Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP
|
|
- Damon Arnold
- 8 years ago
- Views:
Transcription
1 Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP
2 Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual Private Networks (VPNs) are among the hottest technologies offered today by service providers for the secure transport of data, voice and multi-media services within a geographically dispersed enterprise network. This technology, in combination with IP telephony, is the basis of a service offering called the Voice VPN. Enterprise customers are using Voice VPNs as a means to drive down cost and increase integration between the handset, computer and mobile devices of the corporate user. For example, utilizing premised based IP PBXs and IP phones at all sites within the VPN allows the enterprise customer to bypass long distance toll charges when calling another enterprise location with the VPN. This is commonly referred to as On-Net to On-Net calling. However, voice traffic that leaves the enterprise, referred to as On-Net to Off-Net calling, must transit the PSTN. This requires a device called a media gateway, which connects the IP network to the PSTN at each location. Even if the On-Net to Off-Net call is destined for an enterprise that is also a Voice VPN customer the call still must transit the PSTN for security and billing purposes. This ties up expensive gateway ports and TDM transport facilities. It also degrades the voice quality, due to the fact that calls are converted from IP to TDM and back to IP (possibly a number of times). The goal of this paper is to explain, in detail, what technologies are required to enable costeffective On-Net to Off-Net calling between Voice VPNs without transiting the PSTN in a highly secure and scalable fashion. Page 1 of 11
3 Today s Enterprise VoIP VPN Today s enterprise VoIP VPN s are islands and only able to interconnect to other enterprise VoIP VPNs via the PSTN (See Figure 1). Figure 1: Today s MPLS Infrastructure for Enterprise Voice VPNs In examining this architecture the obvious question is Why is the PSTN needed when the call origination and destination is a VoIP endpoint between two enterprise Voice VPNs? Well, there are several valid reasons why this is necessary today in the carrier network. 1. Network Address Port Translation (NAPT) A VPN typically utilizes a private IP addressing scheme, which is not routable outside that VPN. To connect to another IP network such as the Internet, a router, illustrated as the NAPT Provider Edge (PE) device, translates and maps a private IP address to a public IP address which is then routable to any other reachable IP network. This scheme, described by RFC 1631, has been in place for years and works well for data applications. However, VoIP protocol suites such as H.323, MGCP and SIP that include IP address and port information in their message payloads are adversely affected by the use of NAPT. Most NAPT devices do not edit the contents of the IP payload (Layer 7 content), therefore the indicated IP address and port for media in a signaling packet will be ignored and the media (voice) will not pass through the router/firewall. Page 2 of 11
4 Figure 2: SIP Example - destination address and port of the media is embedded in the SIP payload, which current NAPT devices cannot translate. Compounding the NAT problem is the fact that it is common for Voice VPN customers utilizing private IP addressing schemes to have overlapping IP addresses. For example, VPN-1 and VPN-2 could in fact have IP Phones with the same IP address making it impossible to route calls between them. Even if the NAPT PE device illustrated below had the capability to solve these problems it would still be routing the voice to a public IP network, allowing enterprise voice traffic to be vulnerable to hackers that can easily eavesdrop and place unauthorized calls over the enterprise network s resources. Figure 3: Current deployment architecture for Firewall and NAT devices 2. Security Voice VPNs are implemented in a manner that prohibits any Inter-Enterprise communication for security purposes. This allows all traffic within the Voice VPN to be Page 3 of 11
5 considered trusted, therefore once a user is authenticated and authorized onto the network no further security policing, such as a firewall, is required for that user to communicate with all locations within the Voice VPN. To enable interconnection of Voice VPNs, service providers will need to interconnect trusted networks together and must ensure that there is a secure boundary (firewall) between the Voice VPNs - protecting the enterprise networks from security threats. The most recognized threats to a Voice VPN are: Denial-of-service (DoS) attacks: Prevention of access to a network service by bombarding IP PBXs, IP Phones or media gateway devices on the Voice VPN with unauthorized packets. Eavesdropping: Unauthorized interception of Real-Time Transport Protocol (RTP) media streams and decoding of signaling messages for the purposes of listening to the calls or learning the IP network topology of the Voice VPN or service provider networks. Unauthorized access: Impersonation of a legitimate user allowing the hacker to gain access to enterprise network resources to place unauthorized phone calls. Another security requirement the service provider must address is how to ensure privacy when voice traffic must transit a public non-trusted network. As mentioned earlier, private IP addresses must use a NAPT function to be mapped to a public IP address before the packets can be routed to another enterprise Voice VPN. Most enterprise customers see this as a major security concern and mandate that all voice traffic transiting a public IP network must be encrypted. The use of RTP encryption and IPSec is an option but very complex and costly for the service provider to administer and maintain. Also, these technologies typically do not interoperate in the multi-vendor environments deployed within the enterprise networks. Of course the carrier VoIP network elements such as proxy servers, gatekeepers, and media gateways must be protected from these types of attacks originating from a Voice VPN customers network as well. Traditional routers and firewalls do not meet these VoIP security requirements. 