SangomaSBCs Keeping Your VoIP Network Secure. Simon Horton Sangoma shorton@sangoma.com

Similar documents
The Basics of TDM to VoIP Interconnection. Jeff Dworkin Director of Marketing

SBC WHITE PAPER. The Critical Component

Cost Effective Tapping and Call Recording using the Sangoma T116. April 2013

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

Extend the Life of Your Legacy PBX while Benefiting from SIP Trunks. December 5, 2013

Ingate Firewall/SIParator SIP Security for the Enterprise

Telco Carrier xsps Solutions.

Session Control Applications for Enterprises

Copyright and Trademark Statement

Session Border Controllers in Enterprise

How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009

What is an E-SBC? WHITE PAPER

SIP Trunking with Microsoft Office Communication Server 2007 R2

OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border

Risk Free Migration to Lync Kevin Isacks, VP SBC & CA Development

SIP Trunking and the Role of the Enterprise SBC

PETER CUTLER SCOTT PAGE. November 15, 2011

Dialogic BorderNet Session Border Controller Solutions

Brochure. Dialogic BorderNet Session Border Controller Solutions

SIP Trunking Configuration with

How To Make A Phone System More Reliable And Reliable

Migrating to SIP Trunking with AudioCodes Alan Percy Director, Market Development August 2011

Any to Any Connectivity Transparent Deployment Site Survivability

How To Support An Ip Trunking Service

Using DNS SRV to Provide High Availability Scenarios

Building the Lync Security Eco System in the Cloud Fact Sheet.

Vega 100G and Vega 200G Gamma Config Guide

An Oracle White Paper August What Is an Enterprise Session Border Controller?

UC and SIP Trunking Luncheon. Sponsored by:

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240

Dialogic. BorderNet Products Interwork and Connect Seamlessly and Securely at the Network Edge

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios

VoIP Survivor s s Guide

Application Note Patton SmartNode in combination with a CheckPoint Firewall for Multimedia security

Securing SIP Trunks APPLICATION NOTE.

Acme Packet session border controllers in the enterprise

Adding Telephony to Microsoft Lync with Office 365 & Other Use Cases June 11, 2013

Enhanced Enterprise SIP Communication Solutions

Session Border Controllers: Addressing Tomorrow s Requirements

Software-Powered VoIP

Sonus and Lync Enterprise Voice

SIP Trunking Steps to Success, Part One: Key Lessons from IT Managers Who ve Been There

Hosted PBX Platform-asa-Service. Offering

Allstream Converged IP Telephony

Session Border Controller and IP Multimedia Standards. Mika Lehtinen

ABC SBC: Securing the PBX. FRAFOS GmbH

Building the Lync Security Eco System in the Cloud Fact Sheet.

Big Solutions for Small Business

SIP Trunking and Voice over IP

An Oracle White Paper February Centralized vs. Distributed SIP Trunking: Making an Informed Decision

Whitepaper Best of Both Worlds. Making the most out of your Office 365 Licensing and Increase Productivity How to add Lync Enterprise Voice

Welltel - Session Border Controller SBC 120

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

Enterprise Voice and Online Services with Microsoft Lync Server 2013

APPLICATION NOTE. SIP Trunking Connectivity, Security and Deployment Scenarios. Introduction

Colt VoIP Access Colt Technology Services Group Limited. All rights reserved.

Microsoft Lync and SIP trunking - Ensuring multi-vendor technology success with Prognosis

Session Border Controllers and Videoconferencing

White Paper. avaya.com 1. Table of Contents. Starting Points

Voice Over IP and Firewalls

Voice over IP Basics for IT Technicians

Best Practices for Securing IP Telephony

Sonus Networks engaged Miercom to evaluate the call handling

1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4

SIP Trunking Deployment Steps and Best Practices

Benefits of Using a Demarcation Device When Integrating Legacy Voice, SIP Trunks and Microsoft OCS R2

NetBorder Session Controller Manual 2.1 Last update: 2015/01/09 Sangoma Technologies

AudioCodes One Box 365 Training. Kathy Birch Product Sales Manager, Westcon Alan Percy Sr. Director of Strategic Marketing, North America, AudioCodes

APPLICATION NOTE Microsoft Unified Communications Network Architectures

SBC - the UC-glue Security, Interoperability, Reliability. Alexander Kunzi

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

Recommended IP Telephony Architecture

Voice Over Internet Protocol (VoIP) Issues and Challenges William McCrum

Cost Effective Tapping and Call Recording using the Sangoma T116 Card. November 2013

VoIP in the Enterprise

Dialogic BorderNet 500 Gateways

AudioCodes Gateway in the Lync Environment

SIP Trunking to Microsoft Lync (Skype for Business) Server

Configuring Interactive Intelligence ININ IP PBX For tw telecom SIP Trunking service USER GUIDE

