How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation



Similar documents
How To Protect Your Business From A Voice Firewall

ETM System SIP Trunk Support Technical Discussion

PETER CUTLER SCOTT PAGE. November 15, 2011

PERFORMANCE MANAGER. Carrier-grade voice performance monitoring tools for the enterprise. Resolve service issues before they impact your business.

Copyright and Trademark Statement

Ingate Firewall/SIParator SIP Security for the Enterprise

Session Border Controllers in Enterprise

SangomaSBCs Keeping Your VoIP Network Secure. Simon Horton Sangoma

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

White Paper. avaya.com 1. Table of Contents. Starting Points

Securing Unified Communications for Healthcare

SIP Trunking and the Role of the Enterprise SBC

Allstream Converged IP Telephony

SecureLogix. Managed Security Service for Voice. Proactively Monitor and Respond to Voice/UC Threats. Harvest Your Maximum Cost Savings Potential.

SIP Trunking DEEP DIVE: The Service Provider

How To Support An Ip Trunking Service

SIP Trunking with Microsoft Office Communication Server 2007 R2

SBC WHITE PAPER. The Critical Component

Oracle s Unified Communications Infrastructure Solution. Delivering Secure, Reliable, and Scalable Unified Communications Services

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ======

Voice Over IP and Firewalls

Installation Certification Program. Deployment of the ETM System

GARTNER REPORT: SIP TRUNKING

Securing SIP Trunks APPLICATION NOTE.

Any to Any Connectivity Transparent Deployment Site Survivability

Hosted PBX Platform-asa-Service. Offering

Voice over IP Security

Contents Introduction Why Fax over IP? How Real-time Fax over IP works Implementation with MessagePlus/Open Summary. About this document

VoIP Trunking with Session Border Controllers

Oracle s Session Initiation Protocol Trunking Solution. Increase Agility and Reduce Costs with Session Initiation Protocol Trunks

SIP Trunking Configuration with

SIP Trunking Steps to Success, Part One: Key Lessons from IT Managers Who ve Been There

An Oracle White Paper February Centralized vs. Distributed SIP Trunking: Making an Informed Decision

Opal SIP Trunks. Greg Zweig Sonus Networks Product Management. July, 2010

SITEL Voice Architecture

Cisco Unified Border Element Case Studies: Simplify SIP Migration, Increase Availability, and Improve Interoperability

Dialogic. BorderNet Products Interwork and Connect Seamlessly and Securely at the Network Edge

SIP SECURITY JULY 2014

VoIP Logic SIP Trunking Platform

How To Make A Phone System More Reliable And Reliable

SIP Trunking Deployment Steps and Best Practices

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

VoIP Survivor s s Guide

Best Practices for deploying unified communications together with SIP trunking connectivity

Oracle s Solution for Secure Remote Workers. Providing Protected Access to Enterprise Communications

PBX Security in the VoIP environment

Using Asterisk with Odin s OTX Boards

Access Mediation: Preserving Network Security and Integrity

How To Make A Network More Secure For A Conference Call

What is an E-SBC? WHITE PAPER

Dialogic BorderNet 500

Threat Mitigation for VoIP

Recommended IP Telephony Architecture

Best Practices for Securing IP Telephony

OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border

Convergence: The Foundation for Unified Communications

Release 6.1. ETM System. User Guide DOC-UG-ETM

Risk Free Migration to Lync Kevin Isacks, VP SBC & CA Development

Whitepaper. The Top 10 Advantages of 3CX Phone System. Why your next phone system should be software based and by 3CX

Gateways and Their Roles

Designed For Market Requirements

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240

How To Set Up An Ip Trunk For A Business

OpenScape UC Firewall and OpenScape Session Border Controller

Application Notes Rev. 1.0 Last Updated: February 3, 2015

Brochure. Dialogic BorderNet Session Border Controller Solutions

Enhanced Enterprise SIP Communication Solutions

VoIP Logic Platform: Peering SIP Trunking

Application Notes Rev. 1.0 Last Updated: January 9, 2015

Voice over IP Basics for IT Technicians

Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise

nexvortex SIP Trunking Implementation & Planning Guide V1.5

SIP Trunking and Voice over IP

Session Border Controllers in the Cloud

Dialogic BorderNet Session Border Controller Solutions

Enabling Innovation - Unleashing Unified Communications: Best Practices and Case Studies. October 18-19, 2011

HOW WE DELIVER A SECURE & ROBUST HOSTED TELEPHONY SOLUTION

Voice over IP (VoIP) Basics for IT Technicians

Using DNS SRV to Provide High Availability Scenarios

The Business Case for Voice Over IP What do large VOIP rollouts truly cost and how do vendors compare?