3. Billing Without traffic traversing the PSTN how can the service provider generate call detail records (CDR) needed to capture revenue for the origination/termination of the On-Net to Off-Net calls placed between the Voice VPNs? 4. Call Admission Control (CAC) How can the service provider create and enforce a Service Level Agreement (SLA) for each Voice VPN customer, which limits the number of calls or amount of bandwidth the Voice VPN is allowed to use on the IP network in a manner similar to the way they can today with a TDM trunk connection to the PSTN? MPLS routers are not session aware and cannot offer this capability on a call-by -call basis, which is required for Call Admission Control (CAC). Since voice is real-time traffic it is imperative that it is policed at the point of ingress onto the service provider s network to ensure that the authorized calls have adequate network resources to guarantee toll quality. Without this capability honoring a Voice VPN SLA is not possible. Page 4 of 11
6 It is clear that with existing router and firewall technology, service providers cannot overcome the critical obstacles of: NAT traversal, NAPT, overlapping IP addresses, security, billing and admission control. Connecting even two enterprises introduces new requirements. Because existing products cannot meet these requirements, a new product category has risen to the challenge Session Controllers. Session Controllers reside at the edge of the service provider s network and are a highperformance, high-capacity critical network element that handle both signaling and media. Session Controllers meet the requirements for interconnection by delivering security, QoS mediation, and management (session detail records for billing and reconciliation) for the peering of VoIP networks. They support service provider SIP and H.323 networks and complement existing network infrastructure such as MPLS routers and Layer 3 and 4-aware firewalls. Page 5 of 11
7 Netrake ncite Session Controller Enabling the secure interconnection of Voice VPNs A Session Controller is a new network element that provides carrier grade, secure, protocol aware session based network address/port translation, hosted Voice VPN firewall, session admission control and session detail records for real time, multi-media communications such as IP telephony. With a session controller, interconnecting Voice VPNs is now possible as illustrated in Figure 4. Figure 4: The deployment of session controllers within existing MPLS VPN networks is seamless How the Hosted Voice VPN Firewall works The ncite Session Controller connects to the provider edge (PE) MPLS router via gigabit ethernet interfaces. The PE router sets an 802.1q VLAN tag, which correlates to a Voice VPN within the MPLS network on all packets routed to the ncite. Through the use of the 802.1q VLAN tags the ncite is able to support overlapping private IP addresses used in the Voice VPNs via a virtual interface. Each Voice VPN uses a unique virtual interface configured on the ncite which acts as an outbound proxy, in the case of SIP, for the Voice VPN and performs SIP proxy 1, media anchoring* and registration binding* for the sessions. This places the ncite in the signaling and media path for all voice traffic routed between the Voice VPNs where it serves as a firewall protecting the Voice VPNs from the VoIP security threats such as Denial of Service attacks, flood protection, Rogue RTP, etc. The ncite also performs the following critical tasks to enable the secure interconnection of the Voice VPNs. 1 *For a more detailed explanation of the ncite s SIP features please read Page 6 of 11
8 1. Network Address Port Translation (NAPT) Figure 5: Hosted Firewall - The ncite is seamlessly deployed into existing architectures and dynamically opens/closes pinholes and performs NAT bindings to allow authorized traffic through The ncite performs NAPT of the layer 3 IP addresses as well as the IP address and port information in the message payloads of SIP and H.323 protocols. The ncite has a virtual network that contains a pool of registered public IP addresses to interconnect all virtual interfaces in the system.. When a voice packet arrives on a virtual interface, the ncite requests an address/port pair from the pool and translates the Voice VPNs private IP address to a public IP address allowing it to be routed to the destination Voice VPN. The ncite then creates a pinhole through the Voice VPN firewall for the duration of the call. Once the call is complete the pinhole is closed in the firewall and the ncite releases the IP address/port pair for future use. 2. Security The ncite acts as a hosted Voice VPN firewall within the carrier network providing protection from the most important threats to a Voice VPN: Denial-of-service (DoS) Attack Prevention The ncite also detects a sophisticated form of DoS attack called Rogue RTP. Rogue RTP is defined as receiving RTP traffic from multiple sources matching the open pinholes of an active call. What makes it difficult to detect is that in most cases this may be a legitimate function of the voice network, such as a media server injecting RTP packets into an active call mid stream to provide music while the call is on hold or a gateway fails over to another device. Or, in some cases, this could be a hacker that guessed the IP address/port of an active call and is injecting inauthentic RTP packets for the purposes of disrupting the call. Due to the varying scenarios, this situation makes it impossible to guarantee the sending and receiving of IP addresses and port numbers of all RTP packets will be the same for Page 7 of 11
