SlideShare a Scribd company logo
1 of 23
Download to read offline
SBC: Do I really need it?
Prepared by: Md. Abul Bashar Azad
abazad@office.bdcom.com
Bangladesh Safe home for
foreign VOIP frauds
RAB arrested 37 Chinese and
Taiwnese nationals and seize
(Dhaka tribune 2014 )
BTRC asks telcos to check
call spoofing (prothomalo 2016)
BTRC alerts mobile users to
frauds
(https://www.thedailystar.net
2016)
bKash fraud gang members run amok
(Observerbd.com 2018)
Challenge in Telecom industry?
FBI finds Philippine hackers
Compromised AT&T network and
used their phone systems to call
others long distance phone number.
AT&T losses of up to $2.0 million
(November 2011)
Massive DDoS attacks a growing
threat to a VoIP service.
It crashes TelePacific VoIP system.
Average 34 million SIP traffic VoIP
connections requests in 1 day and
flooding their systems
(March 2011)
IP-Telephony Service scenario in
Bangladesh
Who is used
1.Indevisual person
2. Bank and financial
institute
3. University
4. Airline industry
5.Ecommarce site
6. others
24 active IPTSP
(Sipix.bdix.net)
Technology used
1. IP Phone
2. Callcenter
3. IP-PABX
4. Hosted
service
Fact of VOIP business
According to the Global Loss Survey 2013 of the communications Fraud Control Association (CFCA)
Through illegal voice over internet protocol (VOIP) Bangladesh government
yearly losses tk130 billion revenue annually
(dailyasianage.com 2017)
The global telecom industry annual losses of $46.3 Billion due to toll fraud
Abuse Methods in telecom industry
12.00%
10.00%
10.00%
7.00%
6.00%
0.00% 2.00% 4.00% 6.00% 8.00% 10.00% 12.00% 14.00%
PBX Hacking
Subscription Fraud
VoIP Hacking
Dealer Fraud
Identity Theft
Top 5 Emerging Fraud Methods
Communications Fraud Control Association survey report
So Security is utterly eminent
indispensable
What is sip trunk?
Session Initiation Protocol (SIP)
 Controls multimedia communication sessions such as voice, instant
messaging, video, etc.
 Many types of devices - computers, phones, video equipment, etc. - can
exchange data over SIP
 SIP is considered a quality protocol with flexibility to support integrated voice
& data communications
SIP Trunk
 Virtual voice channels (or paths) over an Internet Protocol (IP) network
 One SIP trunk can support many direct inward dial (DID) extensions
SIP TRUNK
What is SBC?
Session Border Controller
A Session Border Controller (SBC) is a dedicated hardware device or
application that governing calls on a VOIP network. It’s allowing only
authorized session pass through the connecting point.
Which Reasons you need to SBC?
Session Control
Security
Interoperability
Demarcation
Call admission control, routing, Billing,
NAT
Encryption, Authentication, Policy,
Firewall , VoIP Fraud
SIP -SIP,-1 H323-sip, DTMF relay and
interworking, Voice Transcoding
Fault Isolation, Topology Hiding, Session
Border
Session Control
 Check available Bandwidth
 Call limit set
 Policy
Session Control
• Class 4 rouging:
• Internal Routed database
• Load share Database
• Priority routing
• Lest cost routing
• Or custom routing
• Radius AAA
• Authentication, Authorization,
• Accounting
Billing and Routing
• Session troubleshooting
• Live call analysis
• Call test
• Call recording
• Live wireshark analysis
Session Control
Block sip port trunk not registered
Open port trunk registered and hacker make money
SBC Protect
The Attack
SBC protect your traffic
Security
Demarcation
SBC Security
Threat Protection Sip firewall IP firewall SBC Intrusion
Detection
Sip rate limit
UDP Threats
UDP Flood
RTP Threats
RTP spoofing
SIP Threats
SIP Invite spoof
IP Threat
IP Spoofing
ICMP Threat
ICMP flood
TCP Threat
Scan attack–
TCP port
Log or block
failed sip
request
Block
service
Allow
service
SBC has been pre-
configured with a set of
known attacks
Prevent DOS
type attack
If limit cross
Dynamic
block IP
Firewalls
Comparison SBCs vs. Firewalls
• Back-to-back user agent
• Fully state-aware at
 layers 2-7
 Inspects and modifies any
application layer header info
(SIP, SDP, etc.)
 Can terminate, initiate,
 re-initiate signaling & SDP
 Static & dynamic ACLs
• Maintains single session
• Fully state-aware at
 layers 3 & 4 only
 Inspects and modifies only
application layer addresses
(SIP, SDP, etc.)
 Unable to terminate, initiate, re-
initiate signaling & SDP
 Static ACLs only
SBC
SBCE
AdvancedFirewall IP-PBXIDS / IPS
Layer 3 attack
Layer 4 attack
SBCE
Standard
OS attack
Application attack
SIP protocol fuzzing
SIP denial of service/distributed denial of service
SIP spoofing
SIP advanced toll fraud (call walking, stealth attacks)
Media Replication
Signaling/Media Encryption
Segment of VoIP Security
SBC interoperability
Connect every call
Connect every call
1. Connect sessions even with
miasmas
2. Less route retries call ASR
increase
3. Connect session even no
common codec
4. Establish more calls to improve
ASR
SBC Demarcation
Demarcation
1. Fault Isolation and
dynamic black list
2. Topology hiding
SBC Cover your business size ?
High capacity up to 60000 current session handle with media RTP
Swift handle inbound and out bound call
Minimize delay on call setup
Reduce call drop
Telephony Service Provider Future Diagram
Thank You

