The document discusses the critical role of Session Border Controllers (SBCs) in VoIP infrastructure. SBCs provide security, encryption, policy enforcement, call routing, SIP interoperability, media transcoding, and scalability. They terminate calls at network borders, hiding internal topology and providing a secure demarcation point between networks. Key functions include preventing denial of service attacks, toll fraud, and snooping of call details. SBCs allow interconnection of multi-vendor SIP devices and remote worker access while enforcing security policies. Examples of SBC use cases discussed are SIP trunking, remote workers, hosted PBX, Lync integration, and load balancing across SIP trunks.
VoIP security involves threats like denial of service attacks, eavesdropping, and quality of service issues. Best practices include using firewalls with application layer gateways or session border controllers, encrypting media and signaling, prioritizing bandwidth for VoIP, and restricting access to call managers through physical and logical security measures. NIST recommends logically separate networks, endpoint encryption, and avoiding vulnerabilities in softphones and wireless networks without encryption.
Internet2 National Video Conferencing Service: Getting ...Videoguy
The document provides an overview of Internet2's National Video Conferencing Service for end-users. It summarizes the presentation topics which include an overview of desktop and classroom video conferencing, H.323 protocol overview, ViDeNet overview, selecting the right client, account registration, dialing instructions, configuration, zones, point-to-point and multipoint calls, calling non-ViDeNet users, call forwarding, telephone gateways, MCU services, etiquette, and troubleshooting. It then provides more detail on the history of videoconferencing and an overview of the H.323 protocol.
Here is an advantage of Cloud PBX Over Onsite PBX
Easy Setup & Saves Call Cost
Multi-Channel Integration
Security and Reliable
Back-up and Recovery
Real-Time Monitoring and Analysis
IP Multimedia Subsystems Overview - My Training on IMSInam Khosa
This document provides a summary of an presentation on IP Multimedia Subsystem (IMS). It discusses:
- The evolution of 2G, 2.5G, and 3G mobile networks and the birth of IMS as a new architecture.
- IMS allows support for IP-based interactive multimedia services with QoS guarantees across both circuit-switched and packet-switched networks.
- IMS standardization is led by 3GPP and uses SIP, Diameter, and COPS protocols. The presentation covers IMS components, architecture, services control model, and functions.
Carrier grade wi fi integration architectureSatish Chavan
The document discusses Wi-Fi technology, including its use of radio waves to connect devices to wireless access points and the internet. It describes how users connect to open Wi-Fi networks in public places like airports and cafes. It also discusses security measures for Wi-Fi like WEP, WPA, and WPA2 encryption, and notes that while Wi-Fi is convenient, it is more vulnerable to attacks than wired connections.
The document provides an overview of IMS (IP Multimedia Subsystem), including its history, architecture, layers, benefits, and relationship to SIP (Session Initiation Protocol). IMS allows convergence of voice, video, and data over an IP-based network using SIP and other IETF protocols. It has a service plane for applications, a control plane for session management, and a media plane for transport.
This document provides an overview and update on AudioCodes session border controller (SBC) products. It summarizes that AudioCodes is a market leader in SBCs, with the fastest growing market share. It highlights key SBC products like the Mediant 9000 and features such as advanced routing management, global partner strategy, and a comprehensive product portfolio. The document aims to showcase AudioCodes' SBC technology and momentum in the enterprise voice and data market.
Ribbon Communications provides network infrastructure solutions including switching networks, cloud communications, security, and analytics. The document discusses Ribbon's products and leadership position in areas like VoIP switching, session border controllers, and media gateways. It then summarizes Ribbon's C15 softswitch product, including its architecture and features for service providers. The C15 can be used with Ribbon's KANDY cloud services to provide both basic and advanced hosted communications capabilities.
VoIP security involves threats like denial of service attacks, eavesdropping, and quality of service issues. Best practices include using firewalls with application layer gateways or session border controllers, encrypting media and signaling, prioritizing bandwidth for VoIP, and restricting access to call managers through physical and logical security measures. NIST recommends logically separate networks, endpoint encryption, and avoiding vulnerabilities in softphones and wireless networks without encryption.
Internet2 National Video Conferencing Service: Getting ...Videoguy
The document provides an overview of Internet2's National Video Conferencing Service for end-users. It summarizes the presentation topics which include an overview of desktop and classroom video conferencing, H.323 protocol overview, ViDeNet overview, selecting the right client, account registration, dialing instructions, configuration, zones, point-to-point and multipoint calls, calling non-ViDeNet users, call forwarding, telephone gateways, MCU services, etiquette, and troubleshooting. It then provides more detail on the history of videoconferencing and an overview of the H.323 protocol.
Here is an advantage of Cloud PBX Over Onsite PBX
Easy Setup & Saves Call Cost
Multi-Channel Integration
Security and Reliable
Back-up and Recovery
Real-Time Monitoring and Analysis
IP Multimedia Subsystems Overview - My Training on IMSInam Khosa
This document provides a summary of an presentation on IP Multimedia Subsystem (IMS). It discusses:
- The evolution of 2G, 2.5G, and 3G mobile networks and the birth of IMS as a new architecture.
- IMS allows support for IP-based interactive multimedia services with QoS guarantees across both circuit-switched and packet-switched networks.
- IMS standardization is led by 3GPP and uses SIP, Diameter, and COPS protocols. The presentation covers IMS components, architecture, services control model, and functions.
Carrier grade wi fi integration architectureSatish Chavan
The document discusses Wi-Fi technology, including its use of radio waves to connect devices to wireless access points and the internet. It describes how users connect to open Wi-Fi networks in public places like airports and cafes. It also discusses security measures for Wi-Fi like WEP, WPA, and WPA2 encryption, and notes that while Wi-Fi is convenient, it is more vulnerable to attacks than wired connections.
The document provides an overview of IMS (IP Multimedia Subsystem), including its history, architecture, layers, benefits, and relationship to SIP (Session Initiation Protocol). IMS allows convergence of voice, video, and data over an IP-based network using SIP and other IETF protocols. It has a service plane for applications, a control plane for session management, and a media plane for transport.