9 the duration of the call. Therefore, configuring an ACL that includes source IP address and source port during the authentication process to prevent Rogue RTP is not possible. The ncite algorithm that detects the occurrence of Rogue RTP is called Late Rouge Detection (LRD). LRD is based on RTP arriving from multiple sources for longer than a configurable time and by performing RTP header validation for each packet. Each RTP packet is compared against expected value of the Source IP Address, Source Port, RTP version number and RTP sequence number. Since it is possible for the RTP packets to arrive out of sequence the RTP sequence number is checked to make sure it is within the range of expected sequence numbers. Any changes to these parameters indicate signs of rogue RTP activity. Once the RTP session is declared rogue, the source IP address and source port of the senders along with the reason for declaring the stream rogue is recorded and an alarm is generated. The ncite informs the operator with appropriate parameters to identify the call and allows the operator to monitor the call while in progress or terminate the call if necessary. The IP address/port used for the pinhole can then placed on a quarantine list, so no future calls will use the pinhole that has been compromised until the operator can make the necessary policy changes to block the hackers access to the network. Eavesdropping The ncite Session Controller is a completely secure network element with a pool of IP address/port pairs that change dynamically on a call-by-call basis as the calls are routed between Voice VPNs. This virtual network in not accessible or known to anyone other than the service provider provisioning the network and the two VoIP endpoints participating in the call. Hence, the RTP (voice) never traverses a public network and requires no RTP encryption for the media or IP Sec tunnels between VPNs to ensure security. This meets the Voice VPN customer requirements for security and greatly simplifies the provisioning and maintenance for the service provider. Unauthorized Access Prior to dynamically opening a pinhole through the existing firewall, ncite performs the session admission control (SAC) function to authenticate the call. ncite opens pinholes by matching 3 tuples (Destination IP Address, Destination Port, and Protocol) against an access control list (ACL) for the Voice VPNs. Once the call is authenticated, ncite performs SIP, H.323 and RTP message validation on each packet in the session and disallows any unauthorized or suspicious packets from passing through the firewall. 3. Billing. The ncite generates session detail records (SDRs), which may be imported by the carrier billing system to capture the origination/termination revenue for all calls routed between Voice VPNs. Since the ncite anchors the media for calls routed between Voice VPNs, the SDR contains detailed information pertaining to the quality of the call. Network conditions such as delay, jitter and packet loss are reported enabling the operator to troubleshoot call quality issues in real-time. Below is a partial SDR. Page 8 of 11
10 Netrake ncite Session Detail Record (SDR) callinghost calleduser calledhost callendstate callstarttime callendtime callduration callingsrcip callingdestip callingflowpacket callingminlatency callingmaxlatency callingavglatency callingavgjitter calledsrcip calleddestip terminatingip calledflowpacket calledminlatency calledmaxlatency c.net c.net c.net c.net c.net c.net Session Admission Control. When a Voice VPN customer is provisioned on the ncite, the operator specifies a virtual line count for that customer. The virtual line count equates to the number of concurrent calls that specific Voice VPN customer is allowed to route through the ncite. When the virtual line count limit is exceeded the ncite can be configured to enforce SLA s by doing the following: Generate a busy message and send to the call initiator. Allow the call and flag the SDR indicating a violation of SLA. This flag can then be used to trigger a premium charge for all calls exceeding the SLA in the carrier billing system. Downgrade the QoS and allow the call through a best effort route. The ncite enables this utilizing diffserv packet marking on all packets routed to the MPLS network where they can be placed on the appropriate LSP per the service providers MPLS trafficengineering scheme. Calls are admitted based on source address, destination port, destination address, and protocol using 3- or 4-tuple admission control. Page 9 of 11
11 Summary The ncite Session Controller is a new class of network infrastructure product that enables service providers offering MPLS VPNs the ability to overlay real-time, peer-to-peer multimedia applications such as IP telephony onto their existing network architecture. By combining the critical functions discussed in this paper into a single scalable, manageable and highly available system the ncite greatly reduces the CAPEX and OPEX associated with other multi-box solutions on the market. ncite can also be utilized by the service provider to enable several other applications such as; Wholesale VoIP origination/termination with other carriers Secure instant messaging with push to talk capabilities Secure video conferencing Hosted Media Gateway Hosted Communications Services such as IP Centrex, Presence, Conferencing and Call Centers Firewall traversal solutions for enterprise and consumer product offerings that utilize a public IP network Finally, the ncite Session Controller is easy to deploy, simply requiring its components to be positioned in the communication path in the servi ce provider and each corresponding enterprise network. The solution provides complete transparency and anonymity for existing network communication devices - none of the devices have to change their behavior. The Netrake solution ensures secure traversal of real-time communications and enables communication service providers to deliver valuable, secure products and services to their enterprise customers.. Page 10 of 11
Session Border Controllers in Enterprise
A Light Reading Webinar Session Border Controllers in Enterprise Thursday, October 7, 2010 Hosted by Jim Hodges Senior Analyst Heavy Reading Sponsored by: Speakers Natasha Tamaskar VP Product Marketing
More informationSecuring SIP Trunks APPLICATION NOTE. www.sipera.com
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
More informationS-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009
S-Series SBC Interconnect Solutions A GENBAND Application Note May 2009 Business Requirements A ubiquitous global voice service offering is the challenge among today s large service providers. The need
More informationSIP Trunking Configuration with
SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL
More informationApplication Notes. Introduction. Contents. Managing IP Centrex & Hosted PBX Services. Series. VoIP Performance Management. Overview.