More Related Content

What's hot

Voice encryption for gsm using arduino
Voice encryption for gsm using arduinoVoice encryption for gsm using arduino
Voice encryption for gsm using arduino
iruldaworld
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Fatih Ozavci
 
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesDefcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Priyanka Aash
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
Fatih Ozavci
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP Gateways
Fatih Ozavci
 

What's hot (20)

Labmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM System
Labmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM SystemLabmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM System
Labmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM System
 
SlingSecure Mobile Voice Encryption
SlingSecure Mobile Voice EncryptionSlingSecure Mobile Voice Encryption
SlingSecure Mobile Voice Encryption
 
Voice encryption for gsm using arduino
Voice encryption for gsm using arduinoVoice encryption for gsm using arduino
Voice encryption for gsm using arduino
 
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical Overview
 
Strong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesStrong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital Services
 
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and DefenceHardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
 
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesDefcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP Gateways
 
Introduction to VoIP Security
Introduction to VoIP SecurityIntroduction to VoIP Security
Introduction to VoIP Security
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
 
Sip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introSip 416 (sip proxy server) intro
Sip 416 (sip proxy server) intro
 
Sip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introSip 416 (sip proxy server) intro
Sip 416 (sip proxy server) intro
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.
 
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
 
Voip
VoipVoip
Voip
 
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
 
Security and identity management on WebRTC
Security and identity management on WebRTCSecurity and identity management on WebRTC
Security and identity management on WebRTC
 
Rfid Roadii For Wal Mart Provider C
Rfid Roadii For Wal Mart Provider CRfid Roadii For Wal Mart Provider C
Rfid Roadii For Wal Mart Provider C
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
 

Similar to SBC: Do I really need it?

Review of SIP based DoS attacks
Review of SIP based DoS attacksReview of SIP based DoS attacks
Review of SIP based DoS attacks
Editor IJCATR
 
Sinnreich Henry Johnston Alan Pt 2
Sinnreich Henry Johnston Alan   Pt 2Sinnreich Henry Johnston Alan   Pt 2
Sinnreich Henry Johnston Alan Pt 2
Carl Ford
 
Voice over IP: Issues and Protocols
Voice over IP: Issues and ProtocolsVoice over IP: Issues and Protocols
Voice over IP: Issues and Protocols
Videoguy
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
ronak56
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
daniahendric
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
makdul
 
How To Successfully Implement IP Video
How To Successfully Implement IP VideoHow To Successfully Implement IP Video
How To Successfully Implement IP Video
Videoguy
 