This document provides an overview and update on AudioCodes session border controller (SBC) products. It summarizes that AudioCodes is a market leader in SBCs, with the fastest growing market share. It highlights key SBC products like the Mediant 9000 and features such as advanced routing management, global partner strategy, and a comprehensive product portfolio. The document aims to showcase AudioCodes' SBC technology and momentum in the enterprise voice and data market.
Ribbon Communications provides network infrastructure solutions including switching networks, cloud communications, security, and analytics. The document discusses Ribbon's products and leadership position in areas like VoIP switching, session border controllers, and media gateways. It then summarizes Ribbon's C15 softswitch product, including its architecture and features for service providers. The C15 can be used with Ribbon's KANDY cloud services to provide both basic and advanced hosted communications capabilities.
This case study showcases Mistral’s capability in designing a flexible
and easy to upgrade VoIP Radio Gateway solution, interoperable with
all types of radio communications including conventional radios,
TETRA and TETRAPOL terminals. This IP Radio Gateway solution is
an exclusive and protected design for Mistral’s European customer,
Amper.
This document provides an overview of the IP Multimedia Subsystem (IMS) standards and architecture. It discusses the evolution from 2G to 3G/4G mobile networks and the integration of IMS. The key components of IMS are described including the Call Session Control Function (CSCF), Home Subscriber Server (HSS), Application Servers (AS), Media Resource Functions (MRF), and Breakout Gateway Control Function (BGCF). Registration and call flow examples are provided to illustrate IMS signaling. Approaches to migrating existing networks to IMS are also summarized.
IMS is an architectural framework that uses SIP to deliver IP multimedia services to mobile users. It consists of common core elements, enablers, and support systems arranged in three layers. The control layer contains various nodes that handle signaling and session management, including the P-CSCF for access, I-CSCF for routing, and S-CSCF for authentication and services.
One of the most widely observed fraud scenarios is the case of a malicious user detecting the address of a PSTN gateway and accessing that gateway directly. Once the attacker has managed to access the gateway the attacker can start selling telephony minutes through that
gateway.
The ABC SBC establishes a secure border between the VoIP service provider’s core VoIP components–e.g., PSTN gateway, SIP proxy and application servers- and the subscribers. As the border element, the ABC SBC hides the details of the operator’s network from subscribers
and absorbs any attacks and sudden spikes in the subscriber traffic. Further, the mediation features of the ABC SBC shield the operator’s network from malfunctioning user agents and any interoperability issues.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
44Con 2014: GreedyBTS - Hacking Adventures in GSMiphonepentest
This presentation examines insecurities in the 2.5G GSM protocol and demonstrates GreedyBTS; a platform for fingerprinting and exploiting cellular devices, including interception of SMS and voice data.
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic44CON
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
There are over 2.9 BILLION subscribers on GSM networks today. How many of these subscribers are susceptible to trivial attacks that can leave phone calls, text messages and web surfing habits accessible to an attacker? This talk intends to discuss the reasons why GSM networks are still vulnerable today and demonstrate attack tools that might make you re-think how you handle sensitive data via your phone. The presenter will discuss his own experience of analysing GSM environments and provide a demonstration of GreedyBTS which can be used to compromise a targets phone calls, messaging and web surfing habits. Mobile Phones will be harmed during this presentation.
User location tracking attacks for LTE networks using the Interworking Functi...Siddharth Rao
This document discusses how location tracking attacks can be carried out in LTE networks using the Interworking Functionality (IWF). It summarizes that while LTE offers good security on the air interface, the Diameter protocol is as insecure as SS7 when it comes to location disclosure attacks. The document shows how SS7 attacks can be ported to LTE/Diameter networks using IWFs, allowing an attacker to obtain a victim's IMSI and track their location down to the cell ID level. It concludes by recommending countermeasures like adhering to security standards and efficient filtering to prevent such IWF-based location tracking attacks.
PathTrak™ Video Monitoring System for Cable TVAndrew Tram
The document describes PathTrak, a video monitoring system that monitors video quality all the way to the RF edge. It discusses how most providers only monitor the backbone or content origination points, missing issues at the edge. PathTrak uses probes like the VSA and RSAM5800 to monitor MPEG streams and RF signals at the edge. This helps identify issues quickly without relying on customer complaints, reducing trouble tickets and churn.
The document provides an overview of videoconferencing basics, including what videoconferencing is, its benefits, how it is being used, common system components, and top manufacturers. It also discusses network connections, protocols, and different types of conferencing such as point-to-point, multipoint, webcasting, web conferencing, and audio conferencing.
Current trends and innovations in voice over IPALTANAI BISHT
Learn how to implement an open-source webrtc Click to dial or VOIP setup for their enterprises and also the new innovative add-on tech available for a basic VOIP system such as auto-attendants.
VoIP vs Telecom Providers
SIP Servers types
Open-source tool and technologies in VOIP
Opensip
Kamailio
Freeswitch
Media Handling
Webrtc
Machine learning in VoIP
Call Classifier
Fraud Detector
NLP and Auto attendants
VoIP to telecom bridging
The document provides recommendations for securing IP telephony systems, including:
- Establishing separate security zones and controlling traffic between zones
- Using firewalls and application layer gateways to control external connections
- Implementing layer 2 protections, authentication, encryption, and availability measures
- Protecting against denial of service attacks and securing physical infrastructure
- Recommending practices like device management, testing, and physical access controls
The FRAFOS ABC Session Border Controller combines secure border control, signaling mediation, call routing, and advanced media server applications. It provides a customizable and scalable solution for securing peering connections and subscriber access for VoIP and NGN operators. As an open platform, the ABC SBC can be adapted according to customer needs and deployed on various hardware sizes to accommodate performance requirements of operators of all sizes.
VoIP security: Implementation and Protocol Problemsseanhn
The document discusses vulnerabilities in VoIP implementations and protocols. It begins with an overview of finding bugs through fuzzing implementations and exploiting protocol issues. It then covers specific implementation bugs like buffer overflows that can be discovered through fuzzing VoIP software and protocols. Examples are provided of mutating SIP requests to crash VoIP phones through fuzzing. While hard phones are more difficult to exploit than softphones, they still have vulnerabilities through services like web servers that are open to various attacks.
