More information

Session Border Controllers in Enterprise

Session Border Controllers in Enterprise A Light Reading Webinar Session Border Controllers in Enterprise Thursday, October 7, 2010 Hosted by Jim Hodges Senior Analyst Heavy Reading Sponsored by: Speakers Natasha Tamaskar VP Product Marketing

More information

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual

More information

What is an E-SBC? WHITE PAPER

What is an E-SBC? WHITE PAPER Executive Summary Enterprise communications is in a state of transformation. Businesses are replacing conventional PBX systems with VoIP and Unified Communications (UC) solutions and cloud-based services

More information

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios An Oracle White Paper June 2013 Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios Introduction Voice

More information

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Cconducted at the Cisco facility and Miercom lab. Specific areas examined Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security

More information

An Oracle White Paper August 2013. What Is an Enterprise Session Border Controller?

An Oracle White Paper August 2013. What Is an Enterprise Session Border Controller? An Oracle White Paper August 2013 What Is an Enterprise Session Border Controller? Introduction... 1 Redefining Enterprise Communications... 2 E-SBCs Protect and Control IP Communications... 3 E-SBCs Do

More information

OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border

OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border Siemens Enterprise Communications Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border April 2011 Agenda 1 Industry Trends 2 Customer Initiatives

More information

Implementing VoIP monitoring solutions. Deployment note

Implementing VoIP monitoring solutions. Deployment note Implementing VoIP monitoring solutions Deployment note Introduction With VoIP being an integral part of modern day business communications, enterprises are placing greater emphasis on the monitoring and

More information

SIP Trunking: Deployment Considerations at the Network Edge

SIP Trunking: Deployment Considerations at the Network Edge Small Logo SIP Trunking: Deployment Considerations at the Network Edge at the Network Edge Executive Summary The move to Voice over IP (VoIP) and Fax over IP (FoIP) in the enterprise has, until relatively

More information

APPLICATION NOTE. SIP Trunking Connectivity, Security and Deployment Scenarios. Introduction

APPLICATION NOTE. SIP Trunking Connectivity, Security and Deployment Scenarios. Introduction SIP Trunking Connectivity, Security and Deployment Scenarios Introduction Enterprises have traditionally based their voice communications on an in-premises telephony switch the PBX. Until recently, the

More information

Best Practices for Securing IP Telephony

Best Practices for Securing IP Telephony Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Firewall Security. Presented by: Daminda Perera

Firewall Security. Presented by: Daminda Perera Firewall Security Presented by: Daminda Perera 1 Firewalls Improve network security Cannot completely eliminate threats and a=acks Responsible for screening traffic entering and/or leaving a computer network

More information

Cisco ASA 5500 Series Unified Communications Deployments

Cisco ASA 5500 Series Unified Communications Deployments 5500 Series Unified Communications Deployments Cisco Unified Communications Solutions unify voice, video, data, and mobile applications on fixed and mobile networks, enabling easy collaboration every time,

More information

Oracle s SIP Network Consolidation Solutions. Using SIP to Reduce Expenditures and Improve Communications

Oracle s SIP Network Consolidation Solutions. Using SIP to Reduce Expenditures and Improve Communications Oracle s SIP Network Consolidation Solutions Using SIP to Reduce Expenditures and Improve Communications A typical large enterprise could enjoy 401 percent three-year ROI on the Net-Net Enterprise Session

More information

Security Considerations

Security Considerations 112 SIP Trunking VoIP endpoints and call agents such as CUCM and CUCMExpress also have facilities to control and mark packets. These can be used directly if the enterprise markings are the same as the

More information

An outline of the security threats that face SIP based VoIP and other real-time applications

An outline of the security threats that face SIP based VoIP and other real-time applications A Taxonomy of VoIP Security Threats An outline of the security threats that face SIP based VoIP and other real-time applications Peter Cox CTO Borderware Technologies Inc VoIP Security Threats VoIP Applications

More information

Attachment Q5. Voice over Internet Protocol (VoIP)