Presenter. Zane Ryan. Director Dot Force

Transcription:

How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation

Introduction Enterprises are continuing to convert and upgrade their circuit switched voice systems to Voice over IP (VoIP). This process involves modification of many components of Customer Premise Equipment (CPE), including PBXs, contact centers, adjunct systems, handsets, and access to the public network. The adoption rate for internal campus VoIP equipment upgrades such as handsets and PBX has been fairly brisk, but in the majority of these enterprise VoIP deployments, access to the carrier network is still provided by Time Division Multiplexed (TDM) circuits. Enterprises are slowly replacing circuit switched trunks (ISDN PRI, T1 CAS, analog, etc.) for access to the public network with Session Initiation Protocol (SIP) trunks, but the adoption rate of this technology has been very slow, with perhaps 1% of the enterprise access in North America being converted to SIP. While adoption of carrier SIP trunks will continue, the rate is not expected to accelerate, and enterprises will use a combination of circuit switched and SIP trunks for many years. This is especially true for large enterprises with many sites, which will require many years to fully transition to SIP trunks. Sites with a large amount of traffic often retain some circuit switched trunking for backup. Most sites also retain some circuit switched trunking to enable legacy modems and fax machines. This is true despite availability of IP based protocols such as Fax over IP. The challenges for enterprises migrating to SIP services include the operational complexity of and lack of familiarity with new services, and in some cases, interoperability issues among products from different SIP device vendors (e.g., Broadsoft, Sonus, Avaya, Cisco, Nortel, Siemens). SIP specific security vulnerabilities may develop as an issue in the future. As enterprises migrate to SIP trunks, the need for an edge security device also arises. Some enterprises consider deploying an SBC as customer premises equipment (CPE) to address security. However, while SBCs have valid uses and may be necessary for interoperability, these devices cannot provide unified voice network security and management because they can only see VoIP traffic and are not designed to address the primary security threats and management challenges plaguing enterprise voice networks, regardless of transport type. A better solution is a unified security and management platform that monitors all voice circuits, whether circuitswitched or SIP or a mix of the two. About Session Border Controllers (SBCs) Session Border Controllers (SBCs) are security and management devices that were originally developed for the service provider market and used when they interconnected their VoIP networks with other service providers, enterprises, and consumers. In the early days of VoIP and SIP, SBCs were often necessary to enable different systems to interoperate. SBCs were also

used to provide security functions. Over the years, SBCs have added functions like protocol conversion, protocol fix up, network topology hiding, transcoding, far end Network Address Translation (NAT), security, and so forth. SBCs are often deployed on the service provider side of SIP trunks. Some enterprises are considering using SBCs as customer premises equipment (CPE) with carrier SIP trunks. The reasons for an enterprise to deploy an SBC as CPE vary, but usually include demarcation, troubleshooting, NAT, and interoperability services. SBCs can also provide a SIP based security function, which is necessary only if SIP is being delivered over the Internet. SIP security is less essential in a more typical enterprise deployment, where the SIP trunk is delivered over a private service provider network, because the threat of an attack on these types of circuits is low, and the service provider customarily has already provisioned an SBC for security at their end. Note that SBCs are neither relevant to nor compatible with circuitswitched trunking, which again, accounts for approximately 99% of the enterprise trunking in North America. While most of the major service providers support use of CPE SBCs on their SIP trunks, they usually do not require nor desire them, because they are just another device to debug. This, of course, varies by service provider. Some SBCs also provide limited management functions such as call recording, Call Detail Reporting (CDR), and performance management. However, these features are usually designed to accommodate service provider requirements for example, call recording to comply with the Communications Assistance for Law Enforcement Act (CALEA) and do not satisfy enterprise voice network management requirements. Several years ago, there were as many as 20 SBC vendors. With the slow adoption rate of VoIP in service provider and enterprise trunking deployments, many of these vendors went out of business or were purchased for low valuations and their technology abandoned or integrated into other products, such as soft switches and routers. Today, a few SBC vendors remain, including SIP security vendors that are adding SBC like features to their products. Addressing the Unified Security and Management Challenges of Hybrid Voice Networks Whether or not an SBC is present on a SIP trunk, enterprises need unified application level security and management functions that the SBC does not provide, especially while circuitswitched trunking continues to be used alongside VoIP for the foreseeable future. While SIPspecific attacks such as Denial of Service (DoS) and fuzzing get a lot of attention, the attacks that really affect enterprises are toll fraud, unauthorized and poorly secured modems, social engineering, harassing callers, fax spam, and so forth. SBCs address none of these issues. For example, toll fraud fraudulent, illegal use of a company s telecommunications resources by a third party from a remote location has been a major issue for enterprises for many years

