Security & Reliability in VoIP Solution July 19 th, 2006 Ram Ayyakad ram@ranchnetworks.com
About My background Founder, Ranch Networks 20 years experience in the telecom industry Part of of architecture team that built the prestigious IP and ATM switches Recipient of the 1998 Bell Laboratories President s Gold Award Page 2
About Ranch Networks Ranch manufactures Network appliances built to advance VoIP telephony deployments The RN series of products provide security, reliability, and scalability to VoIP applications The only PBX controlled VoIP Appliance The only integrated Asterisk security solution Per-call QoS rate limiting & BW guarantee Protocol and Encryption independence Scales PBX to handle a lot more calls Page 3
Ranch Networks Products Ranch agent code is integrated into Asterisk VoIP appliances that enable service providers to secure, scale and provide reliable VoIP RN300 RN20L RN20 RN40 RN41 Page 4
VoIP Deployment Objectives Seamless Connectivity Call should succeed irrespective of the locations of caller & called party High Call Quality No Voice Clipping & call drops Security Prevent attacks on PBX, phones and the rest of the network Prevent Eavesdropping of VoIP signaling / media High Availability Minimal interruption or downtime Scalability Dynamically increase capacity with minimal impact Page 5
Enterprise Challenges VoIP Security & Data Security Call Quality & Data Traffic Scalability Reliability Page 6
VoIP Security Challenges Educating COIs/CTOs - security threats are real Picking the appropriate security appliances Future proofing (encryption, protocol changes) Security enforcement methodologies Traditional firewalls SIP firewalls SBCs PBX controlled appliances VoIP & data traffic on the same physical cable Preventing voice quality/call drops due to viruses/worms Page 7
VoIP Security Issues Eaves dropping Media (Sensitive Information Revelation) Signaling (Identity Revelation) Man in the middle attack Denial of Service attack Limitations of traditional firewalls Non-awareness of above issues Page 8
VoIP Security Objectives Robustness Scalability Future Proof (encryption, protocol changes) Easily Manageable Agnostic to Vendor/Protocol revisions Reliability Page 9
VoIP Security Solutions Traditional Firewalls VoIP Protocol aware firewalls Session Border Controllers PBX Controlled appliances Page 10
Protecting Converged Infrastructure Security appliance MUST be able to segregate & prioritize voice/data traffic ALL access to IP PBX MUST go through the security appliance Security appliance MUST raise alerts for ANY unauthorized access Security appliance MUST have the ability to mirror traffic to an IDS system Look for the solutions being promoted by the IP PBX vendor Allocate guaranteed BW for VoIP traffic Page 11
VoIP Security Implementation Choose the solution(s) that meet the objectives Use VPN for encrypting VoIP traffic Educate the Network Admins on VoIP security Page 12
SIP issues in a Typical Deployment Internal VoIP phones Enterprise Network L2 Switch Corporate firewall * Asterisk IP PBX and Media Gateway PSTN Internet Connectivity Issue: SIP is NAT unfriendly Security Issue: Media is firewall unfriendly Quality Issue: Bandwidth contention with data L2 Switch Residential VoIP phone Branch VoIP phones Page 13
Ranch Asterisk solution NetSec PSTN Default: SIP allow with rate limit & RTP deny Call Setup: SIP Invite & Authenticate Forward invite, Receive 200 OK and finish call setup Asterisk (NetSec) applies real-time POLICIES to RN: Security policies what pin holes to open NAT policies how to provide NAT Internet Bandwidth policies what Pipe width to use Bridging policies how to connect the phones Call in progress. Call tear down SIP Phone A SIP Phone B Page 14
1+1 High Availability (HA) Central Office RN20 Single Public IP SIP based health check will initiate switchover Single public IP address for Asterisk servers ALL SIP messages forwarded to current Active PBX Switchover does not terminate current conversations Seamless switchover between active/standby Internet Firewall Branch Office Page 15
Hosted PBX with local fail over to PSTN Active Standby PSTN Asterisk * * Ranch benefits: VoIP Service Provider Ranch RN 20/40 Internet RN20 initiates the Asterisk fail over within the service provider network Single IP public address for Asterisk servers in service provider network RN300 initiates the fail over from service provider to local Asterisk Local Asterisk provides local PSTN backup PSTN Ranch RN300 Asterisk Enterprise Network * SIP L2 Switch VoIP phones Page 16
Clustering Allows one or more Asterisk IP PBXs to be grouped (Cluster) as a single IP PBX Cluster visible to the user as a single public IP and PBX have private IPs A PBX can be added or removed from a cluster at any time When a PBX is removed from the cluster current active calls should not be dropped, at a minimum conversations should go on Health checks determine if a PBX should handle new calls New calls should be sent to a PBX if-and-only-if PBX is accessible (ex: SIP based pings) PBX has access to critical resources such as an data base, external auth server such as RADIUS/LDAP Should scale linearly Page 17
Low Cost Large Scale PBX Solution Registrars-A ** Registrars-B ** Proxies-A * * Proxies-B ** * Large Scale PBX Clusters Low cost Asterisk Proxies * SIP based health check Ranch RN40 Redundant, Carrier Class Heartbeat Gigabit interfaces Highly scalable solution SIP based health check determines if an Asterisk within a cluster is active or not Each Asterisk cluster is accessible using single public IP address Supports multiple Asterisk clusters Making a server inactive server does not terminate current conversations Each registrar and proxy cluster share a single public IP Asterisk proxies handles the calls Page 18