Is Your Network Ready for VoIP?



Similar documents
10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

SonicWALL Corporate Design System. The SonicWALL Brand Identity

Securing the Small Business Network. Keeping up with the changing threat landscape

Clean VPN Approach to Secure Remote Access for the SMB

Consolidating SMB Network Security Infrastructure. Ways to Cut Costs and Complexity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Clean VPN Approach to Secure Remote Access

Providing Secure IT Management & Partnering Solution for Bendigo South East College

Ten easy steps to secure your small business

10 Strategies to Optimize IT Spending in an Economic Downturn. Wong Kang Yeong, CISA, CISM, CISSP Regional Security Architect, ASEAN

Next-Generation Firewalls: Critical to SMB Network Security

Multi-layered Security Solutions for VoIP Protection

The Cisco ASA 5500 as a Superior Firewall Solution

Solution Brief. Secure and Assured Networking for Financial Services

SonicWALL Unified Threat Management. Alvin Mann April 2009

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking

Network protection and UTM Buyers Guide

Dell SonicWALL Portfolio

Applications erode the secure network How can malware be stopped?

White Paper. ZyWALL USG Trade-In Program

Application Visibility and Monitoring >

Recommended IP Telephony Architecture

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Application Intelligence, Control and Visualization

Astaro Gateway Software Applications

The changing face of global data network traffic

Unified Threat Management, Managed Security, and the Cloud Services Model

IP Telephony Management

Converged Private Networks. Supporting voice and business-critical applications across multiple sites

Deploying Firewalls Throughout Your Organization

whitepaper Network Traffic Analysis Using Cisco NetFlow Taking the Guesswork Out of Network Performance Management

Dell SonicWALL Next Generation Firewall(Gen6) and Integrated Solution. Colin Wu / 吳 炳 東 Colin_Wu1@dell.com

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Avaya IP Office. Converged Communications. Contact Centres Unified Communication Services

VitalPBX. Hosted Voice That Works. For You

Supporting voice and business-critical applications across multiple sites

Cisco Small Business ISA500 Series Integrated Security Appliances

Cisco Virtual Office Flexibility and Productivity for the Remote Workforce

Why Switch from IPSec to SSL VPN. And Four Steps to Ease Transition

Next Gen Firewall and UTM Buyers Guide

Best Practices in Deploying a Secure Wireless Network

Best Practices for Securing IP Telephony

Alcatel-Lucent Services

Cisco ASA 5500 Series Business Edition

Assuring Your Business Continuity

Converged Private Networks. Supporting voice and business-critical applications across multiple sites

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail

Managed Security Services for Data

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Enhanced Enterprise SIP Communication Solutions

Security & Reliability in VoIP Solution

An outline of the security threats that face SIP based VoIP and other real-time applications

PRODUCTS & TECHNOLOGY

BEST PRACTICES FOR SECURE REMOTE ACCESS A GUIDE TO THE FUTURE

ZyXEL offer more than just a product, we offer a solution. The Prestige DSL router family benefits providers and resellers enabling them to offer:

Firewall Feature Overview

ETM System SIP Trunk Support Technical Discussion

Dell SonicWALL Secure Virtual Assist: Clientless remote support over SSL VPN

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Move over, TMG! Replacing TMG with Sophos UTM

Securing SIP Trunks APPLICATION NOTE.

Mobile workforce management software solutions. Empowering the evolving workforce with an end-to-end framework

TSC (Total Solution Communications Ltd)

Achieve Deeper Network Security

Voice Over IP (VoIP) Denial of Service (DoS)

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

WHITE PAPER. The Linksys Connected Office portfolio includes:

Advantages of Managed Security Services

Best Practices for Secure Mobile Access

Why it's time to upgrade to a Next Generation Firewall. Dickens Lee Technical Manager

Cisco Virtual Office Express

Cisco ASA 5500 Series Unified Communications Deployments

How to Build a Massively Scalable Next-Generation Firewall

Meeting the Challenges of Virtualization Security

VOICE OVER IP SECURITY

Cisco Prime Network Analysis Module Software 5.1 for WAAS VB

2010 White Paper Series. Top Ten Security Issues Voice over IP (VoIP)

An Introduction to SIP

Application Delivery Networks: The New Imperative for IT Visibility, Acceleration and Security > White Paper

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

WHITE PAPER. The Business Benefits of Upgrading Legacy IP Communications Systems.