VoIP allows for transmitting voice calls over TCP/IP networks instead of traditional circuit-switched networks. It started gaining popularity in the mid-1990s but had drawbacks due to lack of broadband. VoIP offers unlimited distance, lower costs, and uses standards-based protocols like H.323, SIP, and MGCP. Tadiran deployed VoIP across multiple sites globally using Universal Gateways and IP phones.
The proposed solution provides a secure and resilient network architecture for JVVNL that connects various offices to a centralized IT center and data center. Key elements include MPLS WAN connectivity with failover, network and application security appliances, load balancing, and link load balancing to ensure high availability of critical applications and data. Centralized management and monitoring is also included for effective oversight of IT projects and infrastructure.
This document discusses security issues related to Voice over Internet Protocol (VoIP). It begins by explaining what VoIP is and some of its early implementations. It then describes the basic protocols and protocol stacks used for VoIP signaling and sessions, including H.323, SIP, and RTP. The document outlines various roles in VoIP systems, such as administrators and operators. It identifies common attacks against VoIP networks like theft of service, man-in-the-middle attacks, IP spoofing, and denial-of-service attacks. It concludes that VoIP inherits security vulnerabilities from the Internet and that encryption, authentication, firewalls, and separating voice and data traffic are needed to secure VoIP networks.
The document provides an overview of videoconferencing technologies and standards. It discusses H.323 as the dominant standard, describing its components like gatekeepers, terminals, and multimedia algorithms. It also covers conferencing versus broadcasting, networking considerations like switches versus hubs, and challenges with firewalls and network address translation.
This document outlines a framework for conducting a security penetration test of the Diameter protocol. It describes the basic equipment needed, including virtual machines running Open Source Diameter software and penetration testing tools. It also discusses setting up simulated 4G network elements like the PCRF, HSS and MME to test Diameter in a more complete network environment. The goal is to identify vulnerabilities in Diameter by developing a taxonomy similar to one created for the SS7 protocol. This will provide much needed security analysis of the widely used Diameter protocol.
2014 innovaphone different protocols for different thingsVOIP2DAY
The document discusses various protocols used for unified communications, including H.323, SIP, H.460.17, ICE, DTLS-SRTP, and WebRTC. It summarizes the purpose and functionality of each protocol, how they enable connections through firewalls and NAT, and their advantages and disadvantages. WebRTC in particular allows for real-time communication within a web browser without plugins using HTML5 and JavaScript, establishing direct peer-to-peer connections through techniques like STUN and ICE.
This document summarizes a research paper on VoIP security. It discusses two important VoIP protocols, SIP and H.323, and analyzes their security features. It also defines new functionality for negotiating security mechanisms between SIP entities. Several security issues are identified for VoIP, such as denial of service attacks. Solutions to improve VoIP security include encryption at endpoints, using SRTP, better scheduling, and resolving NAT/IPsec incompatibilities.
An SBC provides security for VoIP networks by applying policies between trusted and untrusted networks like the Internet and private LAN. It protects against threats like denial of service attacks, toll fraud, and reconnaissance attacks by using features like intrusion prevention, rate limiting, and signature recognition. The SBC also enhances interoperability between different vendor systems and supports deployments in cloud environments.
This case study showcases Mistral’s capability in designing a flexible
and easy to upgrade VoIP Radio Gateway solution, interoperable with
all types of radio communications including conventional radios,
TETRA and TETRAPOL terminals. This IP Radio Gateway solution is
an exclusive and protected design for Mistral’s European customer,
Amper.
This document provides an overview of the IP Multimedia Subsystem (IMS) standards and architecture. It discusses the evolution from 2G to 3G/4G mobile networks and the integration of IMS. The key components of IMS are described including the Call Session Control Function (CSCF), Home Subscriber Server (HSS), Application Servers (AS), Media Resource Functions (MRF), and Breakout Gateway Control Function (BGCF). Registration and call flow examples are provided to illustrate IMS signaling. Approaches to migrating existing networks to IMS are also summarized.
IMS is an architectural framework that uses SIP to deliver IP multimedia services to mobile users. It consists of common core elements, enablers, and support systems arranged in three layers. The control layer contains various nodes that handle signaling and session management, including the P-CSCF for access, I-CSCF for routing, and S-CSCF for authentication and services.
One of the most widely observed fraud scenarios is the case of a malicious user detecting the address of a PSTN gateway and accessing that gateway directly. Once the attacker has managed to access the gateway the attacker can start selling telephony minutes through that
gateway.
The ABC SBC establishes a secure border between the VoIP service provider’s core VoIP components–e.g., PSTN gateway, SIP proxy and application servers- and the subscribers. As the border element, the ABC SBC hides the details of the operator’s network from subscribers
and absorbs any attacks and sudden spikes in the subscriber traffic. Further, the mediation features of the ABC SBC shield the operator’s network from malfunctioning user agents and any interoperability issues.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
44Con 2014: GreedyBTS - Hacking Adventures in GSMiphonepentest
This presentation examines insecurities in the 2.5G GSM protocol and demonstrates GreedyBTS; a platform for fingerprinting and exploiting cellular devices, including interception of SMS and voice data.
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic44CON
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
There are over 2.9 BILLION subscribers on GSM networks today. How many of these subscribers are susceptible to trivial attacks that can leave phone calls, text messages and web surfing habits accessible to an attacker? This talk intends to discuss the reasons why GSM networks are still vulnerable today and demonstrate attack tools that might make you re-think how you handle sensitive data via your phone. The presenter will discuss his own experience of analysing GSM environments and provide a demonstration of GreedyBTS which can be used to compromise a targets phone calls, messaging and web surfing habits. Mobile Phones will be harmed during this presentation.
User location tracking attacks for LTE networks using the Interworking Functi...Siddharth Rao
This document discusses how location tracking attacks can be carried out in LTE networks using the Interworking Functionality (IWF). It summarizes that while LTE offers good security on the air interface, the Diameter protocol is as insecure as SS7 when it comes to location disclosure attacks. The document shows how SS7 attacks can be ported to LTE/Diameter networks using IWFs, allowing an attacker to obtain a victim's IMSI and track their location down to the cell ID level. It concludes by recommending countermeasures like adhering to security standards and efficient filtering to prevent such IWF-based location tracking attacks.