Vega 100G and Vega 200G Gamma Config Guide

Product Information = = = sales@te-systems.de phone

OpenScape UC Firewall and OpenScape Session Border Controller

Voice over IP (VoIP) Basics for IT Technicians

Securing Unified Communications for Healthcare

Nuvia Cloud UC Interconnect Reference Guide


SIP SECURITY JULY 2014

Integrate VoIP with your existing network

Transcription:

SangomaSBCs Keeping Your VoIP Network Secure Simon Horton Sangoma shorton@sangoma.com

Inside this Deck About Sangoma/ProVu SIP Market SBCs Demystified Business Applications and Use Cases Portfolio of SBCs Sangoma Advantages Summary

Who are Sangoma? Industry pioneer with over 25 years of experience is communications hardware and software Publicly traded company since 2000 TSXV: STC One of the most financially healthy companies in our industry Growing, Profitable, Cash on the Balance Sheet, No Debt Mid-market sized firm with around 70 staff in all global territories Offices in Canada (Toronto), US, EU (UK), APAC (India), CALA (Miami) World Wide Customer base

Broad Line of Great Products Voice Telephony Boards Analog/digital/hybrid, WAN, ADSL Session Border Controllers Microsoft Lync VoIP Gateways Net Border Carrier Gateways SS7, PRI, R2 Vega Enterprise Gateways PRI, PR2, Analog, BRI Call Center Software NetBorder Express Call Progress Analyzer Transcoding (boards/appliances) Fiber connectivity (STM1) Wireless products

SIP TRUNKING & SBC MARKET

SIP Trunking Introduction Replace physical PSTN trunk with IP based connection Lower cost UC services Channel flexibility Disaster recovery SIP Trunking is driving SBC uptake

SIP market growing fast: UK SIP Market End 20131.1M SIP trunks. Up 200K in last 6 months * Hosted VoIP 1.3M users * ISDN market shrinking ISDN channels 3.6M 2011 to 3.3M 2012 ^ Growing SIP market is driving SBC uptake * source: Illume Consulting ^ source: Ofcom

UK SIP Market SIP growth facilitated by availability and reducing costs of connectivity Growth ethernet big affect

SBCS DEMYSTIFIED

Legacy TDM Connections PSTN PRI (E1) Analogue BRI Legacy PBX PBX, TDM Endpoints TDM based phone calls take place on approved equipment connected to private networks run by the telco Nothing else connected Fixed protocol

Why VoIP Brings More Risk IP-PBX PSTN Internet IP / SIP IP-Phones VoIP often carried across public networks Calls can be placed and terminated on many devices IP-Phones, smart phones, desktops, etc. Threat level more like that of any internet device Would you access the internet without a firewall?

SBC Is The Front Door To Networks SBC controls entry (or not) to a network Directs communication between end devices This communication is called a session SBC can do this because it sits at the border between two networks Session Communication between two SIP devices Border SBCs work at the border of networks Controller SBCs control the sessions

SIP Session Signalling: Sets call path up, negotiates codec to be used Media: Transports the voice or video Media Control: Collect information on voice quality Signalling Session / Call Media Media Control

Regular Call (No SBC) UAC IP Phone Signalling Media IP-PBX UAS Media Control One Session / Call All three elements of a session are direct between endpoints

SBC is a B2BUA UAC IP Phone Signalling Media UAS UAC Signalling Media IP-PBX UAS Media Ctrl Media Ctrl One Session / Call SBC is a Back-to-Back User Agent B2BUAs terminate sessions and re-initiates a new session on the other side SBC is in the path for all calls SBC controls all the elements of the session 15

THE ROLE OF THE SBC

SBCs Protect the Enterprise Network Three ways that SBCs protect the network: 1. DoSProtection. Prevent Denial-of Service (DoS) attacks from affecting network performance. 2. Topology Hiding. Hide the topology of the network. This makes it much harder for hackers to access the system. 3. Encryption. Encrypt the communications, both signalling (SIP) and media (RTP).

SBCs Provide Call Access Control Three ways that SBCs allow secure deployment: 1. BYOD. Users within an enterprise now expect to be able to make calls on many different devices. Malicious apps on those devices can facilitate toll fraud. 2. Toll Fraud Detection. Only allow authorised users. 3. Call Policies. Manage policies that define what devices and users are allowed to make certain call types.

SBCs Allow Easy Interop Three ways that SBCs allow simple deployment: 1. SIP Normalisation. Different vendors have different SIP implementations. SBCs can translate between these SIP variations. 2. Transcoding. Converting between different codecs for the media stream. 3. Enable SIP Trunking. SIP trunking saves money and brings flexibility.