Title Series Managing IP Centrex & Hosted PBX Services Date July 2004 VoIP Performance Management Contents Introduction... 1 Quality Management & IP Centrex Service... 2 The New VoIP Performance Management
More informationVOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com
VOIP THE ULTIMATE GUIDE VERSION 1.0 9/23/2014 onevoiceinc.com WHAT S IN THIS GUIDE? WHAT IS VOIP REQUIREMENTS OF A VOIP SYSTEM IMPLEMENTING A VOIP SYSTEM METHODS OF VOIP BENEFITS OF VOIP PROBLEMS OF VOIP
More informationA Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.
A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money
More informationWhat is an E-SBC? WHITE PAPER
Executive Summary Enterprise communications is in a state of transformation. Businesses are replacing conventional PBX systems with VoIP and Unified Communications (UC) solutions and cloud-based services
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationInternet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011
Internet Security Voice over IP ETSF10 Internet Protocols 2011 Kaan Bür & Jens Andersson Department of Electrical and Information Technology Internet Security IPSec 32.1 SSL/TLS 32.2 Firewalls 32.4 + Voice
More informationVoice Over IP and Firewalls
Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more
More informationDialogic. BorderNet Products Interwork and Connect Seamlessly and Securely at the Network Edge
Dialogic BorderNet Products Interwork and Connect Seamlessly and Securely at the Network Edge Versatile Dialogic BorderNet Products Handle Network Transitions for Today s Critical Services and Solutions
More informationVoice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology
Voice Over Internet Protocol (VOIP) SECURITY Rick Kuhn Computer Security Division National Institute of Standards and Technology What is VOIP? Voice Over Internet Protocol Voice Communications over data-style
More informationAddressing Inter Provider Connections With MPLS-ICI
Addressing Inter Provider Connections With MPLS-ICI Introduction Why migrate to packet switched MPLS? The migration away from traditional multiple packet overlay networks towards a converged packet-switched
More informationVPLS lies at the heart of our Next Generation Network approach to creating converged, simplified WANs.
Virtual Private LAN Service (VPLS) A WAN that thinks it s a LAN. VPLS is a high security, low latency means to connect sites or services either point-to-point or as a mesh. We use Virtual Private LAN Service
More informationSecurity Considerations
112 SIP Trunking VoIP endpoints and call agents such as CUCM and CUCMExpress also have facilities to control and mark packets. These can be used directly if the enterprise markings are the same as the
More informationSIP Security Controllers. Product Overview
SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running
More informationTECHNICAL CHALLENGES OF VoIP BYPASS
TECHNICAL CHALLENGES OF VoIP BYPASS Presented by Monica Cultrera VP Software Development Bitek International Inc 23 rd TELELCOMMUNICATION CONFERENCE Agenda 1. Defining VoIP What is VoIP? How to establish
More informationAPPLICATION NOTE. SIP Trunking Connectivity, Security and Deployment Scenarios. Introduction
SIP Trunking Connectivity, Security and Deployment Scenarios Introduction Enterprises have traditionally based their voice communications on an in-premises telephony switch the PBX. Until recently, the
More informationSIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240
SIP Trunking Christina Hattingh Darryl Sladden ATM Zakaria Swapan Cisco Press 800 East 96th Street Indianapolis, IN 46240 SIP Trunking Contents Introduction xix Part I: From TDM Trunking to SIP Trunking
More informationWhite Paper. Traversing Firewalls with Video over IP: Issues and Solutions
Traversing Firewalls with Video over IP: Issues and Solutions V Table of Contents Introduction Role of a Firewall Deployment Issues Relating to IP Video and Firewall Traversal The VCON SecureConnect Solution
More informationAn Oracle White Paper August 2013. What Is an Enterprise Session Border Controller?