Attachment Q5. Voice over Internet Protocol (VoIP) DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page

More information

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240 SIP Trunking Christina Hattingh Darryl Sladden ATM Zakaria Swapan Cisco Press 800 East 96th Street Indianapolis, IN 46240 SIP Trunking Contents Introduction xix Part I: From TDM Trunking to SIP Trunking

More information

VOICE OVER IP SECURITY

VOICE OVER IP SECURITY VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011 Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011 Proprietary 2011 Media5 Corporation Table of Contents Introduction... 3 Solution Overview... 3 Network Topology... 4 Network Configuration...

More information

Security & Reliability in VoIP Solution

Security & Reliability in VoIP Solution Security & Reliability in VoIP Solution July 19 th, 2006 Ram Ayyakad ram@ranchnetworks.com About My background Founder, Ranch Networks 20 years experience in the telecom industry Part of of architecture

More information

OpenScape UC Firewall and OpenScape Session Border Controller

OpenScape UC Firewall and OpenScape Session Border Controller UC Firewall and Session Border Controller Security within and beyond the boundaries Security within and beyond your network s boundaries Our connected world We are living and working in a new world that

More information

SIP Trunking Steps to Success, Part One: Key Lessons from IT Managers Who ve Been There

SIP Trunking Steps to Success, Part One: Key Lessons from IT Managers Who ve Been There SIP Trunking Steps to Success, Part One: Key Lessons from IT Managers Who ve Been There Q&A Session Date: Wednesday, April 13, 2011 Q: You have to partner with a provider in order to do SIP trunking, correct?

More information

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server Quick Start Guide October 2013 Copyright and Legal Notice. All rights reserved. No part of this document may be

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

Local Session Controller: Cisco s Solution for the U.S. Department of Defense Network of the Future

Local Session Controller: Cisco s Solution for the U.S. Department of Defense Network of the Future White Paper Local Session Controller: Cisco s Solution for the U.S. Department of Defense Network of the Future What You Will Learn The future of the Department of Defense s (DoD) networks focuses on the

More information

PENTEST. Pentest Services. VoIP & Web. www.novacybersecurity.com

PENTEST. Pentest Services. VoIP & Web. www.novacybersecurity.com PENTEST VoIP & Web Pentest Services VoIP & WEB Penetration Testing The Experinced and National VoIP/Unified Communications R&D organization, NETAŞ NOVA Pentest Services test the applications, infrastructure

More information

SBC WHITE PAPER. The Critical Component

SBC WHITE PAPER. The Critical Component SBC WHITE PAPER The Critical Component Table of Contents of your VoIP Infrastructure... 3 Enter the SBC... 4 Functions... 5 Security... 5 Denial of Service... 5 Toll Fraud... 6 Encryption... 6 Policy...

More information

Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise

Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise The Changing Landscape IP-based unified communications is widely deployed in enterprise networks, both for internal calling

More information

VoIPon Solutions www.voipon.co.uk sales@voipon.co.uk Tel: +44 (0) 1245 600560. Ranch Asterisk VoIP Solution

VoIPon Solutions www.voipon.co.uk sales@voipon.co.uk Tel: +44 (0) 1245 600560. Ranch Asterisk VoIP Solution Ranch Asterisk VoIP Solution Ranch Networks manufactures Network appliances built to advance VoIP telephony deployments. The RN series of products provide security, reliability, and scalability to VoIP

More information

SIP Trunking The Provider s Perspective

SIP Trunking The Provider s Perspective SIP Trunking The Provider s Perspective Presented by Pete Sandstrom, CTO BandTel Advanced SIP Session Overview 1. Open Systems Interconnection Model (OSI) is more than a model 2. Quality of Service (QoS)

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Voice Over IP and Firewalls

Voice Over IP and Firewalls Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more

More information

WHITE PAPER. SIP Trunks. Keeping your UC System Secure

WHITE PAPER. SIP Trunks. Keeping your UC System Secure WHITE PAPER SIP Trunks Keeping your UC System Secure Table of Contents 1. Executive summary...3 2. Security considerations for SIP trunks...5 2.1. Threats.........................................................

