Ingate SIParator /Firewall SIP Security for the Enterprise

Similar documents
Ingate Firewall & SIParator Product Training. SIP Trunking Focused

Security for SIP-based VoIP Communications Solutions

Aeonix & Ingate. Role in Enterprise

What is SIP Trunking? ebook

White Paper. SIP Trunking: Deployment Considerations at the Network Edge

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

Net-Net enterprise session border controller playbook

Real-time Communications Security and SDN

The leader in session border control. for trusted, first class interactive communications

Firewalls for Secure Unified Communications

Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

Frequently Asked Questions (Dialogic BorderNet 500 Gateways)

Security Assessment Checklist

Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide

HP AllianceONE Services zl Module for Avaya Aura Session Border Controller powered by Acme Packet

VoIP Security Threat Analysis

Understanding Cisco Unified Communications Security

Unified Communications Threat Management (UCTM) Secure Communications and Collaborations

ABC SBC: Securing the Enterprise. FRAFOS GmbH. Bismarckstr CHIC offices Berlin. Germany.

Brochure. Dialogic BorderNet Session Border Controller Solutions

Sonus Networks engaged Miercom to evaluate the call handling

New and Current Approaches for Secure VoIP Service

Patton Electronics Co Rickenbacker Drive, Gaithersburg, MD 20879, USA tel: fax:

Application Note. Microsoft OCS 2007 Configuration Guide

ABC SBC: Secure Peering. FRAFOS GmbH

White Paper. accelerateinnovation. Security Measures for Converged Networks June 2005 Author: Ramana Mylavarapu. security voice wireless

FreeSWITCH as a Kickass SBC. Moises Silva Manager, Software Engineering

Modern IP Communication bears risks

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

SIP as an Enabling Technology

SIP Trunking & Security. Dan York, CISSP VOIPSA Best Practices Chair

Who Needs an Enterprise Session Border Controller?

Next Genera*on Tex*ng, Video Calling and Network Management October 2012 IPSTA Conference

Secure Telephony Enabled Middle-box (STEM)

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Application Note Asterisk BE with SIP Trunking - Configuration Guide

VoIP Security and Mitel IP Telephony Solutions. Dan York Chair, Mitel Product Security Team February 2006

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

NEC: SIP Trunking Configuration Guide V.1

Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise

Cisco Webex Cloud Connected Audio

Configure Basic Firewall Settings on the RV34x Series Router

Voice over IP. What You Don t Know Can Hurt You. by Darren Bilby

Abstract. Avaya Solution & Interoperability Test Lab

The Case for Secure Communications

SBC Site Survey Questionnaire Forms

Application Note Asterisk BE with Remote Phones - Configuration Guide

ITSPA RECOMMENDATIONS FOR SECURE DEPLOYMENT OF AN IP-PBX PUBLIC NODE4 LIMITED 17/07/2017

Delivering enterprise cost savings with SIP trunking and SBCs

UTM. (Unified Threat Manager) Support for signatures from Snort VRT and Emerging Threat.

Avaya Session Border Controller for Enterprise

Session Border Controllers: A Primer

ORACLE ENTERPRISE COMMUNICATIONS BROKER

Comparative table of the call capacity of KMG 200 MS: Number of SBC calls Maximum TDM channels Total calls Bridge**

NGN: Carriers and Vendors Must Take Security Seriously

Security Enhancements

We will divide the many telecom fraud schemes into three broad categories, based on who the fraudsters are targeting. These categories are:

Business VoIP Migration Strategies

Secure Communications on VoIP Networks

SIP Trunking Seminar Introduction to SIP Trunking

Telecommunications Glossary

SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels

Cyber Security Audit & Roadmap Business Process and

The Role of E-SBC in VoIP Business Connectivity. 16 November 2011

GPRS security. Helsinki University of Technology S Security of Communication Protocols

Achieving End-to-End Security in the Internet of Things (IoT)

H.323-to-H.323 Interworking on CUBE

Allstream NGNSIP Security Recommendations

Technical Overview. Mitel MiCloud Telepo for Service Providers 4.0. Key Features

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Network Security. Thierry Sans

Enterprise Voice and Online Services with Microsoft Lync Server 2013

IP Mobility vs. Session Mobility

Indicate whether the statement is true or false.