THE VX 9000: THE WORLD S FIRST SCALABLE, VIRTUALIZED WLAN CONTROLLER BRINGS A NEW LEVEL OF SCALABILITY, COST-EFFICIENCY AND RELIABILITY TO THE WLAN

Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs

What is an E-SBC? WHITE PAPER

DEPLOYING VoIP SECURELY

Security Services. 30 years of experience in IT business

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

WAN Optimization Integrated with Cisco Branch Office Routers Improves Application Performance and Lowers TCO

NEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service

Transcription:

Is Your Network Ready for VoIP? Evaluating firewalls for VoIP access, control and security. CONTENTS The Network Will Never be the Same 2 A VoIP-Ready Firewall Criteria Checklist 2 Control Considerations for VoIP 3 Access Considerations for VoIP 3 Security Considerations for VoIP 4 SonicWALL Converged Network Security Solution 5 Case Study: Glentel 6 Conclusion 7

Abstract To achieve expected benefits from Voice or Video over Internet Protocol (VoIP), organizations must first consider the significant implications for administrative control, end-user access and overall network security. A preliminary step in this process is determining whether the existing firewall is effectively capable of supporting and securing VoIP networking. Fortunately, for some organizations, the firewall they currently have deployed may be capable of providing the functionality required to support and manage a VoIP network. This white paper explores the capabilities required for a VoIP deployment, and demonstrates how SonicWALL VoIP Firewall solutions provide the levels of control, access and security necessary for converged networks that support voice, video and data. The Network Will Never be the Same With the convergence of voice and video over IP (VoIP), traditional networks will never be the same. The growing acceptance of IP telephony means that people will increasingly place, receive, forward or reject calls based on identity, location or preference. Remote teleworkers will appear to be plugged in to the corporate voice and data network. Organizations will source talent from any location, as remote access capabilities enable teleworkers to operate as an integral part of the corporate network. Video and data will accompany calls as content-rich communications become more commonplace. People will use PCs and netbooks to sort and arrange responses using either data attachments or non-voice components directly embedded in the stored communication. Adoption of IP communications will accelerate dramatically, based on its increased effectiveness, as well as its superior cost position. VoIP provides a smaller company the ability to operate and appear as a larger company, and the scalability to expand communications across a growing organization quickly. Before reaping these benefits, however, organizations of all sizes first need to consider significant implications for administrative control, end-user access and overall network security. A preliminary step in this process is determining whether an organization's existing firewall or its prospective replacement is effectively capable of providing a converged VoIP network with adequate control, access and security. A VoIP-Ready Firewall Criteria Checklist Fortunately, for some organizations, the currently deployed firewall may already be capable of providing the functionality required to support and manage a VoIP network. As detailed in the following sections, besides offering all the standard features of a business class firewall, a VoIP Firewall should be able to provide: Quality of Service (QoS) Application Management Firewall Comprehensive Security against VoIP and common security threats Reassembly-Free Deep Packet Inspection Robust Manageability Site-to-Site IPSec VPN SSL VPN Secure Remote Access High Performance 2

Access Considerations for VoIP VoIP Firewalls can extend access to resources and reduce communications costs by connecting workers at distributed and remote locations via Virtual Private Network (VPN) technology. Remote access is also crucial in business continuity and disaster recovery scenarios. Site-to-Site IPSec VPN Organizations can extend access and reduce communications costs by connecting workers at distributed and remote locations with digital telephony devices. A VoIP Firewall can provide IPSec VPN functionality to support site-to-site VoIP traffic between distributed locations over one converged Virtual Private Network (VPN), as opposed to separate networks for each location. For example, a sales representative located in a regional branch may have the same area code and phone number prefix as one located at corporate headquarters, and be able to access four-digit dialing, call forwarding and teleconferencing between sites. Control Considerations for VoIP Performance is crucial for voice traffic and other streaming data. To ensure effectiveness, however, a VoIP firewall must include granular control features, without adding latency or burdensome administrative overhead. Quality of Service (QoS) Performance is crucial for voice traffic and other streaming data. When VoIP traffic does not receive enough bandwidth, the Quality of Service (QoS) can be degraded, resulting in choppy, echoing, or dropped calls and videoconferences. By garbling business telecommunications, degraded QoS can significantly diminish workforce productivity. In simple terms, VoIP breaks up phone conversations into separate segments (packets) that can take different routes through network firewalls to their final destination on VoIP phones. A VoIP-ready firewall is able to identify VoIP traffic coming across the network. This allows the firewall to apply policies that give VoIP traffic the highest priority when receiving, inspecting, assembling and accepting VoIP content. VoIP traffic will only make up part of all of network traffic, so it may not be enough simply to give priority to VoIP traffic to prevent issues. A VoIP firewall will also need to ensure minimum levels of available bandwidth for VoIP by managing how bandwidth is allocated to all network traffic data, applications and voice. To ensure QoS, VoIP firewalls should be able to block or manage the bandwidth allocated to non-voip applications and data (e.g., limiting the bandwidth given to peer-to-peer or streaming video sites such as YouTube), or give VoIP traffic a guaranteed minimum amount of the overall bandwidth available. Application Management Firewalls Application firewalls can extend beyond QoS prioritization by enabling administrators to dedicate bandwidth amounts based on specific applications, users and destinations. Administrators can thus guarantee minimum amounts of available bandwidth to VoIP traffic, as well as block or manage the bandwidth allocated to non-voip applications and data (e.g., restricting the bandwidth given to peer-to-peer or streaming video sites, such as MySpace and YouTube) that could affect overall network performance and productivity. 3