PathTrak™ Video Monitoring System for Cable TVAndrew Tram
The document describes PathTrak, a video monitoring system that monitors video quality all the way to the RF edge. It discusses how most providers only monitor the backbone or content origination points, missing issues at the edge. PathTrak uses probes like the VSA and RSAM5800 to monitor MPEG streams and RF signals at the edge. This helps identify issues quickly without relying on customer complaints, reducing trouble tickets and churn.
The document provides an overview of videoconferencing basics, including what videoconferencing is, its benefits, how it is being used, common system components, and top manufacturers. It also discusses network connections, protocols, and different types of conferencing such as point-to-point, multipoint, webcasting, web conferencing, and audio conferencing.
Current trends and innovations in voice over IPALTANAI BISHT
Learn how to implement an open-source webrtc Click to dial or VOIP setup for their enterprises and also the new innovative add-on tech available for a basic VOIP system such as auto-attendants.
VoIP vs Telecom Providers
SIP Servers types
Open-source tool and technologies in VOIP
Opensip
Kamailio
Freeswitch
Media Handling
Webrtc
Machine learning in VoIP
Call Classifier
Fraud Detector
NLP and Auto attendants
VoIP to telecom bridging
The document provides recommendations for securing IP telephony systems, including:
- Establishing separate security zones and controlling traffic between zones
- Using firewalls and application layer gateways to control external connections
- Implementing layer 2 protections, authentication, encryption, and availability measures
- Protecting against denial of service attacks and securing physical infrastructure
- Recommending practices like device management, testing, and physical access controls
The FRAFOS ABC Session Border Controller combines secure border control, signaling mediation, call routing, and advanced media server applications. It provides a customizable and scalable solution for securing peering connections and subscriber access for VoIP and NGN operators. As an open platform, the ABC SBC can be adapted according to customer needs and deployed on various hardware sizes to accommodate performance requirements of operators of all sizes.
VoIP security: Implementation and Protocol Problemsseanhn
The document discusses vulnerabilities in VoIP implementations and protocols. It begins with an overview of finding bugs through fuzzing implementations and exploiting protocol issues. It then covers specific implementation bugs like buffer overflows that can be discovered through fuzzing VoIP software and protocols. Examples are provided of mutating SIP requests to crash VoIP phones through fuzzing. While hard phones are more difficult to exploit than softphones, they still have vulnerabilities through services like web servers that are open to various attacks.
VoIP allows for transmitting voice calls over TCP/IP networks instead of traditional circuit-switched networks. It started gaining popularity in the mid-1990s but had drawbacks due to lack of broadband. VoIP offers unlimited distance, lower costs, and uses standards-based protocols like H.323, SIP, and MGCP. Tadiran deployed VoIP across multiple sites globally using Universal Gateways and IP phones.
The proposed solution provides a secure and resilient network architecture for JVVNL that connects various offices to a centralized IT center and data center. Key elements include MPLS WAN connectivity with failover, network and application security appliances, load balancing, and link load balancing to ensure high availability of critical applications and data. Centralized management and monitoring is also included for effective oversight of IT projects and infrastructure.
This document discusses security issues related to Voice over Internet Protocol (VoIP). It begins by explaining what VoIP is and some of its early implementations. It then describes the basic protocols and protocol stacks used for VoIP signaling and sessions, including H.323, SIP, and RTP. The document outlines various roles in VoIP systems, such as administrators and operators. It identifies common attacks against VoIP networks like theft of service, man-in-the-middle attacks, IP spoofing, and denial-of-service attacks. It concludes that VoIP inherits security vulnerabilities from the Internet and that encryption, authentication, firewalls, and separating voice and data traffic are needed to secure VoIP networks.
The document provides an overview of videoconferencing technologies and standards. It discusses H.323 as the dominant standard, describing its components like gatekeepers, terminals, and multimedia algorithms. It also covers conferencing versus broadcasting, networking considerations like switches versus hubs, and challenges with firewalls and network address translation.
This document outlines a framework for conducting a security penetration test of the Diameter protocol. It describes the basic equipment needed, including virtual machines running Open Source Diameter software and penetration testing tools. It also discusses setting up simulated 4G network elements like the PCRF, HSS and MME to test Diameter in a more complete network environment. The goal is to identify vulnerabilities in Diameter by developing a taxonomy similar to one created for the SS7 protocol. This will provide much needed security analysis of the widely used Diameter protocol.
2014 innovaphone different protocols for different thingsVOIP2DAY
The document discusses various protocols used for unified communications, including H.323, SIP, H.460.17, ICE, DTLS-SRTP, and WebRTC. It summarizes the purpose and functionality of each protocol, how they enable connections through firewalls and NAT, and their advantages and disadvantages. WebRTC in particular allows for real-time communication within a web browser without plugins using HTML5 and JavaScript, establishing direct peer-to-peer connections through techniques like STUN and ICE.
This document summarizes a research paper on VoIP security. It discusses two important VoIP protocols, SIP and H.323, and analyzes their security features. It also defines new functionality for negotiating security mechanisms between SIP entities. Several security issues are identified for VoIP, such as denial of service attacks. Solutions to improve VoIP security include encryption at endpoints, using SRTP, better scheduling, and resolving NAT/IPsec incompatibilities.
An SBC provides security for VoIP networks by applying policies between trusted and untrusted networks like the Internet and private LAN. It protects against threats like denial of service attacks, toll fraud, and reconnaissance attacks by using features like intrusion prevention, rate limiting, and signature recognition. The SBC also enhances interoperability between different vendor systems and supports deployments in cloud environments.
GENBAND has implemented a multi-layer security architecture and threat mitigation solution using session border controllers to protect VoIP networks from security vulnerabilities like denial of service attacks, theft of service, and others. The solution uses deep packet inspection, access control, topology hiding, and other methods at the network, session, and application layers to detect and prevent a wide range of threats. It can process traffic at wire speeds even during attacks to minimize disruption.
