Security For Multi-Tier, Multi-Owner Converged Networks

Similar documents
White Paper. avaya.com 1. Table of Contents. Starting Points

Securing SIP Trunks APPLICATION NOTE.

Avaya Aura Session Manager

SITEL Voice Architecture

What is an E-SBC? WHITE PAPER

Acme Packet Net-Net SIP Multimedia-Xpress

Securing Unified Communications for Healthcare

An Oracle White Paper February Centralized vs. Distributed SIP Trunking: Making an Informed Decision

OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border

Best Practices for deploying unified communications together with SIP trunking connectivity

Avaya Aura Scalability and Reliability Overview. Deploying SIP Reliably at Scale for Large Corporate Communication Networks

Avaya plus Skype for Business: The Best of Both Worlds

Ingate Firewall/SIParator SIP Security for the Enterprise

SIP Trunking with Microsoft Office Communication Server 2007 R2

Session Border Controllers in Enterprise

The Evolution to Cloud Communications

Analysis of the North American VoIP Access and SIP Trunking Services Market Cloud-style Offerings Accelerate Growth

Paths to the Future for CS1000 Enterprises

Oracle s Solution for Secure Remote Workers. Providing Protected Access to Enterprise Communications

Avaya Session Border Controller for Enterprise

Copyright and Trademark Statement

The Avaya Aura Platform Bringing the Era of Engagement to today s enterprise

Avaya Aura System Manager

Avaya Aura. The communications infrastructure for people-centric collaboration. avaya.com 1

SBC VoIP. Patrick Hurley Systems Engineer SBC DataComm. January 26th, 2005

The Evolution of Traditional Telecoms to IP Communications

The Evolution to Cloud Communications

Avaya Learning Companion Guide

Session Border Controllers: Addressing Tomorrow s Requirements

SIP Trunking and the Role of the Enterprise SBC

Telecom Managed Services Market

Enhanced Enterprise SIP Communication Solutions

How To Use An Apa Sip (Sip) To Improve Your Business

SIP Security Controllers. Product Overview

Allstream Converged IP Telephony

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240

Professional Services

North American VoIP Access and SIP Trunking Services Market New Offerings and Features Attract Mainstream Customers

Business Continuity protection for SIP trunking service

PETER CUTLER SCOTT PAGE. November 15, 2011

Effectively Managing Communications with Customers During a Service Outage

An Oracle White Paper August What Is an Enterprise Session Border Controller?

HP and Avaya Unified. An AllianceONE solutions brief

Accenture and Oracle: Leading the IoT Revolution

Hosted PBX Description General Info about Hosted PBX

APPLICATION NOTE Microsoft Unified Communications Network Architectures

NETWORKING SOLUTIONS FOR THE HEALTHCARE INDUSTRY

State of Delaware Turns to Acme Packet for End-To-End Multi-Vendor IP Telephony Network

Oracle s SIP Network Consolidation Solutions. Using SIP to Reduce Expenditures and Improve Communications

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009

How Telecom Italia Empowers Customer Service from the IMS Cloud

SIP trunking: The what, how and why

ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS

Change is Good. By K. Yates. Figure 1: Why converged communications matters. IT/Telecom used to generate Enterprise top line growth

T6 w a y s t o m a x i m i z e y o u r s u c c e s s

Copyright 2013, Oracle and/or its affiliates. All rights reserved. Interconnect 2013

Up to your assets in technology?

Lync Express The Evolution of UC Frederic Dickey Director of Professional Services July 9, 2013

Local Session Controller: Cisco s Solution for the U.S. Department of Defense Network of the Future

Acme Packet Palladion Communications Operations Monitor

SIP Trunking Is a Building Block of Unified Communications

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios

SIP Trunking Configuration with

Oracle s Unified Communications Infrastructure Solution. Delivering Secure, Reliable, and Scalable Unified Communications Services

Network Infrastructure Virtualization: Transforming Telecommunications and Managed Services

Technology Consulting. Infrastructure Consulting: Next-Generation Data Center

SIP Trunking to Microsoft Lync (Skype for Business) Server

WHITE PAPER. Deploying Mobile Unified Communications for Avaya

Evolution & Revolution. Avaya s Reference Architecture For Unified Communications. Gianluca Attura Amministratore Delegato Avaya Italia S.p.A.

