Ingate Firewall/SIParator SIP Security for the Enterprise

Similar documents
Oracle s Solution for Secure Remote Workers. Providing Protected Access to Enterprise Communications

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios

Securing SIP Trunks APPLICATION NOTE.

Acme Packet session border controllers in the enterprise

Securing Unified Communications for Healthcare

Session Border Controllers in Enterprise

Oracle s SIP Network Consolidation Solutions. Using SIP to Reduce Expenditures and Improve Communications

OpenScape UC Firewall and OpenScape Session Border Controller

Voice Over IP and Firewalls

What is an E-SBC? WHITE PAPER

Presenter. Zane Ryan. Director Dot Force

White Paper. avaya.com 1. Table of Contents. Starting Points

SangomaSBCs Keeping Your VoIP Network Secure. Simon Horton Sangoma

SIP SECURITY JULY 2014

Recommended IP Telephony Architecture

Voice over IP Security

Oracle s Unified Communications Infrastructure Solution. Delivering Secure, Reliable, and Scalable Unified Communications Services

OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border

SIP Trunking Configuration with

ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS

Session Control Applications for Enterprises

SBC - the UC-glue Security, Interoperability, Reliability. Alexander Kunzi

How To Support An Ip Trunking Service

An Oracle White Paper February Centralized vs. Distributed SIP Trunking: Making an Informed Decision

SBC WHITE PAPER. The Critical Component

An outline of the security threats that face SIP based VoIP and other real-time applications

SIP Trunking with Microsoft Office Communication Server 2007 R2

Application Note Patton SmartNode in combination with a CheckPoint Firewall for Multimedia security

Oracle s Session Initiation Protocol Trunking Solution. Increase Agility and Reduce Costs with Session Initiation Protocol Trunks

VoIP Security: How Secure is Your IP Phone?

PETER CUTLER SCOTT PAGE. November 15, 2011

How the ETM (Enterprise Telephony Management) System Relates to Session Border Controllers (SBCs) A Corporate Whitepaper by SecureLogix Corporation

Building the Lync Security Eco System in the Cloud Fact Sheet.

Best Practices for Securing IP Telephony

An Oracle White Paper August What Is an Enterprise Session Border Controller?

Ram Dantu. VOIP: Are We Secured?

APPLICATION NOTE. SIP Trunking Connectivity, Security and Deployment Scenarios. Introduction

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

S-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009

VOICE OVER IP SECURITY

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Your Voice is Critical. OpenScape Enterprise voice solutions gives power to voice

Oracle s Contact Center Communications Solution. Improve Business Agility, Customer Satisfaction and Economics

Release the full potential of your Cisco Call Manager with Ingate Systems

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

TLS and SRTP for Skype Connect. Technical Datasheet

Dialogic BorderNet Session Border Controller Solutions

SIP Security Controllers. Product Overview

Security Best Practices for Enterprise VoIP. Preventing Attacks and Managing Risk

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

Acme Packet session border controllers in the contact center

Secure VoIP for optimal business communication

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Recommendations for secure deployment of an IP-PBX

Dialogic. BorderNet Products Interwork and Connect Seamlessly and Securely at the Network Edge

Your Voice is Critical. OpenScape Enterprise voice solutions gives power to voice

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Threat Mitigation for VoIP

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

T.38 fax transmission over Internet Security FAQ

Brochure. Dialogic BorderNet Session Border Controller Solutions

1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4

How To Protect Your Business From A Voice Firewall

Telephony Denial of Service (TDoS) Attacks. Dan York, CISSP Chair, VoIP Security Alliance

Cisco Advanced Services for Network Security

Oracle Enterprise Communications Solutions for Microsoft Lync. Migrate seamlessly to Microsoft Lync while reducing cost and complexity

VoIP some threats, security attacks and security mechanisms. Lars Strand RiskNet Open Workshop Oslo, 24. June 2009

Basic Vulnerability Issues for SIP Security

Mitigating the Security Risks of Unified Communications

Acme Packet session border controllers in the enterprise

Avaya SBCE 6.3 Security Configuration and Best

VoIP Security regarding the Open Source Software Asterisk

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack

Building the Lync Security Eco System in the Cloud Fact Sheet.

Kommunikationsdienste im Internet Möglichkeiten und Risiken

UC and SIP Trunking Luncheon. Sponsored by:

VoIP Security Threats and Vulnerabilities

Oracle Enterprise Communications Solutions for Microsoft Lync. Migrate seamlessly to Microsoft Lync while reducing cost and complexity

Security issues in Voice over IP: A Review

CHAPTER 1 INTRODUCTION

Dialogic BorderNet 500 Gateways

Transparent weaknesses in VoIP

Transcription:

Ingate Firewall/SIParator SIP Security for the Enterprise Ingate Systems February, 2013 Ingate Systems AB (publ) Tel: +46 8 600 77 50

BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?... 3 3 SECURITY WITH AN E-SBC... 4 4 SUCCESSFUL DELIVERY OF VOIP... 5 Ingate Systems AB (publ) Tel: +46 8 600 77 50