The document provides an overview of Voice over IP (VoIP) including its benefits and requirements. VoIP allows phone calls to be made over an IP network like the internet rather than the traditional public switched telephone network. It provides benefits like reduced costs and integrated services. However, deploying VoIP requires addressing requirements around services, quality of service, security, billing and network interconnection to provide equivalence to the PSTN. The document also discusses protocols used for VoIP like OSI and layers of the OSI model.
The document discusses session border controllers (SBCs) which are emerging technologies that allow voice over IP (VoIP) networks to securely interconnect. SBCs address critical issues like security, service quality assurance, and law enforcement needs at network borders. They act as an intelligent demarcation point between IP networks, controlling signaling and media to authenticate users, manage resources, and enable new revenue-generating communication services like voice and video calls across network borders. The document outlines the applications of SBCs and how they help solve problems that have isolated VoIP networks, securing infrastructure and maximizing existing investments for service providers.
Session Border Controllers presontation by Jonathan Richards - VON 2005
SBCs control real-time session traffic at the signaling, call-control, and packet layers as they cross a packet-to-packet network border between networks or between network segments
SBCs are critical to the deployment of VOIP networks because they address the inability of real-time session traffic to cross network address translation (NAT) device or firewall boundaries
ACME- Session Border Controllers – podstawa udanych i efektywnych implementac...Biznes to Rozmowy
SBCs (Session Border Controllers) are the key to successful VoIP deployments. An SBC overcomes obstacles like securing borders, fixing protocol issues, and assuring session quality. For SIP trunking, an enterprise SBC provides security, interoperability with different PBX systems, control over routing and numbers, and features for disaster recovery, troubleshooting and monitoring. Case studies show how SBCs help financial, government and oil/gas companies reduce costs through SIP trunking while ensuring security, interoperability and quality of service.
VoIp Security Services Technical Description Cyber51martinvoelk
The document describes a VoIP penetration testing service that involves 4 phases: reconnaissance through footprinting, scanning and enumerating VoIP devices on a network; vulnerability analysis using automated tools; exploiting vulnerabilities through various techniques like denial of service attacks and session hacking; and a final reporting phase that provides an executive summary and detailed technical report on findings and recommendations.
ALOE Transit SBC is a session border controller that combines security, media management, and transcoding services in a single, highly scalable software platform. The product can be easily deployed in complex network structures and features network topology hiding and distributed architecture, which makes the network less vulnerable to malicious attacks.
The document discusses how multi-service business gateways can secure enterprise VoIP networks by addressing various security threats. It outlines four categories of security threats to VoIP systems: network level threats, media threats, communication session threats, and application level threats. It then provides examples of network level threats like denial of service attacks and solutions like firewalls and VPNs. It also discusses securing RTP media by encrypting payloads and verifying integrity through hashing. Finally, it outlines how session border controllers within the business gateways can help secure communication sessions by preventing man-in-the-middle attacks and unauthorized session attempts through measures like encryption, access control lists, infrastructure hiding, and monitoring.
Securing the Future Safeguarding 5G Networks with Advanced Security Solutions...SecurityGen1
With the advent of 5G technology, the complexity of network security has increased exponentially. To address this challenge, specialized 5G security services have emerged to provide tailored solutions to protect your network infrastructure. These services encompass a range of offerings, including threat intelligence, risk assessment, firewall management, intrusion detection, and incident response. 5G security services go beyond traditional security measures, taking into account the unique characteristics of 5G networks such as virtualization, network slicing, and edge computing.
Elevate Safety with Security Gen: Unraveling the Power of Signaling SecuritySecurityGen1
The document provides security practices and protocols for protecting 5G networks against threat vectors. It discusses business and organizational challenges, including aligning security with business objectives. It also covers technical considerations like threats specific to 5G architectures and reusing older technologies in 5G. General recommendations include taking a holistic inspection, detection and protection approach to securing networks.
SecurityGen's Pioneering Approach to 5G Security ServicesSecurityGen1
SecurityGen takes a pioneering stance in the realm of 5G security, offering services that redefine the standards of digital protection. Our user-friendly solutions are meticulously crafted to address the unique challenges posed by the 5G landscape. SecurityGen's 5G Security Services encompass real-time threat monitoring, encryption protocols, and adaptive defense mechanisms to keep your network secure in the face of sophisticated cyber threats. By choosing SecurityGen, businesses can embark on their 5G journey with peace of mind, knowing that they have a reliable partner dedicated to staying ahead of the curve in cybersecurity.
Protecting Your Text Messages: SecurityGen's SMS Fraud Detection SolutionsSecurityGen1
In a world where communication via text messages is integral to our daily lives, SMS fraud has become a growing concern. That's where SecurityGen comes into play. Our state-of-the-art SMS fraud detection technology is designed to safeguard your mobile communications. Using advanced algorithms and real-time analysis, SecurityGen's solution identifies and blocks fraudulent SMS messages, protecting you from phishing scams, malware, and other security threats.
A Comparison of Four Series of CISCO Network Processorsaciijournal
Network processors have created new opportunities by performing more complex calculations. Routers
perform the most useful and difficult processing operations. In this paper the routers of VXR 7200, ISR
4451-X, SBC 7600, 7606 have been investigated which their main positive points include scalability,
flexibility, providing integrated services, high security, supporting and updating with the lowest cost, and
supporting standard protocols of network. In addition, in the current study these routers have been
explored from hardware and processor capacity viewpoints separately.
A Comparison of Four Series of CISCO Network Processorsaciijournal
Network processors have created new opportunities by performing more complex calculations. Routers
perform the most useful and difficult processing operations. In this paper the routers of VXR 7200, ISR
4451-X, SBC 7600, 7606 have been investigated which their main positive points include scalability,
flexibility, providing integrated services, high security, supporting and updating with the lowest cost, and
supporting standard protocols of network. In addition, in the current study these routers have been
explored from hardware and processor capacity viewpoints separately.