Easy Comprehensive Management A VoIP firewall should provide visibility into all network traffic: voice, data and applications, including logging signaling and media streams. For each VoIP connection, audit logs, as well as dynamic live reporting, can enable IT to track call senders and recipients, call duration and total bandwidth used, and extrapolate future traffic trends over hours, days, weeks and months. Dynamic reporting assists management in data analysis, system optimization, policy definition and strategic planning. To streamline administration, a VoIP Firewall should dynamically update whenever someone deploys, relocates or removes VoIP devices (such as IPenabled telephones). Dynamic updates enable plug-and-play deployment of VoIP phones, eliminating the need for hands-on configuration and significantly reducing the costs of administrative overhead. Security Considerations for VoIP VoIP-related vulnerabilities and attacks are just as varied as other types of traffic and demand the same protection services. Many of today s VoIP call servers and gateway devices use vulnerable Windows and Linux operating systems. Recent industry advisories 1 have highlighted additional VoIP vulnerabilities in Cisco, Apple, and Linksys systems. In order to protect both VoIP and non-voip network resources effectively, a VoIP firewall must maintain adequate performance levels, deliver comprehensive security, and conduct Reassembly-Free Deep Packet inspection of the entire data stream. High Performance A VoIP firewall must be able to scan traffic comprehensively, yet not inhibit network performance or business productivity by restricting latency-sensitive applications such as voice and video. Modern firewall technologies, that use multi-core processor architecture and real-time data stream inspection, can greatly enhance a VoIP Firewall s performance. Comprehensive Security A VoIP Firewall should provide comprehensive integrated security to prevent a wide range of sophisticated threats. Of particular threat to VoIP are attacks that aim to cripple network performance and business productivity. These include Denial of Service (DoS) attacks, such a Syn Flood, Ping of Death and LAND (IP), and VoIP SpiTing attacks, consisting of malformed and invalid packets masquerading as VoIP traffic. VoIP traffic is also inherently vulnerable to interception and eavesdropping attacks. A comprehensive security feature suite, as well as frequent and reliable updates to intrusion prevention signature (IPS) lists, can enable VoIP Firewalls to block these attacks and stay ahead of attacks trying to exploit the latest vulnerabilities. 1 Source: www.kb.cert.org 4

Reassembly-Free Deep Packet Inspection Malware attacks can be located anywhere in streaming data. A VoIP firewall should be able to track each VoIP session, from call inception to call end. To provide full traffic scanning without latency, this requires real-time deep packet inspection technology. Because it does not have to reassemble packets or application content, reassembly-free deep packet inspection is not memory-restrained, nor does it have to proxy traffic, resulting in greater performance. This inspection method can analyze files and content of any size in real time, and therefore is ideal for today s real-time applications and latency sensitive traffic. Administrators also should be able to configure and automatically enforce time-outs based on inactivity, as well as bypass static mappings and automatically change ports for each call. SonicWALL Converged Network Security Solutions SonicWALL VoIP Firewall solutions provide the control, access and security necessary for networks that support voice, video and data. SonicWALL offers unparalleled levels of security for the VoIP infrastructure, standards-based VoIP compatibility, and interoperability with many of the world s leading VoIP gateway and communications devices. All SonicWALL E-Class Network Security Appliances (NSA) and NSA firewalls feature the same comprehensive level of VoIP security. These SonicWALL VoIP Firewall solutions can seamlessly combine SonicWALL Network Security Appliances and Secure Remote Access solutions with third-party VoIP telephony solutions (such as Avaya) offering the highest-performance, multifunction solutions for VoIP control, access and security. SonicWALL Solutions for VoIP Network Control SonicWALL VoIP Firewalls ensure QoS with built-in bandwidth optimization, featuring support for VoIPready H.323 and SIP, as well as full VoIP over Wireless LAN (WLAN). SonicWALL Application Management Firewall enables data leakage prevention, custom signature creation, and control over Web 2.0 applications such as social networking sites. For instance, an administrator could prioritize bandwidth for VoIP, multimedia services, and business-critical applications, while restricting bandwidth for instant messaging and peer-to-peer file sharing. Featuring highly granular bandwidth control and integrated quality of service, SonicWALL Application Management Firewall consolidates bandwidth management and application-specific security into one easily managed solution. SonicWALL's management and reporting solutions, including award-winning SonicWALL Global Management System (GMS) and SonicWALL ViewPoint reporting tool, provide a comprehensive architecture for centrally creating and managing security policies across multiple SonicWALL VoIP Firewalls, delivering real-time monitoring and alerts, as well as intuitive compliance and usage reports, all from a single management interface. SonicWALL Solutions for VoIP Network Access Offering integrated IPSec and SSL VPN technologies on select models, SonicWALL VoIP firewalls deliver access to VoIP business resources (such as voicemail and teleconferencing) for employees, distributed office sites, partners and contractors from anywhere. To prepare for resolving unexpected disruptions in access to VoIP systems and voicemail, SonicWALL Continuous Data Protection (CDP) solutions offer flexible Offsite Data Backup, Site-to-Site Data Backup, Local Archiving and Bare Metal Recovery options to address any disaster recovery scenario even if the original VoIP device or voicemail server platform is unavailable. 5