More information

Dialogic. BorderNet Products Interwork and Connect Seamlessly and Securely at the Network Edge

Dialogic. BorderNet Products Interwork and Connect Seamlessly and Securely at the Network Edge Dialogic BorderNet Products Interwork and Connect Seamlessly and Securely at the Network Edge Versatile Dialogic BorderNet Products Handle Network Transitions for Today s Critical Services and Solutions

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

The role of the Session Border Controller in a GENBAND SIP Business Trunking Solution. SIPCONNECT is a certification mark of the SIP Forum, LLC.

The role of the Session Border Controller in a GENBAND SIP Business Trunking Solution. SIPCONNECT is a certification mark of the SIP Forum, LLC. The role of the Session Border Controller in a GENBAND SIP Business Trunking Solution SIPCONNECT is a certification mark of the SIP Forum, LLC. White Paper February 2011 Introduction Today s businesses

More information

CPNI VIEWPOINT 02/2007 ENTERPRISE VOICE OVER IP

CPNI VIEWPOINT 02/2007 ENTERPRISE VOICE OVER IP ENTERPRISE VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices

More information

Threats to be considered (1) ERSTE GROUP

Threats to be considered (1) ERSTE GROUP VoIP-Implementation Lessons Learned Philipp Schaumann Erste Group Bank AG Group IT-Security philipp.schaumann@erstegroup.com http://sicherheitskultur.at/ Seite 1 Threats to be considered (1) Eavesdropping

More information

PETER CUTLER SCOTT PAGE. November 15, 2011

PETER CUTLER SCOTT PAGE. November 15, 2011 Future of Fax: SIP Trunking PETER CUTLER SCOTT PAGE November 15, 2011 QUESTIONS AND ANSWERS TODAY S SPEAKERS Peter Cutler Vice President of Sales Instant InfoSystems Scott Page Subject Matter Expert Dialogic

More information

Threat Mitigation for VoIP

Threat Mitigation for VoIP Threat Mitigation for VoIP Bogdan Materna, VP Engineering and CTO VoIPshield Systems Third Annual VoIP Security Workshop June 2, 2006 Overview Basics VoIP Security Impact Examples of real vulnerabilities

More information

1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4

1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4 Coral IP Solutions TABLE OF CONTENTS 1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4 2.1 UGW 4 2.2 IPG 4 2.3 FLEXSET IP 5 2.4 FLEXIP SOFTPHONE 6 2.5 TELEPORT FXS/FXO GATEWAYS 7 2.6 CORAL SENTINEL 7 3 CORAL IP

More information

An Oracle White Paper February 2014. Centralized vs. Distributed SIP Trunking: Making an Informed Decision

An Oracle White Paper February 2014. Centralized vs. Distributed SIP Trunking: Making an Informed Decision An Oracle White Paper February 2014 Centralized vs. Distributed SIP Trunking: Making an Informed Decision Executive Overview Businesses across the globe are migrating from TDM access services to SIP trunks

More information

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009 S-Series SBC Interconnect Solutions A GENBAND Application Note May 2009 Business Requirements A ubiquitous global voice service offering is the challenge among today s large service providers. The need

More information

Oracle s Solution for Secure Remote Workers. Providing Protected Access to Enterprise Communications

Oracle s Solution for Secure Remote Workers. Providing Protected Access to Enterprise Communications Oracle s Solution for Secure Remote Workers Providing Protected Access to Enterprise Communications Our forecast shows that the worldwide mobile worker population will increase to more than 1.3 billion

More information

Dialogic BorderNet Session Border Controller Solutions

Dialogic BorderNet Session Border Controller Solutions Dialogic BorderNet Session Border Controller Solutions Dialogic BorderNet Session Border Controllers Transform, Connect and Secure Today s Networks and Services Dialogic BorderNet Session Border Controller