A Comparison of Four Series of CISCO Network Processorsaciijournal
Network processors have created new opportunities by performing more complex calculations. Routers perform the most useful and difficult processing operations. In this paper the routers of VXR 7200, ISR 4451-X, SBC 7600, 7606 have been investigated which their main positive points include scalability,
flexibility, providing integrated services, high security, supporting and updating with the lowest cost, and supporting standard protocols of network. In addition, in the current study these routers have been explored from hardware and processor capacity viewpoints separately
A COMPARISON OF FOUR SERIES OF CISCO NETWORK PROCESSORSaciijournal
This document compares four series of Cisco network processors: VXR 7200, SBC 7600, ISR 4451-X, and 7606. It summarizes the key features of each series, including their intended uses, processing power, speeds, supported services and protocols. A table compares the four series across features such as scalability, flexibility, security capabilities, processing power, speeds, and supported services. The document concludes that Cisco network processors provide high performance routing and switching solutions for various applications.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
2. 2SBC – The Critical Component
Table of Contents
SBC – The Critical Component of your VoIP Infrastructure.................. 3
»» Enter the SBC......................................................................................... 4
Functions............................................................................................................ 5
»» Security.................................................................................................... 5
• Denial of Service.............................................................................. 5
• Toll Fraud........................................................................................... 6
»» Encryption................................................................................................ 6
»» Policy......................................................................................................... 6
»» Call Routing............................................................................................. 6
»» SIP Interoperability................................................................................ 7
»» Media Transcoding................................................................................ 7
»» DTMF Detection/Generation............................................................... 8
»» Scalability................................................................................................. 8
Virtual SBC........................................................................................................ 8
Enterprise Use Cases..................................................................................... 9
»» SIP Trunking .......................................................................................... 9
»» Remote Worker...................................................................................... 9
»» Hosted PBX............................................................................................. 10
»» Lync SBC................................................................................................. 10
»» Load Balancer........................................................................................ 11
Conclusion......................................................................................................... 11
3. 3SBC – The Critical Component
Table of Diagrams
ƒƒ Figure 1: Typical SBC Deployment....................................................................................................5
ƒƒ Figure 2: The ITSP and corporate networks are each protected by an SBC.........................10
ƒƒ Figure 4: One SBC protects service provider, another protects the corporate customer...11
ƒƒ Figure 3: Remote workers with access to network, protected by SBC....................................11
ƒƒ Figure 5: SBC translates MS-SIP (TCP) to standard UDP SIP.................................................11
ƒƒ Figure 7: SBC protects VoIP network and provides load balancing across SIP trunks.......12
ƒƒ Figure 6: SBC built into Lync Express appliance...........................................................................12
4. 4SBC – The Critical Component
SBC – The Critical Component of your VoIP Infrastructure
Voice over internet protocol (VoIP) offers many operational cost, feature and flexibility advantages over the
incumbent telephone system, and is rapidly replacing the public switched telephone network (PSTN).
As the compelling advantages of VoIP drive an increasing number of businesses and organizations to switch
over to state-of-the-art telephony technology, the complexities and pitfalls of VoIP must be addressed.
Several issues arise when managing a VoIP system:
»» Security
»» Remote worker applications
»» Challenges of a complicated network
»» SIP interoperability/multi-vendor/bring your own device
The existing security features of a network can make the enabling of media and signal flow between communica-
tion endpoints technically challenging. Special measures are required to overcome the obstacles of network
security features.
Corporate networks are becoming ever more complicated, due to security issues and by the variety of interoperat-
ing devices. Telecommuter applications require remote access, further complicating security issues. Meanwhile,
the rise of UC (Unified Communications) means a greater variety of media, including a growing use of video
and other rich communication media.
But new systems have new and sometimes unfamiliar or unknown vulnerabilities. Traditional communications
via PRI lines may be limited, but they are remarkably reliable and fairly secure in most parts of the world.
When a business switches to VoIP and unified communications, a very high degree of security and reliability is
expected. These systems however, are not inherently as secure as their TDM counter parts. Additional network
elements are required to achieve the expected characteristics.
While it is true that networks are getting more complicated, it is also true that the equipment to manage the
network is getting more sophisticated. This is good news for organizations that care about both their ability to
manage the network, and the security of their data and communications systems.
ENTER THE SBC
The Session Border Controller (SBC) provides a number of services that make a VoIP/UC system more secure
and better able to integrate SIP-based equipment from a variety of vendors.
Let’s first look at what “session border controller” means. The session border controller manages both media
and signalling streams.
Each session consists of the collection of signalling and media streams that connect one party to another. A
session works in only one direction, so two sessions are required for a two-way phone conversation1
.
5. 5SBC – The Critical Component
For example, a two way telephone conversation would consist of two sessions, each containing a signaling
channel and a voice channel. A video session may consist of a signalling channel, an audio channel and a video
channel. The situation for conferences may be more complicated, depending on how the conference is set up.
The border is the demarcation point between two networks, such as LAN and Internet, or sections of a network,
such as segments in a very large and segregated corporate network.
A controller is required to manage routing, taking into account the topology of the network, traversing firewalls,
and managing Quality of Service (QoS). The routing equipment controls how traffic flows through the network.
If properly configured, routers will use the ToS/DSCP/DiffServ fields in the IP header to make routing decisions.
It is up to the SBC to properly set these fields for each packet.
An SBC can also manage multiple SIP trunks, including load balancing, congestion avoidance and fail-over.
1
Technically, a two-way conversation requires two sessions. However, most SBC specifications use the term session and call interchangeably.
Figure 1: Typical SBC Deployment
6. 6SBC – The Critical Component
Functions
The session border controller fills a number of important rolls in delivering VoIP services to a local network,
including:
»» Security
»» Encryption
»» Policy
»» Call routing
»» SIP interoperability
»» Media transcoding
»» DTMF detection/generation
»» Scalability
Each of the above points is discussed in greater detail below.
SECURITY
One of the roles of an SBC is to provide a layer of security to prevent the VoIP system from becoming a point
of entry for hackers or toll fraudsters. It must also smoothly route calls through existing security systems on the
network.
The SBC terminates each call on one side of the network and re-originates the call on the other side. This
approach allows the SBC to maintain complete control over every call, and to dynamically manage security.
This hides network topology and presents a brick wall for would-be hackers intent on entering the network. VoIP
does not present a security risk when properly managed by an SBC.
As SIP messages work their way through the network, each node adds its own ‘via’ field to every packet. Packets
will probably pass through a PBX for example. By the time the SIP packet leaves the network, a series of ‘via’
fields shows the route the SIP message has taken. This reveals the structure of the network behind the firewall
to the outside world. Such information can help hackers break a network.