SonicWALL Solutions for VoIP Network Performance SonicWALL VoIP Firewalls deliver breakthrough performance with SonicWALL s high-speed Reassembly- Free Deep Packet Inspection (RFDPI) (U.S. Patent 7,310,815D-A), which delivers critical protection as well as industry-leading performance by evaluating streaming VoIP data in real time, and leveraging up to 16 multi-core processors. The SonicWALL and Comprehensive Gateway Security Suite (CGSS) include an expanding array of seamlessly integrated Unified Threat Management (UTM) services for gateway anti-virus, anti-spyware, intrusion prevention, Application Management Firewall, content filtering and more. SonicWALL has extended its IPS signature database with VoIP-specific signatures designed to prevent malicious traffic from reaching protected VoIP phones and servers. In addition, SonicWALL s Comprehensive Anti-Spam Service delivers advanced spam protection at the network gateway to eliminate spam, phishing and other productivity threats. Case Study: Glentel Glentel (TSX: GLN) is a leading provider of innovative and reliable telecommunications services and solutions in Canada and the United States. While Glentel has more than quadrupled the number of locations and revenue, its IT staff has grown at only half that rate. Therefore, when Glentel decided to update its 20- year-old internal PBX system at its corporate offices to VoIP PBX, the company required centralized control of all voice and data traffic and security, as well as minimal deployment costs and complexity. The conversion to VoIP also presented Glentel with a new IT priority: voice security. Because VoIP uses IP as its conduit, it is vulnerable to the same sorts of attacks as other Internet traffic, including viruses, Trojans, eavesdropping and denial-of-service attacks. Glentel needed a way to protect its VoIP traffic as thoroughly and rigorously as it protected the rest of its network data. To minimize costs and enhance the return on its investment in technology, Glentel chose to build its VoIP solution upon its existing infrastructure, which included SonicWALL network security appliances with built-in VoIP capabilities. This provided Glentel with real-time deep packet inspection combined with dynamically updated gateway anti-virus, anti-spyware, intrusion prevention, Application Management Firewall, enforced desktop anti-virus, and Web content filtering. The complete VoIP solution integrated SonicWALL VoIP firewalls with HP ProCurve switches, Mitel phones, and Microsoft Office Communication Server (OCS). SonicWALL is interoperable with all leading VoIP vendors, and plug-and-protect support automatically accommodates any added or removed VoIP device. Glentel configured the SonicWALL network security appliance to segment off separate VLANs for voice and data. Today, the IT group operates out of two offices, but appears as a singular entity via one telephone number. The combined solution allows the seamless transfer and escalation of calls and issues within the IT department. With almost 300 geographical locations interconnected and protected by SonicWALL VoIP firewalls, Glentel uses the SonicWALL Global Management System (GMS) to centrally control and manage its infrastructure. Another benefit with SonicWALL has been ease of deployment. Adding new sites is simple and efficient. IT can easily turn-up or turn-down remote locations without incurring down-time, as the SonicWALL VoIP firewalls do not need to be restarted. 6

Conclusion The traditional role of the firewall in a VoIP network is undergoing a radical evolution. The role of the firewall has evolved from behaving nicely in a VoIP environment to fully enabling and protecting the entire VoIP infrastructure with granular administrative controls, broader end-user access and more comprehensive network security. Organizations may find their currently deployed firewall is already capable of providing the functionality required to support and manage a VoIP network. SonicWALL VoIP Converged Network Security Solutions deliver unparalleled levels of security ensured QoS, greater ease-of-management, and secure remote access, for the VoIP network. 2010SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information