Similar to SBC: Do I really need it? (20)

Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/Secuirty
 
Current trends and innovations in voice over IP
Current trends and innovations in voice over IPCurrent trends and innovations in voice over IP
Current trends and innovations in voice over IP
 
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPAN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
 
Review of SIP based DoS attacks
Review of SIP based DoS attacksReview of SIP based DoS attacks
Review of SIP based DoS attacks
 
VOIP
VOIPVOIP
VOIP
 
Introduction To SIP
Introduction  To  SIPIntroduction  To  SIP
Introduction To SIP
 
VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)
 
Sinnreich Henry Johnston Alan Pt 2
Sinnreich Henry Johnston Alan   Pt 2Sinnreich Henry Johnston Alan   Pt 2
Sinnreich Henry Johnston Alan Pt 2
 
Voip security
Voip securityVoip security
Voip security
 
Vo ip sip
Vo ip sipVo ip sip
Vo ip sip
 
VoIP Security
VoIP SecurityVoIP Security
VoIP Security
 
Voice over IP: Issues and Protocols
Voice over IP: Issues and ProtocolsVoice over IP: Issues and Protocols
Voice over IP: Issues and Protocols
 
Case study about voip
Case study about voipCase study about voip
Case study about voip
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
Indigo Product And Technology Overivew 2005
Indigo Product And Technology Overivew 2005 Indigo Product And Technology Overivew 2005
Indigo Product And Technology Overivew 2005
 
Vo ip
Vo ipVo ip
Vo ip
 
How To Successfully Implement IP Video
How To Successfully Implement IP VideoHow To Successfully Implement IP Video
How To Successfully Implement IP Video
 
Securing VoIP Networks
Securing VoIP NetworksSecuring VoIP Networks
Securing VoIP Networks
 

More from Bangladesh Network Operators Group

More from Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia  2022IPv6 Deployment in South Asia  2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 

Recently uploaded

audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
lolsDocherty
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
ChloeMeadows1
 

Recently uploaded (17)

Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirts
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
 
Free scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirtsFree scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirts
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirts
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's Guide
 
Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdf
 
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
 
I’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 ShirtI’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 Shirt
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
 
Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of apps
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
 
AI Generated 3D Models | AI 3D Model Generator
AI Generated 3D Models | AI 3D Model GeneratorAI Generated 3D Models | AI 3D Model Generator
AI Generated 3D Models | AI 3D Model Generator
 
The Rise of Subscription-Based Digital Services.pdf
The Rise of Subscription-Based Digital Services.pdfThe Rise of Subscription-Based Digital Services.pdf
The Rise of Subscription-Based Digital Services.pdf
 
GOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdfGOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdf
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdf
 

SBC: Do I really need it?