More information

Security and the Mitel Teleworker Solution

Security and the Mitel Teleworker Solution Security and the Mitel Teleworker Solution White Paper July 2007 Copyright Copyright 2007 Mitel Networks Corporation. This document is unpublished and the following notice is affixed to protect Mitel Networks

More information

VoIP Security Threats and Vulnerabilities

VoIP Security Threats and Vulnerabilities Abstract VoIP Security Threats and Vulnerabilities S.M.A.Rizvi and P.S.Dowland Network Research Group, University of Plymouth, Plymouth, UK e-mail: info@network-research-group.org This paper presents the

More information

VoIP Security regarding the Open Source Software Asterisk

VoIP Security regarding the Open Source Software Asterisk Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de

More information

SIP SECURITY JULY 2014

SIP SECURITY JULY 2014 SIP SECURITY JULY 2014 Executive Overview As with any data or communication service, it s important that all enterprises understand potential security issues related to SIP Trunking. This paper provides

More information

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ======

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ====== VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ====== Table of Contents Introduction to VoIP Security... 2 Meet Our Expert - Momentum Telecom... 2 BroadWorks... 2 VoIP Vulnerabilities... 3 Call

More information

Acme Packet session border controllers in the enterprise

Acme Packet session border controllers in the enterprise Acme Packet session border controllers in the enterprise Large enterprises have been expanding their deployments of IP telephony (IPT) for several years now. Planning has already begun to extend the benefits

More information

The Purpose of a SIP-Aware Firewall/ALG

The Purpose of a SIP-Aware Firewall/ALG NetVanta Unified Communications Technical Note The Purpose of a SIP-Aware Firewall/ALG Introduction This technical note will explore the purpose of a Session Initiation Protocol (SIP)-aware firewall/application

More information

Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0

Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0 Avaya Solution & Interoperability Test Lab Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0 Abstract These Application Notes describe the steps to configure an Avaya

More information

Application Notes for Configuring Cablevision Optimum Voice SIP Trunking with Avaya IP Office - Issue 1.1

Application Notes for Configuring Cablevision Optimum Voice SIP Trunking with Avaya IP Office - Issue 1.1 Avaya Solution & Interoperability Test Lab Application Notes for Configuring Cablevision Optimum Voice SIP Trunking with Avaya IP Office - Issue 1.1 Abstract These Application Notes describe the procedures

More information

POWERING UNIFIED COMMUNICATIONS WITH BRANCH SRX SERIES SERVICES GATEWAYS

POWERING UNIFIED COMMUNICATIONS WITH BRANCH SRX SERIES SERVICES GATEWAYS WHITE PAPER POWERING UNIFIED COMMUNICATIONS WITH BRANCH SRX SERIES SERVICES GATEWAYS Analysis of the Optimal Branch Network Architecture for Successful Unified Communications in the Enterprise Copyright

More information

Analysis of the Optimal Branch Network Architecture for Successful Unified Communications in the Enterprise

Analysis of the Optimal Branch Network Architecture for Successful Unified Communications in the Enterprise White Paper Powering Unified Communications with Branch SRX Series Services Gateways Analysis of the Optimal Branch Network Architecture for Successful Unified Communications in the Enterprise Copyright

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

Fact Sheet. N-fon Case Study

Fact Sheet. N-fon Case Study Fact Sheet. N-fon Case Study nfon AG, a service provider based in Munich, Germany is successfully providing hosted PBX services for the corporate market. These services offer an attractive option for organisations

More information

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005 Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in

More information

Brochure. Dialogic BorderNet Session Border Controller Solutions

Brochure. Dialogic BorderNet Session Border Controller Solutions Brochure Dialogic BorderNet Solutions Supercharge Connections between Networks, Services and Subscribers with Ease and Scale The BorderNet family of session border controllers (SBCs) from Dialogic helps

More information

ETM System SIP Trunk Support Technical Discussion

ETM System SIP Trunk Support Technical Discussion ETM System SIP Trunk Support Technical Discussion Release 6.0 A product brief from SecureLogix Corporation Rev C SIP Trunk Support in the ETM System v6.0 Introduction Today s voice networks are rife with