An Oracle White Paper August 2013 What Is an Enterprise Session Border Controller? Introduction... 1 Redefining Enterprise Communications... 2 E-SBCs Protect and Control IP Communications... 3 E-SBCs Do
More informationIntegrating SIP Trunks in Enterprise Networks for Next- Generation Unified Communications
Integrating SIP Trunks in Enterprise Networks for Next- Generation Unified Communications Abstract The adoption of Unified Communications within the enterprise is well underway. The major benefits of this
More informationVoice over IP Security
Voice over IP Security Patrick Park Cisco Press Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA vii Contents Introduction xvii Part I VoIP Security Fundamentals 3 Chapter 1 Working with
More informationCisco Networks (ONT) 2006 Cisco Systems, Inc. All rights reserved.
Optimizing Converged Cisco Networks (ONT) reserved. Lesson 2.4: Calculating Bandwidth Requirements for VoIP reserved. Objectives Describe factors influencing encapsulation overhead and bandwidth requirements
More informationInteractive communications over IP networks
How many times have you heard "IP networks don't make any money!" Probably way too many! Compared to the PSTN, IP networks are big zeroes in terms of financial appeal. Today, while data consumes more than
More informationWhite Paper. avaya.com 1. Table of Contents. Starting Points
White Paper Session Initiation Protocol Trunking - enabling new collaboration and helping keep the network safe with an Enterprise Session Border Controller Table of Contents Executive Summary...1 Starting
More informationVoIP Trunking with Session Border Controllers
VoIP Trunking with Session Border Controllers By Chris Mackall Submitted to the Faculty of the Information Technology Program in Partial Fulfillment of the Requirements for the Degree of Bachelor of Science
More informationBrochure. Dialogic BorderNet Session Border Controller Solutions
Brochure Dialogic BorderNet Solutions Supercharge Connections between Networks, Services and Subscribers with Ease and Scale The BorderNet family of session border controllers (SBCs) from Dialogic helps
More informationVoice over IP Basics for IT Technicians
Voice over IP Basics for IT Technicians White Paper Executive summary The IP phone is coming or has arrived on desk near you. The IP phone is not a PC, but does have a number of hardware and software elements
More informationBest Practices for Securing IP Telephony
Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram
More informationSIP, Security and Session Border Controllers
SIP, Security and Session Border Controllers SIP, Security and Session Border Controllers Executive Summary Rolling out a public SIP service brings with it several security issues. Both users and Service
More informationEarthLink Business SIP Trunking. NEC SV8300 IP PBX Customer Configuration Guide
EarthLink Business SIP Trunking NEC SV8300 IP PBX Customer Configuration Guide Publication History First Release: Version 1.0 May 18, 2012 CHANGE HISTORY Version Date Change Details Changed By 1.0 5/18/2012
More informationEarthLink Business SIP Trunking. NEC SV8100 IP PBX Customer Configuration Guide
EarthLink Business SIP Trunking NEC SV8100 IP PBX Customer Configuration Guide Publication History First Release: Version 1.0 August 30, 2011 CHANGE HISTORY Version Date Change Details Changed By 1.0 8/30/2011
More informationSprint s Partner Interexchange Network (PIN) A New Approach to Scalable Voice Peering
Sprint s Partner Interexchange Network (PIN) A New Approach to Scalable Voice Peering Sprint Wholesale White Paper October, 2009 Executive Overview has caused Sprint to develop a a larger community of
More informationDeploying Secure Enterprise Wide IP Videoconferencing Across Virtual Private Networks
Deploying Secure Enterprise Wide IP Videoconferencing Across Virtual Private Networks Document Overview This document provides an overview of how to effectively and securely provide IP-based videoconferencing
More informationImplementing VoIP monitoring solutions. Deployment note
Implementing VoIP monitoring solutions Deployment note Introduction With VoIP being an integral part of modern day business communications, enterprises are placing greater emphasis on the monitoring and
More information1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4
Coral IP Solutions TABLE OF CONTENTS 1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4 2.1 UGW 4 2.2 IPG 4 2.3 FLEXSET IP 5 2.4 FLEXIP SOFTPHONE 6 2.5 TELEPORT FXS/FXO GATEWAYS 7 2.6 CORAL SENTINEL 7 3 CORAL IP
More informationSIP Trunking The Provider s Perspective
SIP Trunking The Provider s Perspective Presented by Pete Sandstrom, CTO BandTel Advanced SIP Session Overview 1. Open Systems Interconnection Model (OSI) is more than a model 2. Quality of Service (QoS)
More informationApplication Note. Pre-Deployment and Network Readiness Assessment Is Essential. Types of VoIP Performance Problems. Contents
Title Six Steps To Getting Your Network Ready For Voice Over IP Date January 2005 Overview This provides enterprise network managers with a six step methodology, including predeployment testing and network
More informationOpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border
Siemens Enterprise Communications Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border April 2011 Agenda 1 Industry Trends 2 Customer Initiatives
More informationIngate Firewall/SIParator SIP Security for the Enterprise
Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?...