  • 1. SBC: Do I really need it? Prepared by: Md. Abul Bashar Azad abazad@office.bdcom.com
  • 2. Bangladesh Safe home for foreign VOIP frauds RAB arrested 37 Chinese and Taiwnese nationals and seize (Dhaka tribune 2014 ) BTRC asks telcos to check call spoofing (prothomalo 2016) BTRC alerts mobile users to frauds (https://www.thedailystar.net 2016) bKash fraud gang members run amok (Observerbd.com 2018) Challenge in Telecom industry? FBI finds Philippine hackers Compromised AT&T network and used their phone systems to call others long distance phone number. AT&T losses of up to $2.0 million (November 2011) Massive DDoS attacks a growing threat to a VoIP service. It crashes TelePacific VoIP system. Average 34 million SIP traffic VoIP connections requests in 1 day and flooding their systems (March 2011)
  • 3. IP-Telephony Service scenario in Bangladesh Who is used 1.Indevisual person 2. Bank and financial institute 3. University 4. Airline industry 5.Ecommarce site 6. others 24 active IPTSP (Sipix.bdix.net) Technology used 1. IP Phone 2. Callcenter 3. IP-PABX 4. Hosted service
  • 4. Fact of VOIP business According to the Global Loss Survey 2013 of the communications Fraud Control Association (CFCA) Through illegal voice over internet protocol (VOIP) Bangladesh government yearly losses tk130 billion revenue annually (dailyasianage.com 2017) The global telecom industry annual losses of $46.3 Billion due to toll fraud
  • 5. Abuse Methods in telecom industry 12.00% 10.00% 10.00% 7.00% 6.00% 0.00% 2.00% 4.00% 6.00% 8.00% 10.00% 12.00% 14.00% PBX Hacking Subscription Fraud VoIP Hacking Dealer Fraud Identity Theft Top 5 Emerging Fraud Methods Communications Fraud Control Association survey report
  • 6. So Security is utterly eminent indispensable
  • 7. What is sip trunk? Session Initiation Protocol (SIP)  Controls multimedia communication sessions such as voice, instant messaging, video, etc.  Many types of devices - computers, phones, video equipment, etc. - can exchange data over SIP  SIP is considered a quality protocol with flexibility to support integrated voice & data communications SIP Trunk  Virtual voice channels (or paths) over an Internet Protocol (IP) network  One SIP trunk can support many direct inward dial (DID) extensions
  • 9. What is SBC? Session Border Controller A Session Border Controller (SBC) is a dedicated hardware device or application that governing calls on a VOIP network. It’s allowing only authorized session pass through the connecting point.
  • 10. Which Reasons you need to SBC? Session Control Security Interoperability Demarcation Call admission control, routing, Billing, NAT Encryption, Authentication, Policy, Firewall , VoIP Fraud SIP -SIP,-1 H323-sip, DTMF relay and interworking, Voice Transcoding Fault Isolation, Topology Hiding, Session Border
  • 11. Session Control  Check available Bandwidth  Call limit set  Policy
  • 12. Session Control • Class 4 rouging: • Internal Routed database • Load share Database • Priority routing • Lest cost routing • Or custom routing • Radius AAA • Authentication, Authorization, • Accounting Billing and Routing
  • 13. • Session troubleshooting • Live call analysis • Call test • Call recording • Live wireshark analysis Session Control
  • 14. Block sip port trunk not registered Open port trunk registered and hacker make money SBC Protect The Attack SBC protect your traffic Security Demarcation
  • 15. SBC Security Threat Protection Sip firewall IP firewall SBC Intrusion Detection Sip rate limit UDP Threats UDP Flood RTP Threats RTP spoofing SIP Threats SIP Invite spoof IP Threat IP Spoofing ICMP Threat ICMP flood TCP Threat Scan attack– TCP port Log or block failed sip request Block service Allow service SBC has been pre- configured with a set of known attacks Prevent DOS type attack If limit cross Dynamic block IP
  • 16. Firewalls Comparison SBCs vs. Firewalls • Back-to-back user agent • Fully state-aware at  layers 2-7  Inspects and modifies any application layer header info (SIP, SDP, etc.)  Can terminate, initiate,  re-initiate signaling & SDP  Static & dynamic ACLs • Maintains single session • Fully state-aware at  layers 3 & 4 only  Inspects and modifies only application layer addresses (SIP, SDP, etc.)  Unable to terminate, initiate, re- initiate signaling & SDP  Static ACLs only SBC
  • 17. SBCE AdvancedFirewall IP-PBXIDS / IPS Layer 3 attack Layer 4 attack SBCE Standard OS attack Application attack SIP protocol fuzzing SIP denial of service/distributed denial of service SIP spoofing SIP advanced toll fraud (call walking, stealth attacks) Media Replication Signaling/Media Encryption Segment of VoIP Security
  • 18. SBC interoperability Connect every call Connect every call 1. Connect sessions even with miasmas 2. Less route retries call ASR increase 3. Connect session even no common codec 4. Establish more calls to improve ASR
  • 19. SBC Demarcation Demarcation 1. Fault Isolation and dynamic black list 2. Topology hiding
  • 20. SBC Cover your business size ? High capacity up to 60000 current session handle with media RTP Swift handle inbound and out bound call Minimize delay on call setup Reduce call drop
  • 21. Telephony Service Provider Future Diagram
  • 22.