IPTV and IMS in Next-generation Networks

SIP Trunking DEEP DIVE: The Service Provider

Solution Review: Siemens Enterprise Communications OpenScape Session Border Controller

Reduce Mobile Phone Expense with Avaya Unified Communications

WHITE PAPER SIP TRUNKING: HOW TO GET IT AND WHERE YOU CAN EXPECT TO SAVE

Acme Packet session border controllers in the enterprise

AT&T activearc unified IP data solution

SIP SECURITY JULY 2014

Session Control Applications for Enterprises

Best Effort gets Better with MPLS. Superior network flexibility and resiliency at a lower cost with support for voice, video and future applications

Roadmap for Implementing a Multi-Site IP Contact Center

Brochure. Dialogic BorderNet Session Border Controller Solutions

SIP Trunking: The New Normal in the Cloud Era

OpenScape UC Firewall and OpenScape Session Border Controller

Upgrade and Migration Strategy

The BorderNet Session Border Controller and Network Function Virtualization

Recommended IP Telephony Architecture

Designed For Market Requirements

Leveraging Synergies across Diameter and SIP Signaling in 4G/LTE Networks

VoIP Logic Platform Feature SIP Trunking

METHODS OF INTEGRATING mvoip IN ADDITION TO A VoIP ENVIRONMENT

THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER

Business Value Drives VoIP and IP-Telephony Layering

How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation

Your Voice is Critical. OpenScape Enterprise voice solutions gives power to voice

An Oracle White Paper October Gneis Turns to Oracle to Secure and Manage SIP Trunks

Microsoft Lync Transforms Business Communications

Whitepaper Best of Both Worlds. Making the most out of your Office 365 Licensing and Increase Productivity How to add Lync Enterprise Voice

Advanced Security for Account Managers-ASAM

North American VoIP Access and SIP Trunking Services Market

Clients for Unified Communications

Transcription:

Security For Multi-Tier, Multi-Owner Converged Networks Table of Contents An Accelerating Trend Toward Outsourcing... 1 The Attendant Security Threat... 2 Security Concerns with Hybrid Networks... 2 Security for Cascading Network Architecture... 3 Action Items For Communications Vendors Seeking To Help Customers Operate Multi-Owner Networks... 4 Example Use Cases:... 4 It Takes A Next-Generation SBC... 5 Learn More... 6 Session Border Controllers (SBCs) have long been thought of as devices only useful for securing SIP trunking into the enterprise. But the definition of border has become blurred, and SBCs have morphed over the past few years into defacto devices for securing all SIP communications including SIP trunking and access by remote workers in and out of the enterprise. SBCs are now security devices to be deployed at the intersection or edge of each communication hub linking communications to the enterprise core network. The primary driver in this is the rise in the use of outsourcing, and the resultant multi-tier, multi-owner converged networks. Any communications vendor interested in helping its customers deploy mobile collaboration solutions in the age of these converged networks should be aware of this trend, and of the implications it has on network security. An Accelerating Trend Toward Outsourcing According to ResearchMOZ, outsourcing is on the rise. In a February 2013 report 1, the market research firm said: A trend that began about a decade ago for telecommunications network operators has accelerated in recent years. This trend, to outsource infrastructure as well as certain operational support to third-party managed communications providers, is reaching its next stage in evolution. Historically, telecom operators have looked to service bureau providers for intermediation services, database services, and various OSS/BSS support. The more recent trend has been to outsource infrastructure as a service in order to reduce Capital Expenditure (CapEx) and to use as negotiation leverage for improved pricing on next-generation networks such as IP Multimedia Subsystem (IMS) and LTE infrastructure such as Voice over LTE (VoLTE). The demand for managed services is high across every industry vertical because it gives organizations flexibility and technical advantages. According to a study 2 published by MarketsandMarkets, enterprises having their services outsourced look forward to risk sharing and to reducing their IT costs and IT commitments, so that they are able to concentrate on their core competencies. 1 Telecom Managed Services Market 2013-2018, ResearchMOZ, 18 February 2013. 2 Managed Services Market Global Advancements, Market Forecasts and Analysis, Marketsand Markets, August 2013. The study which includes managed data centers, networks, mobility, infrastructure, communications, security, and other areas predicts a jump in the managed-services market from $142.75 billion this year to $256.05 billion in 2018. Organizations implementing managed services have reported a 50 60 percent increase in the operational efficiency of their outsourced processes. The implementation of managed services reduces IT costs by 30 to 40 percent in these enterprises. avaya.com 1