More informationVoice over IP (VoIP) Basics for IT Technicians
Voice over IP (VoIP) Basics for IT Technicians VoIP brings a new environment to the network technician that requires expanded knowledge and tools to deploy and troubleshoot IP phones. This paper provides
More informationDialogic BorderNet Session Border Controller Solutions
Dialogic BorderNet Session Border Controller Solutions Dialogic BorderNet Session Border Controllers Transform, Connect and Secure Today s Networks and Services Dialogic BorderNet Session Border Controller
More informationWHITE PAPER. Addressing Inter Provider Connections with MPLS-ICI CONTENTS: Introduction. IP/MPLS Forum White Paper. January 2008. Introduction...
Introduction WHITE PAPER Addressing Inter Provider Connections with MPLS-ICI The migration away from traditional multiple packet overlay networks towards a converged packet-switched MPLS system is now
More informationEarthLink Business SIP Trunking. ININ IC3 IP PBX Customer Configuration Guide
EarthLink Business SIP Trunking ININ IC3 IP PBX Customer Configuration Guide Publication History First Release: Version 1.0 August 30, 2011 CHANGE HISTORY Version Date Change Details Changed By 1.0 8/30/2011
More informationVoIP Security regarding the Open Source Software Asterisk
Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de
More informationOptimizing Converged Cisco Networks (ONT)
Optimizing Converged Cisco Networks (ONT) Module 2: Cisco VoIP Implementations (Deploy) Calculating Bandwidth Requirements for VoIP Objectives Describe factors influencing encapsulation overhead and bandwidth
More informationBenefits of Using a Demarcation Device When Integrating Legacy Voice, SIP Trunks and Microsoft OCS R2
TECHNICAL WHITE PAPER Benefits of Using a Demarcation Device When Integrating Legacy Voice, SIP Trunks and Microsoft OCS R2 2 SIP Trunking SIP Trunking INTRODUCTION The term trunking has been used in the
More informationSIP Trunking with Microsoft Office Communication Server 2007 R2
SIP Trunking with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper By Farrukh Noman Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY
More informationSession Border Controller
Session Border Controller SBC OVERVIEW: Media Routes SBC is an advanced, comprehensive Policy enforcement point, Session Management and Service Orchestration engine deployed as a network border element
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationGateways and Their Roles
Gateways and Their Roles Understanding Gateways This topic describes the role of voice gateways and their application when connecting VoIP to traditional PSTN and telephony equipment. Analog vs. Digital
More informationCPNI VIEWPOINT 02/2007 ENTERPRISE VOICE OVER IP
ENTERPRISE VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices
More informationVoice over IP (VoIP) for Telephony. Advantages of VoIP Migration for SMBs BLACK BOX. 724-746-5500 blackbox.com
Voice over IP (VoIP) for Telephony Advantages of VoIP Migration for SMBs BLACK BOX Hybrid PBX VoIP Gateways SIP Phones Headsets 724-746-5500 blackbox.com Table of Contents Introduction...3 About Voice
More informationAn Examination of the Firewall/NAT Problem, Traversal Methods, and Their Pros and Cons
TRAVERSING FIREWALLS AND NATS WITH VOICE AND VIDEO OVER IP An Examination of the Firewall/NAT Problem, Traversal Methods, and Their Pros and Cons Traversing Firewalls and NATs With Voice and Video Over
More informationNETWORK ISSUES: COSTS & OPTIONS
VIDEO CONFERENCING NETWORK ISSUES: COSTS & OPTIONS Prepared By: S. Ann Earon, Ph.D., President Telemanagement Resources International Inc. Sponsored by Vidyo By:S.AnnEaron,Ph.D. Introduction Successful
More informationethernet services for multi-site connectivity security, performance, ip transparency
ethernet services for multi-site connectivity security, performance, ip transparency INTRODUCTION Interconnecting three or more sites across a metro or wide area network has traditionally been accomplished
More informationVoice Over IP (VoIP) Denial of Service (DoS)
Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based
More informationHow To Understand The Purpose Of A Sip Aware Firewall/Alg (Sip) With An Alg (Sip) And An Algen (S Ip) (Alg) (Siph) (Network) (Ip) (Lib
NetVanta Unified Communications Technical Note The Purpose of a SIP-Aware Firewall/ALG Introduction This technical note will explore the purpose of a Session Initiation Protocol (SIP)-aware firewall/application
More informationIVCi s IntelliNet SM Network
IVCi s IntelliNet SM Network Technical White Paper Introduction...2 Overview...2 A True ATM Solution End to End...2 The Power of a Switched Network...2 Data Throughput:...3 Improved Security:...3 Class
More informationSecuring Unified Communications for Healthcare
Securing Unified Communications for Healthcare Table of Contents Securing UC A Unique Process... 2 Fundamental Components of a Healthcare UC Security Architecture... 3 Making Unified Communications Secure
More informationCisco ASA 5500 Series Unified Communications Deployments
5500 Series Unified Communications Deployments Cisco Unified Communications Solutions unify voice, video, data, and mobile applications on fixed and mobile networks, enabling easy collaboration every time,
More informationSBC WHITE PAPER. The Critical Component
SBC WHITE PAPER The Critical Component Table of Contents of your VoIP Infrastructure... 3 Enter the SBC... 4 Functions... 5 Security... 5 Denial of Service... 5 Toll Fraud... 6 Encryption... 6 Policy...