Trends and Developments in Telecommunication Security

Securing Real-Time Communications

SBCs from Sangoma Flexibility, Ease of Use and an Unmatched ROI Simon Horton Director of Product Management

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

itel MPLS (IP VPN) Maximum Network Potential

Never Drop a Call With TecInfo SIP Proxy White Paper

CHAPTER 8 SECURING INFORMATION SYSTEMS

Sangoma Session Border Controllers. Frederic Dickey Shaunt Libarian October 17, 2013

AT&T ESInet Customer Presentation

Cisco 5921 Embedded Services Router

Project Proposal for:

Chapter 5. Security Components and Considerations.

EXAMGOOD QUESTION & ANSWER. Accurate study guides High passing rate! Exam Good provides update free of charge in one year!

Firewalls, Tunnels, and Network Intrusion Detection

Simple and Powerful Security for PCI DSS

WE SEE YOUR VOICE. SecureLogix We See Your Voice

Deploying Voice Workloads for Skype for Business Online and Server

CIS 5373 Systems Security

Grandstream Networks, Inc. UCM6100 Security Manual

Information Technology Security Guideline. Network Security Zoning

Cisco Unified Presence 8.0

Broadband Internet Access Disclosure

Enabling Trusted Unified Communications. Steven J. Johnson President, Ingate Systems Inc.

Cyber Criminal Methods & Prevention Techniques. By

v2.0 September 30, 2013

Transcription:

Ingate SIParator /Firewall SIP Security for the Enterprise Ingate Systems Ingate Systems AB (publ) Tel: +46 8 600 77 50

BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?... 3 3 SECURITY WITH AN E-SBC... 4 4 SUCCESSFUL DELIVERY OF VOIP... 5 Ingate Systems AB (publ) Tel: +46 8 600 77 50

Background Voice over IP (VoIP) is incorporated into a variety of computer networks, both public and private, and used for everyday transactions and communications among carriers, businesses, government agencies and individuals. SIP trunking, remote/mobile workers, and Unified Communications are some of many forms of VoIP applications. Over these varieties of computer networks, enterprises use IP-PBXs, Unified Communications (UC) applications, computers, mobile smart phones, wireless connectivity, Internet access and VoIP carriers make it easier than ever for workers to conduct business anywhere, anytime. Extending corporate voice, video and UC services to Internet users and VoIP carriers, businesses can implement flexible telecommunication applications and business communication plans, and eliminate costly legacy phone system expenses. But operating VoIP with IP-PBXs and Unified Communications systems over the Internet and untrusted networks raises a variety of security, interoperability and reliability concerns. Businesses are worried about exposing corporate resources and information to hackers (via the Internet or internally) and eavesdroppers, maintaining acceptable voice and video quality over the Internet and VoIP carriers, and encountering interoperability issues when interfacing with firewalls and public network services. The Ingate SIParator is an Enterprise Session Border Controller (E-SBCs) specifically designed to deliver the strong network security, with easy interoperability and reliable communications, required for VoIP SIP communications - voice, video and multimedia - over the Internet and VoIP carrier networks. Ingate Systems AB (publ) Tel: +46 8 600 77 50 1

1 Network Security Network Security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security must also extend into VoIP applications such as SIP trunking, remote/mobile workers, and Unified Communications. All security solutions start with a security policy. It is in the best interest of every enterprise to protect corporate resources and information from unknown users and malicious activities. Often enterprises create Network Security Zones, a boundary between networks that describes a level of trust, referred to as Trusted Zones and Untrusted Zones. When Networks are part of a Trusted Zone, all traffic is allowed and no authentication is required. But in Untrusted Zones, no traffic is allowed and an administrator defines the services and policies to restrict access. The Internet is obviously an Untrusted Zone, as there is no control over network access, users and malicious activity. Firewalls are ubiquitous in today s IP networks, they protect IP data networks, servers and applications against a variety of threats through stateful inspection and filtering, they are used to define the services and polices allowed from the Internet and Untrusted Zones to the enterprise Trusted Zone. To complete the ubiquitous solution, including VoIP, an E-SBC is used define the VoIP services and polices that are allowed. But VoIP is delivered from more networks than just the Internet. VoIP is delivered on foreign networks such as carrier private networks for the use of SIP trunking and hosted applications. Since these networks are outside of the Trusted Zone of the enterprise an E-SBC must be used to provide the security service and policy between the enterprise Trusted Zone and Untrusted Zones. Ingate Systems AB (publ) Tel: +46 8 600 77 50 2