Rather than providing risk sharing, as the large organizations at the center of these converged networks had hoped, the increased use of hosted networks has led to the threat of insider attacks by outsiders. The Attendant Security Threat Evolving telephony networks such as TDM, SS7, and IP are creating opportunities for service providers and outsourcing companies to offer different types of services such as MPLS, managed and private MPLS, WAN, and managed WAN. Third-party companies are enabling large, focused organizations to meet needs outside of their core competency. They act as integral parts of these organizations, but are providing the same services for multiple companies. Examples include outsourced customer service, infrastructure services such as cloud, and outsourced IT. Rather than providing risk sharing, as the large organizations at the center of these converged networks had hoped, the increased use of hosted networks has led to the threat of insider attacks by outsiders by malicious players in the outsourced service organizations. Security Concerns with Hybrid Networks Moving to a hosted, or cloud based, network solution can offer advantages in terms of operating expenses and management but the extension of the private, protected domain by integrating off-site, outside-controlled architectures can also lead to significant security concerns. Businesses that are considering hosted architectures as a method to extend their private network applications are actually opening up their private network domains to security issues. Not only is the integration of networking capabilities between two different organizations complicated technically; it is also hard to accomplish securely, especially from a communications perspective. Each network connection needs protection from entities on the other network and yet communication has to flow freely. The first step in preventing this kind of occurrence is to secure each domain in such a way that workers can only access the communications network through a private connection, and making sure that third-party workers on the WAN or MPLS don t have access. Within networks, there are multiple zones requiring multiple layers of access, thus the need for more levels of security. Financial institutions and call centers are good examples of enterprises requiring additional layers of security within their private networks. And the distinction may not be geographic, within each remote center it may be necessary to offer secure, protected access domains depending on the user profiles and work applications required. With more remote participants and even added network structures included in the enterprise communications hierarchy, it becomes easy to understand the value in adding a Session Border Controller to protect the network not only from external interference but to maintain protection from threats that might originate from extensions of the primary network domain itself. avaya.com 2

Without a security device, one person on a network might be able to snoop on another person on the same network or the WAN. Each location needs to be protected from each of the other locations. Security for Cascading Network Architecture SBCs can play a key role in meeting this converged network challenge. Instead of having one SBC where the network connects to the trunk, enterprise networks now need SBCs at both ends of every connection to a zone. Mobile collaboration is a focus of many organizations today and is a key part of their BYOD strategies. As enterprises evolve and adapt a more mobile collaboration strategy, maintaining network security again is of paramount interest. Avaya offers products to help enable that strategy and support the enterprise need for better security regardless of the overall network architecture. Figure 1: A representative large enterprise, multi-site network incorporating remote workers Figure 1 depicts a managed multiprotocol label-switching (MPLS) network in which third parties can connect to a campus that is linked by a private WAN with multiple networked buildings. Higher education and healthcare networks are often configured this way. Within this core telecommunications network, each intersect point highlights the need for security to protect the remoteoffice workers from others on the MPLS or WAN. Without a security device, one person on a network such as this, might be able to snoop on another person on the same network or the WAN. Each location needs to be protected from each of the other locations: Core from campus Core from remote Remote from campus Remote from core avaya.com 3