and is becoming a bigger issue, mainly because it is the one VoIP vulnerability that is worth exploiting due to the potential financial gain. While accurate cost estimates for toll fraud are difficult to pin down because many companies are reluctant to publicly admit they have been targeted, experts worldwide estimate the costs to run in the billions of dollars annually. According to the most recent figures available from the Communications Fraud Control Association (CFCA) Telecom Fraud Survey, annual global telecom fraud losses amount to an estimated $54.4 $60 billion (USD). Social engineering, whereby criminals attempt to acquire personal information such as usernames, passwords and credit card account information by fraudulently representing themselves as trusted entities, is also on the rise. Many corporations, especially financial, insurance, retail and healthcare organizations are now becoming victims of these types of social engineering/identity theft attacks conducted over corporate phone lines. Modem security remains a major issue for the enterprise. Authorized modems are still very commonly used for remote access to critical systems. Unauthorized modem connections represent a significant security risk to any organization. Unauthorized modem connections can occur from two sources: misuse/unauthorized access of legitimate modems, such as PBX maintenance port modems, and employee installed personal use modems. Authorized modems have a legitimate business purpose, but still pose a risk to the data network if they are improperly secured or unlawfully accessed by an unauthorized person. An even greater threat arises from employee installed modems, a hidden threat in most enterprises. Employeeinstalled modems, used for unmonitored Internet access or deliberate data transfer by a disgruntled employee, bypass the data firewall and create unsecured phone line access points into corporate data networks, opening the back door for hackers, viruses, data leakage, and other threats. Since traditional data firewalls cannot see traffic on the phone network, and PBX systems cannot distinguish call types, this threat is invisible to traditional network monitoring equipment and practices. These voice network security and management issues and more are present whether trunking is purely circuit switched or includes SIP based trunking, and they need to be addressed in a unified manner that is independent of the underlying trunking. The ETM (Enterprise Telephony Management) System addresses these issues and more. Since SBCs only provide visibility into traffic on SIP trunks, they cannot address unified security and management issues such as proactively alerting and preventing toll fraud or gathering CDR across all circuits in the enterprise, independent of the underlying transport. For SIP trunks, the ETM System is designed to operate alone or to co exist with an SBC, such as Cisco s CUBE, as shown in Figures 1 and 2 below.

Figure 1 ETM System without SBC Figure 2 ETM System with SBC The ETM System provides the same application level security and management functions for SIP trunks that it provides for circuit switched trunks. The ETM System also has substantial and direct ROI that can help finance VoIP deployments. SBCs have little in the way of a direct, hard

dollar ROI. Rather, their ROI is nebulously tied to SIP trunking ROI through service enablement. The ETM System can truly unify all voice across the enterprise. SBCs cannot offer this because they do not support circuit switched trunking. The ETM System will also offer a SIP firewall and Intrusion Prevention System (IPS) in a coming release. This optional application, which runs on the same hardware as used to support SIP trunking, can be added when the threat of SIP based attacks ( DoS, fuzzing, registration hijacking, etc.) become a reality. Note that while an SBC can also provide this function, it makes no sense to deploy the identical security solution inline twice on the same circuit. If the same SBC is used on the network and CPE side, an attack that gets though the network SBC will not be foiled by the identical CPE SBC, but it may be foiled by a different SIP firewall/ips solution. 13750 San Pedro, Suite 820 San Antonio, Texas 78232 PH: 210.402.9669 FX: 210.402.6996 TF: 800.817.4837 www.securelogix.com ETM, TeleWatch Secure, TWSA, We See Your Voice, Unified Communications Policy Manager, SecureLogix, SecureLogix Corporation, as well as the ETM Emblem, SecureLogix Emblem and the SecureLogix Diamond Emblem are trademarks and/or service marks or registered trademarks and/or service marks of SecureLogix Corporation in the U.S.A. and other countries. All other trademarks mentioned herein are believed to be trademarks of their respective owners. SecureLogix technologies are protected by one or more of the following patents: US 6,249,575 B1, US 6,320,948 B1, US 6,687,353 B1, US 6,700,964 B1, US 6,718,024 B1, US 6,735,291 B1, US 6,760,420 B2, US 6,760,421 B2, US 6,879,671 B1, US 7,133,511 B2, US 7,231,027 B2, US 6,226,372 B1, US 7,440,558 B2, and CA 2,354,149. U.S. and Foreign Patents Pending.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information