Firewall Is Not Enough Traditional firewalls cannot Prevent SIP-specific overload/sip DoS Open/Close RTP media ports in sync with SIP signaling Track session state and provide uninterrupted service Perform internetworking or security on encrypted sessions Solve multi-vendor SIP interoperability Topology Hiding SBCs do all of the above

BEST PRACTICES

Best Practices Everywhere a VoIP Network needs to interface to another VoIP Network, you need an SBC Same rule with IP Network and Firewalls really SBC are required in both Carriers and Enterprise Networks SIP RTP IP Softswitch Carrier VoIP Network Enterprise VoIP Network IP-PBX

Integration at the Edge has its Advantages Because SBC sees all traffic, they have evolved to be much more than interop/security devices Migration Intelligent call routing for VoIP Lawful intercept Call forking for recording devices Quality of Service reporting Billing Intrusion Management Session Border Controllers have become essential in VoIP networks

BUSINESS APPLICATIONS AND USE CASES

Denial of Services Enterprise Security Threats Call/registration overload Malformed messages (fuzzing) Configuration errors Mis-configured devices Operator and application errors Theft of service/fraud Unauthorized users Unauthorized media types BYOD Smartphones running unauthorized apps Viruses and Malware attacking your VoIP network

SIP Trunking

Remote Office Connection without VPN

Advantages: SBC For Hosted PBX Known demarcation point Reduces interoperability issues/resource with core Transcoding if required

Interworking with IP-PBX Advantages: All advantages of SBC for SIP trunks Least Cost Routing Resilience Load Balancing

SIP Trunking Support for Microsoft Lync Lync Express SIP Trunks SIP SBC Enterprise SBC Mediation Server Lync 2013 Server Lync End Point SBC: Performs SIP Security functions UDP / TCP Translation SIP harmonization Media harmonization

SANGOMA SBC PORTFOLIO

Product Positioning The most cost-effective, easiest to provision, and easiest to manage line of SBCs on the market.

Session Border Controllers Vega Enterprise SBC 25-250 Sessions/Calls Vega VM Enterprise SBC 25-500 Sessions/Calls Software Only/Virtual Machine Ready Vega VM/Hybrid Enterprise SBC SANGOMA EXCLUSIVE 25-500 Sessions/Calls SBC Maintained in VM Media Functions offloaded to external hardware resource NetBorder Carrier SBC 250-4000 Sessions/Calls

Product Highlights All SBCs Web GUI for ease of Configuration and Deployment Efficient Scaling from 25 to 4000 Sessions/Calls 1 session per voice call SIP Registrations do not consume sessions Session-based licensing, no hidden costs or fees Cost-Effective Carrier-Class Features and Performance Network Interconnect Point for SIP Trunking QOS & QOE (Quality of Experience) for Enterprise Networks Encryption and Security Topology Hiding for Fraud Protection DOS/DDSO Attack Protection Advanced Routing Hosted NAT traversal Voice, Video, Fax, IM and Presence Support SIP-SIP Interworking & protocol normalization

Vega Enterprise SBC Enterprise Inter-Site Networking and SIP Trunking Border Control Enables Local Security Management for SMBs and Small Enterprises Supports 25 to 250 Simultaneous Sessions Field Upgradeable Session Expansion Hardware Based Transcoding and Media Handling Web GUI Configuration and Smart Defaults for Simple Deployment

Vega VM Enterprise SBC Supports 25 500 Sessions/Calls Virtual Machine-Ready Software Web GUI Configuration Tool and Smart Defaults All Other Features Comparable to Vega esbc Appliance Software-Based Transcoding and Media Handling Transcoding Will Impact Session Capacity

Vega VM/Hybrid Enterprise SBC Supports 25-500 Sessions VM/Hybrid Functions Exclusive to Sangoma Maintains SBC In Software/VM Media Functions are offloaded to an external Hardware Resource Multiple external hardware resources cost-effectively enables up to 500 sessions

ADVANTAGES OF THE SANGOMA LINE OF SESSION BORDER CONTROLLERS

Sangoma SBC Advantage Simple Licensing Simple per session licensing No Per Feature, Per User or Per Codec licensing Predictable SBC capacity and cost in every use case Browser-Based GUI No requirement to use complex CLI Easy configuration via webui VM and the VM/Hybrid Options Very cost effective compared to the competition Great tech support

RESELLER OPPORTUNITIES

Any business using SIP SIP trunking or hosted How to Sell SBCs Business impact of telecoms failure DoS attack Toll fraud Fear and uncertainty

Margin between 22% and 30% Example: 25 call enterprise SBC Reseller Opportunity MSRP: $2,495 Reseller Price: $1,747 GM: 30% Recurring revenue possible for maintenance services Support contracts available from Provu and Sangoma Extended contracts available Training Sangoma runs frequent online and face-to-face training programs Provu will be able to deliver training NFR (Not For Resale) units available at reduced pricing Lab use, field trials

Q&A

CLOSING

Summary Sangomahas a wide range of flexible SBCs, scaleable from small enterprise to large carrier Easy licensing and field upgradeable Pricing is available from ProSys Provu have the technical expertise to guide resellers through deployment and management. Full feature set Cost effective compared to competition

Documentation http://wiki.sangoma.com/ NetBorder-Session- Controller Frequently updated wiki HTML/pdf based documentation Includes: Admin guide Step-by-step configuration Technical documents Quick Start Guide

THANK YOU