Communications need to be secure and confidential using TLS, voice SRTP, and video SRTP. There should be redundancy and failover at each intersecting point of the networks. And the SBCs need to be aware of the other SBCs (security zones) and devices so that only those locations and devices are permitted to communicate with the core network. The SBCs can be implemented to allow redundancy at each security zone, registration point, and communication hub. Action Items For Communications Vendors Seeking To Help Customers Operate Multi-Owner Networks Any communications vendor seeking to help its customers deploy mobile communications and operate multi-owner converged networks needs to prepare itself to address the issues. The following list of action items can serve as a checklist for providing secure network connectivity: Understand the customer s network and pain points. Know about their specific privacy concerns, such as HIPPA, FERPA, and so forth. Find out whether communications from remote offices can be expected to contain sensitive information. Determine whether information at any of the locations should not be shared with one or more of the others. Know the level of trust between locations: Partner agreements? Contracts? Legal-disclosure agreements? Collecting this information will help mobile communications providers develop an architecture that can maintain efficient communication with adequate security. A deep understanding of the security posture on the customer s network is helpful, but keep in mind that attempting to approach the problem by bolstering that infrastructure can complicate the issue and make it harder to manage. The goal is to achieve a layer of network security that encompasses all users while simplifying the effort on any user s part. Example Use Cases: The extension of the network beyond the traditional private domains is affecting many industries and many IT professionals. For example: Healthcare A centralized medical location wants it s network domain to connect multiple outside medical offices, branch diagnostic centers, and consulting physicians. Call Center A business needs to incorporate work at home or remote call center facilities, some at international sites, yet all supported within a common network fabric to assure reliable collection of business analytics and premium customer responsiveness. avaya.com 4

Outsourced manufacturing A primary manufacturer needs to provide off-site material information, pricing information, and detailed plans for multiple sub-contractors. Single network configuration will improve time-to-market but also can lead to significant security lapses in network design. It Takes A Next-Generation SBC The SBC is no longer just an external enterprise border. With the addition of outside providers extending the services beyond the normal controlled enterprise boundaries, session border control can now be considered a necessary security layer even within what was previously called the private enterprise network. And with this increased urgency around edge security, selecting SBCs becomes a more important task. Figure 2: Avaya SBCE 6.2 deployed to provide both session border control and internal network SIP VoIP security The diagram in figure 2 shows two typical implementations for extended protection of a call center. The first (1) demonstrates connectivity to a remote agent. In this situation, the enterprise can install a back-to-back solution. The core network environment is protected as remote workers connect to the core via a separate Avaya Session Border Controller for Enterprise (SBCE). The Avaya SBCE maintains security and NAT bindings as well as end-to-end encryption in this back-to-back (B2B) scenario. The second situation (2) depicts the addition of a remote agent work group where a third Avaya SBCE is added at the remote site s edge creating a back-to-back-to-back (B2B2B) scenario. This allows for treatment of the work group as Remote, isolated from both the main network and the core and supports encryption of signaling and media from the clients to the Avaya Session Border Controller for Enterprise, and then to the core if desired. avaya.com 5

About Avaya Avaya is a global provider of business collaboration and communications solutions, providing unified communications, contact centers, networking and related services to companies of all sizes around the world. For more information please visit www.avaya.com. Avaya Aura platform users with complex networks can now deploy the Avaya Session Border Controller for Enterprise to secure communications and protect multi-tiered networks that incorporate remote workgroups, cloud providers, and outsourced service groups. The Avaya SBCE design protects against eavesdropping, unauthorized access to sensitive data, or DOS and DDoS attacks that may be launched from within the network. The Avaya SBCE can be utilized in a back-to-back device configuration (as in Figure 2) for extending security to external domains, or for a cascaded network architecture. And for additional protection, multiple Avaya SBCEs can be deployed for survivability in high-availability system layouts. Avaya SBCE 6.2 is a SIP-based unified communications (UC) security appliance. It can support security requirements at the edge for session border control and can also solve internal network SIP VoIP security needs. The Avaya SBCE is designed to provide extra protection, permitting outsourced entities access to services delivered via an Avaya Aura UC applications infrastructure. The Avaya Session Border Controller for Enterprise is designed to offer enhanced remote worker security, and support secure network-to-network integration while maintaining end-to-end visibility of the network and complete quality of service monitoring. Learn More For more information about how Avaya SBCEs can enhance the security of the solutions you provide to your customers, please contact your Avaya Account Manager or Authorized Partner, or visit us at www.avaya.com. 2014 Avaya Inc. All Rights Reserved. All trademarks identified by,, or SM are registered marks, trademarks, and service marks, respectively, of Avaya Inc. 02/13 UC7446 avaya.com 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information