More information

DoS/DDoS Attacks and Protection on VoIP/UC

DoS/DDoS Attacks and Protection on VoIP/UC DoS/DDoS Attacks and Protection on VoIP/UC Presented by: Sipera Systems Agenda What are DoS and DDoS Attacks? VoIP/UC is different Impact of DoS attacks on VoIP Protection techniques 2 UC Security Requirements

More information

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice

More information

Risk Free Migration to Lync Kevin Isacks, VP SBC & CA Development

Risk Free Migration to Lync Kevin Isacks, VP SBC & CA Development Risk Free Migration to Lync Kevin Isacks, VP SBC & CA Development Why Lync MICROSOFT LYNC is an enterprise-ready UNIFIED COMMUNICATIONS PLATFORM LYNC CONNECTS PEOPLE everywhere, on Windows 8 and other

More information

Http://www.passcert.com

Http://www.passcert.com Http://www.passcert.com Exam : 70-337 Title : Enterprise Voice & Online Services with Microsoft Lync Server 2013 Version : DEMO 1 / 18 Topic 1, Litware, Inc Case A Overview Litware, Inc., is an international

More information

Cisco Virtual Office Unified Contact Center Architecture

Cisco Virtual Office Unified Contact Center Architecture Guide Cisco Virtual Office Unified Contact Center Architecture Contents Scope of Document... 1 Introduction... 1 Platforms and Images... 2 Deployment Options for Cisco Unified Contact Center with Cisco

More information

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network 10 Key Things Your Firewall Should Do When voice joins applications and data on your network Table of Contents Making the Move to 3 10 Key Things 1 Security is More Than Physical 4 2 Priority Means Clarity

More information

Session Control Applications for Enterprises

Session Control Applications for Enterprises Session Control Applications for Enterprises Driven by Strong Secular Growth Trends The adoption of SIP trunking The explosion of wireless and opt-in communications The emergence of OTT service providers

More information

VOICE FIREWALL. Secure your voice network edge and prevent financial losses.

VOICE FIREWALL. Secure your voice network edge and prevent financial losses. VOICE FIREWALL Secure your voice network edge and prevent financial losses. The ETM Voice Firewall secures your critical networking resources and lowers telecom expenses by protecting your enterprise voice

More information

Multi-layered Security Solutions for VoIP Protection

Multi-layered Security Solutions for VoIP Protection Multi-layered Security Solutions for VoIP Protection Copyright 2005 internet Security Systems, Inc. All rights reserved worldwide Multi-layered Security Solutions for VoIP Protection An ISS Whitepaper

More information

Challenges and opportunities for Open Source solutions

Challenges and opportunities for Open Source solutions GDS20910 39HA83090K2 D3 S20910 328MGD 7 W510200RQ1 UT 10 T28GHY620 JH7 BE4ET276 90K2 D39HA83 0K2 D39HA830 8JD6200NS12 RQ1 UTW510200 H7 BE4ET2763J 8HGDOI0912 M1 Y620110 T28GH UTW510200 83090K2 GDS20910

More information

Mitigating the Security Risks of Unified Communications

Mitigating the Security Risks of Unified Communications 2009 International Conference on Computer Engineering and Applications IPCSIT vol.2 (2011) (2011) IACSIT Press, Singapore Mitigating the Security Risks of Unified Communications Fernando Almeida 1 +, Jose

More information

Implementing Cisco IOS Network Security

Implementing Cisco IOS Network Security Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles

More information

SBC - the UC-glue Security, Interoperability, Reliability. Alexander Kunzi

SBC - the UC-glue Security, Interoperability, Reliability. Alexander Kunzi SBC - the UC-glue Security, Interoperability, Reliability Alexander Kunzi Agenda SBC? Was s das? Wer ist ACME? Is das sicher? Und wie flexibel? Acme Packet Enterprise Solutions Marketing Page 2 Customer