More informationIntroduction to DE-CIX NGN. Andreas Sturm andreas.sturm@de-cix.net
Introduction to DE-CIX NGN Andreas Sturm andreas.sturm@de-cix.net Today s Situation: How does it look like? Current situation Carrier s Data and Voice business operations are controlled by different departments
More informationIP Telephony Deployment Models
CHAPTER 2 Sections in this chapter address the following topics: Single Site, page 2-1 Multisite Implementation with Distributed Call Processing, page 2-3 Design Considerations for Section 508 Conformance,
More informationSecure Voice over IP (VoIP) Networks
Secure Voice over IP (VoIP) Networks How to deploy a robust, secure VoIP solution that counters both external and internal threats and, at the same time, provides top quality of service. This White Paper:
More informationSession Border Controller
CHAPTER 13 This chapter describes the level of support that Cisco ANA provides for (SBC), as follows: Technology Description, page 13-1 Information Model Objects (IMOs), page 13-2 Vendor-Specific Inventory
More informationETM System SIP Trunk Support Technical Discussion
ETM System SIP Trunk Support Technical Discussion Release 6.0 A product brief from SecureLogix Corporation Rev C SIP Trunk Support in the ETM System v6.0 Introduction Today s voice networks are rife with
More informationEarthLink Business SIP Trunking. Toshiba IPedge Customer Configuration Guide
EarthLink Business SIP Trunking Toshiba IPedge Customer Configuration Guide Publication History First Release: Version 1.0 August 30, 2011 CHANGE HISTORY Version Date Change Details Changed By 1.0 8/30/2011
More informationCommunications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise
Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise The Changing Landscape IP-based unified communications is widely deployed in enterprise networks, both for internal calling
More informationData Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.
Data Networking and Architecture The course focuses on theoretical principles and practical implementation of selected Data Networking protocols and standards. Physical network architecture is described
More informationSecure VoIP for optimal business communication
White Paper Secure VoIP for optimal business communication Learn how to create a secure environment for real-time audio, video and data communication over IP based networks. Andreas Åsander Manager, Product
More informationSprint Global MPLS VPN IP Whitepaper
Sprint Global MPLS VPN IP Whitepaper Sprint Product Marketing and Product Development January 2006 Revision 7.0 1.0 MPLS VPN Marketplace Demand for MPLS (Multiprotocol Label Switching) VPNs (standardized
More informationMethods for Lawful Interception in IP Telephony Networks Based on H.323
Methods for Lawful Interception in IP Telephony Networks Based on H.323 Andro Milanović, Siniša Srbljić, Ivo Ražnjević*, Darryl Sladden*, Ivan Matošević, and Daniel Skrobo School of Electrical Engineering
More informationIP Implementation in Private Branch Exchanges From 9:30 a.m until 4:30 p.m (7 hrs./day) 5 days / week
Course Title: No. of Hours: IP Implementation in Private Branch Exchanges From 9:30 a.m until 4:30 p.m (7 hrs./day) 5 days / week 1 Course Duration: 3 Months (12weeks) No. Of Hours: 7 Hrs./Day- 5 days/week.
More informationVOICE OVER IP SECURITY
VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationQuality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.
Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. A Network and Data Link Layer infrastructure Design to Improve QoS in Voice and video Traffic Jesús Arturo Pérez,
More informationABC SBC: Securing the PBX. FRAFOS GmbH
ABC SBC: Securing the PBX FRAFOS GmbH Introduction A widely reported fraud scenarios is the case of a malicious user detecting the address of a company s PBX and accessing that PBX directly. Once the attacker
More informationEdgeMarc 4508T4/4508T4W Converged Networking Router
Introduction The EdgeMarc 4508T4W combines multiple voice and data features into a single, easy to use converged networking router. It includes models that have up to 4 T1 WAN interfaces or a single Ethernet
More informationRelease the full potential of your Cisco Call Manager with Ingate Systems
Release the full potential of your Cisco Call Manager with Ingate Systems -Save cost with flexible connection to Service Providers. -Save mobile costs, give VoIP mobility to your workforce. -Setup an effective
More informationMicrosoft Lync and SIP trunking - Ensuring multi-vendor technology success with Prognosis
White Paper Microsoft Lync and SIP trunking - Ensuring multi-vendor technology success with Prognosis by Sue Bradshaw: Technology Writer, Integrated Research Ensuring new technology like Lync delivers
More informationVegaStream Information Note Considerations for a VoIP installation
VegaStream Information Note Considerations for a VoIP installation To get the best out of a VoIP system, there are a number of items that need to be considered before and during installation. This document
More informationApplication Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0
Avaya Solution & Interoperability Test Lab Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0 Abstract These Application Notes describe the steps to configure an Avaya
More informationCisco Integrated Services Routers Performance Overview
Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,
More informationVitalPBX. Hosted Voice That Works. For You
VitalPBX Hosted Voice That Works For You Vital Voice & Data s VitalPBX VVD Hosted PBX solutions provide you with the stability of a traditional telephone PBX system and the flexibility that only a next
More informationIOCOM Whitepaper: Connecting to Third Party Organizations
IOCOM Whitepaper: Connecting to Third Party Organizations September 2008 IOCOM www.iocom.com 312-786-9169 Table of Contents 1. Executive Summary 2. Goals 3. Scenarios for Enterprise Connectivity over IOCOM
More informationCisco Group Encrypted Transport VPN: Tunnel-less VPN Delivering Encryption and Authentication for the WAN
Cisco Group Encrypted Transport VPN: Tunnel-less VPN Delivering Encryption and Authentication for the WAN Product Overview Today s networked applications such as voice and video are accelerating the need
More informationSecuring VoIP Networks using graded Protection Levels
Securing VoIP Networks using graded Protection Levels Andreas C. Schmidt Bundesamt für Sicherheit in der Informationstechnik, Godesberger Allee 185-189, D-53175 Bonn Andreas.Schmidt@bsi.bund.de Abstract
More informationLayer-2 Design: Link Balancers Simplified
Technology White Paper Layer-2 Design: Link Balancers Simplified Build Smarter Networks Table of Contents 1. Executive Summary... 3 2. Overview of the Problem... 3 3. Layer-2 Design Principles... 4 4.
More informationSecured Voice over VPN Tunnel and QoS. Feature Paper
Secured Voice over VPN Tunnel and QoS Feature Paper Table of Contents Introduction...3 Preface...3 Chapter 1: The Introduction of Virtual Private Network (VPN) 3 1.1 The Functions and Types of VPN...3
More informationIndepth Voice over IP and SIP Networking Course
Introduction SIP is fast becoming the Voice over IP protocol of choice. During this 3-day course delegates will examine SIP technology and architecture and learn how a functioning VoIP service can be established.
More informationCPNI VIEWPOINT 03/2007 HOSTED VOICE OVER IP
HOSTED VOICE OVER IP AUGUST 2007 Abstract Voice over IP (VoIP) is the term used for a set of technologies that enable real time voice or video conversations to take place across IP networks. VoIP devices
More informationITL BULLETIN FOR JANUARY 2011
ITL BULLETIN FOR JANUARY 2011 INTERNET PROTOCOL VERSION 6 (IPv6): NIST GUIDELINES HELP ORGANIZATIONS MANAGE THE SECURE DEPLOYMENT OF THE NEW NETWORK PROTOCOL Shirley Radack, Editor Computer Security Division
More informationIntegrate VoIP with your existing network
Integrate VoIP with your existing network As organisations increasingly recognise and require the benefits voice over Internet Protocol (VoIP) offers, they stop asking "Why?" and start asking "How?". A
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationHosted PBX Platform-asa-Service. Offering
Hosted PBX Platform-asa-Service Offering Hosted PBX Platform Overview VoIP Logic s Hosted PBX Platform-as-a-Service (PaaS) delivers cloud-based PBX functionality encompassing traditional PBX features as
More informationCconducted at the Cisco facility and Miercom lab. Specific areas examined
Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security
More information