The SBC removes all accumulated ‘via’ fields from each packet, and replaces them with a single ‘via’ field
from the SBC, making outside SIP messages appear to have originated from the SBC. This hides the network
structure from the outside world.
NAT transversal functions are used to navigate the NAT firewalls that protect typical corporate networks. The
SBC opens a pinhole (single port) in the firewall for the duration of the call and performs port remapping to
transfer signalling and media packets between the corporate network and internet.
As BYOD (Bring Your Own Device) becomes more popular, the security flaws that can come with BYOD grow.
Smart phones may have apps installed which present a security threat. For example, the owner may download
a game, which is really a Trojan horse designed to steal bandwidth from the network. By analysing typical traffic
versus rogue VoIP traffic, the damage from such Trojans can be controlled.
• Denial of Service
A denial of service (DoS) attack is a common way for hackers to attempt to disrupt service. DoS can be
detected by measuring the traffic volume from each source, and blocking unusual patterns at the kernel
level. This approach reduces the load on the SBC so that the network can operate normally during an attack.
7. 7SBC – The Critical Component
Malformed packet attack (fuzzing) is an alternate form of DoS attack. The assailant attempts to bring down
the service by sending malformed packets to the VoIP system in an attempt to break the SIP stack. The
SBC detects malformed packets and blocks them. The IT manager can also configure the SBC to block any
IP address that generates malformed packets.
The SBC can deploy other security features as well. Call access control limits the number of concurrent calls
each customer can have. SIP registration security detects when too many wrong passwords are attempted
within a given time. Known hacker user agents can be blocked.
• Toll Fraud
Toll fraud on VoIP networks is a growing problem. Toll fraud has shifted from an activity individuals undertake
to make free long distance calls across the conventional phone network, to an activity carried out by more
organized groups who steal minutes from unsecured corporate VoIP networks and resell them to their
customers. Even the smallest PBX can be hacked and used to rack up bills of tens of thousands of dollars
for unauthorized calls in a single month.
ENCRYPTION
Encrypted voice channels are required to prevent eavesdropping as voice packets travel public networks. It
also serves the purpose of authenticating endpoints. The standard approach is to use Transport Layer Security
(TLS) and Secure Real-Time Transport Protocol (SRTP) to protect signalling and voice channels respectively.
Sangoma uses a hardware-based transcoding system to apply encryption. This frees the server to handle an
increased call volume, allowing economical use of the SBC server for high call volumes while still providing
voice encryption.
POLICY
Unauthorized use of the company VoIP services can be controlled by putting appropriate policies in place.
These are managed by the SBC.
Only allowing calls between known SIP endpoints allows remote workers to access the VoIP system with a SIP
phone, but prevents hackers from gaining access with an unregistered SIP phone or user agent.
An integrated security library looks for patterns, such as excessive long distance calls when the office is closed.
CALL ROUTING
Basic call routing directs each phone call so that it arrives at the intended endpoint.
The flexibility of an XML-based routing file and the ability to query an internal or external database adds additional
flexibility and capabilities.
Routing rules are applied to each SIP message, based on variables such as time of day; any of the variables found
in the SIP header, including originating number and destination number; and SS7 parameters, if encapsulated
in the SIP message.
For organizations that are using multiple SIP providers, the SBC can provide least cost routing and load balancing
across trunks.
8. 8SBC – The Critical Component
The SBC can also route around network congestion by rerouting calls when the message returned by a SIP
invite indicates that the message cannot be processed.
SIP INTEROPERABILITY
Although SIP is considered a standard, it is an extremely flexible protocol leading to tremendous variation. One
SIP-enabled device does not necessarily interoperate correctly with another.
One of the major benefits of an SBC is that it allows different devices with varied codecs and SIP protocol
flavours to interconnect. This enables multi-vendor systems to operate smoothly and leaves the door open for
future equipment to work seamlessly with the current infrastructure.
SIP headers can be modified by the SBC to ensure compatibility between disparate devices. In some cases,
equipment such as a phone may add certain SIP headers that other equipment, such as a softswitch, cannot
recognize. The SBC can remove these headers to avoid confusing incompatible hardware. SIP header modi-
fication can also be used to add extensibility, enabling custom features such as accounting, integration with a
specific PBX application, call recording and more.
MEDIA TRANSCODING
Transcoding is necessary to allow incompatible media types to cross the barrier between disparate devices, and
to allow optimal use of available network bandwidth. For example, if bandwidth is not an issue and high quality
is desired, G.722.1 is a good audio codec option. On the other hand, if bandwidth is constrained or expensive,
G.729 is a better choice. In a conference scenario there may be a mixture of codecs, depending on endpoint
equipment and individual connections. Transcoding allows a mix of codecs to work together seamlessly.
A variety of approaches are available to undertake media transcoding. Each approach has its pros and cons.
The approach taken by different manufacturers varies according to their philosophy.
Transcoding can be done entirely in software. This is flexible and can reduce capital costs, but it is CPU-intensive,
leading to a lower call-handling capacity on the SBC.
A hardware-based transcoding approach can be used, with the transcoding hardware installed in the server.
If located in the server, the footprint is reduced, but limited space in the server may restrain the number of
concurrent calls the SBC can handle.
A third approach is to use externally located transcoding hardware, situated on the network at nearby or distant
locations. This is more expandable than when installed in the server cabinet, but requires a bigger footprint and
additional expense for enclosures, rack space, power supplies, etc.
Sangoma is the only manufacturer to offer the choice of any of these three approaches. The most appropriate
configuration can be chosen depending on specific needs, and can be changed as additional capacity is required.
For example, additional transcoding hardware can be purchased and added to the network as required. No
matter which approach is chosen, the solution benefits from Sangoma’s long history as a transcoding hardware
manufacturer.
9. 9SBC – The Critical Component
DTMF DETECTION/GENERATION
DTMF stands for Dual Tone Multi Frequency. Each key pad button on a phone is represented by a pair of
sinusoidal frequencies. This 1960’s era in-band signalling system is still in wide use today, both for legacy
phone handsets, and for interactive voice response (IVR) systems. The entrenchment of IVR systems insures
that DTMF will remain an important part of corporate telephone systems for the indefinite future.