Background Voice over IP (VoIP) is incorporated into a variety of computer networks, both public and private, and used for everyday transactions and communications among carriers, businesses, government agencies and individuals. SIP trunking, remote/mobile workers, and Unified Communications are some of many forms of VoIP applications. Over these varieties of computer networks, enterprises use IP-PBXs, Unified Communications (UC) applications, computers, mobile smart phones, wireless connectivity, Internet access and VoIP carriers make it easier than ever for workers to conduct business anywhere, anytime. Extending corporate voice, video and UC services to Internet users and VoIP carriers, businesses can implement flexible telecommunication applications and business communication plans, and eliminate costly legacy phone system expenses. But operating VoIP with IP-PBXs and Unified Communications systems over the Internet and untrusted networks raises a variety of security, interoperability and reliability concerns. Businesses are worried about exposing corporate resources and information to hackers (via the Internet or internally) and eavesdroppers, maintaining acceptable voice and video quality over the Internet and VoIP carriers, and encountering interoperability issues when interfacing with firewalls and public network services. The Ingate SIParator is an Enterprise Session Border Controller (E-SBCs) specifically designed to deliver the strong network security, with easy interoperability and reliable communications, required for VoIP SIP communications - voice, video and multimedia - over the Internet and VoIP carrier networks. Ingate Systems AB (publ) Tel: +46 8 600 77 50 1

1 Network Security Network Security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security must also extend into VoIP applications such as SIP trunking, remote/mobile workers, and Unified Communications. All security solutions start with a security policy. It is in the best interest of every enterprise to protect corporate resources and information from unknown users and malicious activities. Often enterprises create Network Security Zones, a boundary between networks that describes a level of trust, referred to as Trusted Zones and Untrusted Zones. When Networks are part of a Trusted Zone, all traffic is allowed and no authentication is required. But in Untrusted Zones, no traffic is allowed and an administrator defines the services and policies to restrict access. The Internet is obviously an Untrusted Zone, as there is no control over network access, users and malicious activity. Firewalls are ubiquitous in today s IP networks, they protect IP data networks, servers and applications against a variety of threats through stateful inspection and filtering, they are used to define the services and polices allowed from the Internet and Untrusted Zones to the enterprise Trusted Zone. To complete the ubiquitous solution, including VoIP, an E-SBC is used define the VoIP services and polices that are allowed. But VoIP is delivered from more networks than just the Internet. VoIP is delivered on foreign networks such as carrier private networks for the use of SIP trunking and hosted applications. Since these networks are outside of the Trusted Zone of the enterprise an E-SBC must be used to provide the security service and policy between the enterprise Trusted Zone and Untrusted Zones. Ingate Systems AB (publ) Tel: +46 8 600 77 50 2

2 Why is VoIP Security Important? There is an End of Geography, IP Protocol is an OPEN network system, no longer is there a need to be physically present to gain access to a device, any IP address can connect with any other IP address. IP protocol and IP addresses are fundamental in a variety of computer networks, both public and private, and used in every day transactions and communications among carriers, businesses, government agencies and individuals. Businesses are concerned about exposing corporate VoIP resources and VoIP information to hackers (via the Internet or internally, public or private) and eavesdroppers, maintaining acceptable voice and video quality over the Internet and VoIP carriers, and encountering interoperability issues when interfacing with firewalls and public network services. A method to prevent fraudulent VoIP activities is needed between Trusted and Untrusted Networks. Types of fraudulent VoIP activities include the following; Identify Theft, Toll Fraud, Spoofing, Misuse, SPAM, SPIT, Vishing, Eavesdropping, Data Mining, Reconnaissance, Disruption of Service, Denial of Service, and Fuzzing. Ingate Systems AB (publ) Tel: +46 8 600 77 50 3

3 Security with an E-SBC Session Border Controllers uniquely provide all of the controls required for delivering trusted, secured, reliable and high-quality IP interactive communications: Security: IP PBX and UC server DoS/DDoS attack protection, SBC self-protection Communications reach maximization: IP PBX and UC SIP Protocol interoperability, remote NAT traversal SLA assurance: IP PBX & UC server session admission and overload control, data center disaster recovery, remote site survivability, Call Admission Control, SBC highavailability operation Data Firewalls with application layer gateways (FW/ALG) are effective in securing dataoriented application infrastructure (PCs, servers) but do not generally have the tools necessary to also manage and control enterprise SIP implementations. E-SBCs provide detailed access control features to prevent fraud and service theft; IP address and topology hiding to safeguard privacy and confidentiality. Also DoS/DDoS prevention and IP telephony spam protection to ward off malicious attacks; and signaling and media encryption to prevent eavesdropping, hijacking and Theft of Service. Ingate SIParator E-SBCs support Transport Layer Security (TLS) and Secure Real-Time Protocol (SRTP) to ensure privacy and confidentiality without the complexity or overhead of conventional VPN solutions. The Ingate SIParator can be used as a VoIP security device to address some common SIP attacks such as: Intrusion of Services (or Theft of Service) Devices attempting Register with a IP-PBX in an attempt to look like an IP-PBX extension and gain IP-PBX services SPIT (SPAM over Internet Telephony) Toll Fraud A form of an Intrusion of Service, where malicious attempts to send INVITEs to an IP-PBX to gain access to PSTN Gateways and SIP Trunking to call the PSTN Denial of Service INVITE (or any SIP Request) Flood in an attempt to slow services or disrupt services Or any UDP or TCP traffic directed at a SIP Service on SIP Ports Indirect Security Breaches Data Mining, Network Topology Ingate Systems AB (publ) Tel: +46 8 600 77 50 4

4 Successful Delivery of VoIP Requirements for the successful delivery of enterprise and contact center VoIP/UC services and applications: SBC/FW DoS/DDoS Self-Protection VoIP Security for Theft of Service IP PBX & UC SIP Protocol Interoperability IP PBX/UC Server Session Admission & Overload Control Remote Site NAT Traversal High Availability VoIP Operations Data Center Disaster Recovery Remote Site Survivability using SBC/FW Call Admission Control Ingate Systems AB (publ) Tel: +46 8 600 77 50 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information