More information

ThinkTel ITSP with Registration Setup Quick Start Guide

ThinkTel ITSP with Registration Setup Quick Start Guide January 13 ThinkTel ITSP with Registration Setup Quick Start Guide Author: Zultys Technical Support This configuration guide was created to assist knowledgeable vendors with configuring the Zultys MX Phone

More information

Oracle s Session Initiation Protocol Trunking Solution. Increase Agility and Reduce Costs with Session Initiation Protocol Trunks

Oracle s Session Initiation Protocol Trunking Solution. Increase Agility and Reduce Costs with Session Initiation Protocol Trunks Oracle s Session Initiation Protocol Trunking Solution Increase Agility and Reduce Costs with Session Initiation Protocol Trunks Oracle s SIP trunking solution is designed to enable the hyperconnected

More information

Enterprise Voice and Online Services with Microsoft Lync Server 2013

Enterprise Voice and Online Services with Microsoft Lync Server 2013 Course 20337B: Enterprise Voice and Online Services with Microsoft Lync Server 2013 Course Details Course Outline Module 1: Voice Architecture This module introduce Enterprise Voice features of Lync Server

More information

T.38 fax transmission over Internet Security FAQ

T.38 fax transmission over Internet Security FAQ August 17, 2011 T.38 fax transmission over Internet Security FAQ Give me a rundown on the basics of T.38 Fax over IP security. Real time faxing using T.38 SIP trunks is just as secure as sending faxes

More information

IP Ports and Protocols used by H.323 Devices

IP Ports and Protocols used by H.323 Devices IP Ports and Protocols used by H.323 Devices Overview: The purpose of this paper is to explain in greater detail the IP Ports and Protocols used by H.323 devices during Video Conferences. This is essential

More information

Security Guidance for Deploying IP Telephony Systems

Security Guidance for Deploying IP Telephony Systems Report Number: I332-016R-2005 Security Guidance for Deploying IP Telephony Systems Systems and Network Attack Center (SNAC) Released: 14 February 2006 Version 1.01 SNAC.Guides@nsa.gov ii This Page Intentionally

More information

Session Border Controllers and Videoconferencing

Session Border Controllers and Videoconferencing Session Border Controllers and Videoconferencing Using a Field-Proven Solution to Simplify and Improve Multi-Vendor Conferencing Environments August 2011 Study sponsored by: Table of Contents Introduction...

More information

EarthLink Business SIP Trunking. NEC SV8300 IP PBX Customer Configuration Guide

EarthLink Business SIP Trunking. NEC SV8300 IP PBX Customer Configuration Guide EarthLink Business SIP Trunking NEC SV8300 IP PBX Customer Configuration Guide Publication History First Release: Version 1.0 May 18, 2012 CHANGE HISTORY Version Date Change Details Changed By 1.0 5/18/2012

More information

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)

More information

SIP, Security and Session Border Controllers

SIP, Security and Session Border Controllers SIP, Security and Session Border Controllers SIP, Security and Session Border Controllers Executive Summary Rolling out a public SIP service brings with it several security issues. Both users and Service

More information

A Model-based Methodology for Developing Secure VoIP Systems

A Model-based Methodology for Developing Secure VoIP Systems A Model-based Methodology for Developing Secure VoIP Systems Juan C Pelaez, Ph. D. November 24, 200 VoIP overview What is VoIP? Why use VoIP? Strong effect on global communications VoIP will replace PSTN

More information

Solution Brief. Secure and Assured Networking for Financial Services

Solution Brief. Secure and Assured Networking for Financial Services Solution Brief Secure and Assured Networking for Financial Services Financial Services Solutions Page Introduction To increase competitiveness, financial institutions rely heavily on their networks to

More information

Firewall Environments. Name

Firewall Environments. Name Complliiance Componentt DEEFFI INITION Description Rationale Firewall Environments Firewall Environment is a term used to describe the set of systems and components that are involved in providing or supporting

More information