The challenge with DTMF signalling on a VoIP network is that some codecs do not reliably transmit DTMF
tones due to the use of lossy bandwidth compression algorithms which are optimized for voice. While these
compression algorithms can transmit voice that is intelligible to human ears, the audio processed by some
codecs may remove some audio information so that DTMF tones cannot reliably be detected at the distant-end.
In these cases, it is necessary to detect DTMF tones on the close-end gateway, convert the audio into data, and
forward data packets representing the digits to the distant-end gateway. The distant-end gateway regenerates
the DTMF tones for the end-point to “hear”. RFC2833 tone relay is the standard method for handling this.
SCALABILITY
As the number of users and voice traffic grows, whether planned or not, the network infrastructure must grow to
accommodate greater capacity. Transcoding, protocol interworking and the basics of the SBC itself must scale
to manage an increased workload.
There are several approaches to this. One way might be to add additional SBCs to the network, and then load-
balance amongst them. While such measures may be required in some situations, a more granular control over
capacity is desirable so that issues with transcoding or interworking can be addressed separately, according to
which subsystem is approaching capacity.
Sangoma systems decouple transcoding and interworking from other SBC systems. While it is possible to
house these services in the same physical enclosure as the SBC, it is also possible to have external Sangoma
interworking and transcoding appliances to manage scaling.
Transcoding can be handled in increments of 250 – 400 simultaneous calls with the addition of D150 units.
These transcoders are simply plugged into the network via Ethernet connection, adding more simultaneous
call capacity to the network.
The SBC function can be scaled by virtualizing the software. For organizations with a solid virtual server
infrastructure, this approach is very appealing. Resources to a specific VM can be expanded and VoIP load
increases or additional VM-based SBCs can be installed.
10. 10SBC – The Critical Component
Virtual SBC
In the appliance version of a session border controller, customers buy a pre-packaged unit, including server,
software, and hardware-assisted transcoding. Sangoma offers the NetBorder SBC, suitable for 400 to 4,000
concurrent sessions, and 75 calls per second (CPS) for the carrier version. If less volume is required, the 10
CPS enterprise version may be more cost effective.
The virtual machine (VM) version is ideal in applications where a lower call rate (calls per second) is required and
the organization already has a VM infrastructure in place. In these cases, a VM installation can offer significant
savings in hardware capital and operating expenses, while providing the same fail-safe operation that is built
into the existing VM installation.
There is also a software version of the product, primarily intended for integration into other products on an OEM
basis.
Enterprise Use Cases
SIP TRUNKING
The SBC provides a defined demarcation point between the internet telephone service provider, and the
corporate network. It reduces interoperating issues between the ITSP (Internet Telephone Service Provider) and
their clients, saving core resources from attempting to handle interoperation. It can also handle transcoding as
needed. Each business also has an SBC for security and to reduce interoperating issues within their network.
Figure 2: The ITSP and corporate networks are each protected by an SBC.
11. 11SBC – The Critical Component
REMOTE WORKER
Allow access to authorized endpoints on remote worker premises. Eliminate interoperation and firewall issues
on corporate and remote worker networks, maintain security.
HOSTED PBX
The NetBorder SBC protects the internet telephone service provider’s network. It provides a defined demarcation
point, and reduces interoperability issues with the core. Transcoding can be provided if required. The business
also has an SBC to reduce interoperability issues and enhance network security.
LYNC SBC
Deployed in existing Lync environment:
Figure 4: One SBC protects service provider, another protects the corporate customer.
Figure 5: SBC translates MS-SIP (TCP) to standard UDP SIP.
Figure 3: Remote workers with access to network, protected by SBC.
12. 12SBC – The Critical Component
Add SBC and Lync functions with Sangoma Lync Express:
MS SIP is not compatible with non-Microsoft devices. Microsoft Lync uses a different transport protocol (TCP
instead of UDP). An SBC normalizes SIP protocol and translates transport protocol for compatibility between
endpoints.
The first illustration shows how an SBC can be deployed in an existing Lync environment. The second illustra-
tion shows how a Sangoma Lync Express appliance can be used to provide SBC functionality and key Lync
components.
LOAD BALANCER
Balance call load across multiple SIP trunk providers. Reroute calls in case a trunk fails or becomes congested.
Figure 7: SBC protects VoIP network and provides load balancing across SIP trunks.
Figure 6: SBC built into Lync Express appliance.
13. 13SBC – The Critical Component
ABOUT SANGOMA TECHNOLOGIES
Sangoma is a leading provider of hardware and software components that enable or en-
hance IP Communications Systems for both telecom and datacom applications. Enterpris-
es, SMBs and Carriers in over 150 countries rely on Sangoma’s technology as part of their
mission critical infrastructures. Through its worldwide network of Distribution Partners,
Sangoma delivers the industry’s best engineered, highest quality products, some of which
carry the industry’s first lifetime warranty. The product line in data and telecom boards for
media and signal processing, as well as gateway appliances and software.
Founded in 1984, Sangoma Technologies Corporation is publicly traded on the TSX Ven-
ture Exchange (TSX VENTURE: STC). Additional information on Sangoma can be found
at http://sangoma.com.
Conclusion
When an organization makes the switch from conventional phone lines to VoIP and SIP trunks, a session border
controller is highly recommended to allow VoIP calls to pass through the firewall, route VoIP traffic properly
across the network, and to enhance network security. The SBC ensures that VoIP does not become a security
issue in the network. The SBC also protects the network from potential security threats that BYOD (bring your
own device) policies could expose.
The SBC allows disparate devices to interwork seamlessly, even when those devices use different implementa-
tions of SIP.
The SBC can perform load balancing and fail over functions between SIP trunks. This allows an organization
to have multiple SIP trunk suppliers and increase the reliability of their phone service.
Meanwhile, VoIP service providers require an SBC to protect their network and correct SIP headers which may
not have been properly adjusted for proper routing at the client end.
The Session Border Controller is the critical component necessary to safely and effectively utilize SIP and SIP
trunks.