2 Why is VoIP Security Important? There is an End of Geography, IP Protocol is an OPEN network system, no longer is there a need to be physically present to gain access to a device, any IP address can connect with any other IP address. IP protocol and IP addresses are fundamental in a variety of computer networks, both public and private, and used in every day transactions and communications among carriers, businesses, government agencies and individuals. Businesses are concerned about exposing corporate VoIP resources and VoIP information to hackers (via the Internet or internally, public or private) and eavesdroppers, maintaining acceptable voice and video quality over the Internet and VoIP carriers, and encountering interoperability issues when interfacing with firewalls and public network services. A method to prevent fraudulent VoIP activities is needed between Trusted and Untrusted Networks. Types of fraudulent VoIP activities include the following; Identify Theft, Toll Fraud, Spoofing, Misuse, SPAM, SPIT, Vishing, Eavesdropping, Data Mining, Reconnaissance, Disruption of Service, Denial of Service, and Fuzzing. Ingate Systems AB (publ) Tel: +46 8 600 77 50 3

3 Security with an E-SBC Session Border Controllers uniquely provide all of the controls required for delivering trusted, secured, reliable and high-quality IP interactive communications: Security: IP PBX and UC server DoS/DDoS attack protection, SBC self-protection Communications reach maximization: IP PBX and UC SIP Protocol interoperability, remote NAT traversal SLA assurance: IP PBX & UC server session admission and overload control, data center disaster recovery, remote site survivability, Call Admission Control, SBC highavailability operation Data Firewalls with application layer gateways (FW/ALG) are effective in securing dataoriented application infrastructure (PCs, servers) but do not generally have the tools necessary to also manage and control enterprise SIP implementations. E-SBCs provide detailed access control features to prevent fraud and service theft; IP address and topology hiding to safeguard privacy and confidentiality. Also DoS/DDoS prevention and IP telephony spam protection to ward off malicious attacks; and signaling and media encryption to prevent eavesdropping, hijacking and Theft of Service. Ingate SIParator E-SBCs support Transport Layer Security (TLS) and Secure Real-Time Protocol (SRTP) to ensure privacy and confidentiality without the complexity or overhead of conventional VPN solutions. The Ingate SIParator can be used as a VoIP security device to address some common SIP attacks such as: Intrusion of Services (or Theft of Service) Devices attempting Register with a IP-PBX in an attempt to look like an IP-PBX extension and gain IP-PBX services SPIT (SPAM over Internet Telephony) Toll Fraud A form of an Intrusion of Service, where malicious attempts to send INVITEs to an IP-PBX to gain access to PSTN Gateways and SIP Trunking to call the PSTN Denial of Service INVITE (or any SIP Request) Flood in an attempt to slow services or disrupt services Or any UDP or TCP traffic directed at a SIP Service on SIP Ports Indirect Security Breaches Data Mining, Network Topology Ingate Systems AB (publ) Tel: +46 8 600 77 50 4

4 Successful Delivery of VoIP Requirements for the successful delivery of enterprise and contact center VoIP/UC services and applications: SBC/FW DoS/DDoS Self-Protection VoIP Security for Theft of Service IP PBX & UC SIP Protocol Interoperability IP PBX/UC Server Session Admission & Overload Control Remote Site NAT Traversal High Availability VoIP Operations Data Center Disaster Recovery Remote Site Survivability using SBC/FW Call Admission Control Ingate Systems AB (publ) Tel: +46 8 600 77 50 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback