SlideShare a Scribd company logo

why-your-network-needs-an-sbc-guide.pdf

T
tardis2

Sangoma's commercial brochure - SBC

Engineering
1 of 18
Download to read offline
A Sangoma SBC Playbook Why Your Network Needs an SBC VoIP Security
Session Border Controllers by Sangoma Security Concepts Security Threats SBC Deployment & Use Examples 3 4 10 13
Field-upgradeable session expansion available Compatible with virtual environments Session Border Controllers by Sangoma As VoIP networks have become the de facto standard for modern business telecommunications, the number of threats and malicious actors have multiplied. Securing your VoIP network is more important now than ever before. To help support organizations as they tighten up the security of their VoIP networks, we’ve put together this guide to VoIP security, including plenty of general VoIP security information as well as some of the ways in which a Sangoma Session Border Controller (SBC) can enhance security and offer the highest level of protection for your VoIP network. Protects SMBs, enterprises, and service providers from VoIP threats Securely connects remote users to the corporate phone system without requiring a VPN connection Compatible with virtually all phone systems, including Sangoma's own Unified Communications (UC) solutions Session-based licensing with all features included Supports 5 - 4,000 simultaneous calls Browser-based GUI for easy configuration Hardware-based transcoding and media handling Provides business continuity, quality of service, interoperability, and more Annual support and maintenance plans available 3
4 Security Concepts: Security Starts with a Policy Security is the last requirement (if at all) addressed in too many deployments, when it should be the first and most important topic to be discussed. When planning or implementing a VoIP solution, make security a priority. Security breaches don’t come exclusively from the public Internet but may very well also come from within trusted networks, in the form of worms, trojans, and other malware. Although there are few widespread malware threats targeting VoIP— don’t rule it out! Internal breaches can come from misconfiguration and unattended devices. Remember, IP networks are open—if someone knows your IP address, they can communicate with it. An SBC has the ability to apply a tremendous amount of security policies for VoIP and IP networks. SBCs enable IT Administrators to enhance their overall security solution with a device that leads in VoIP security. Internet LAN ITSP
Trusted and Untrusted Networks A common security concept we encounter every time we connect a device to a network is deciding whether the network is trusted or untrusted. For example, whenever you take your laptop into a coffee shop for the first time and use their open Wi-Fi connection, you’re typically prompted to define the network zone to which you are connecting, whether it be home, work, or public. Depending on what’s selected, the appropriate security settings are enabled. In the context of VoIP and IP networking, trusted and untrusted zones are defined by where the security control devices are located. Firewalls are typically used as an IP network control point, and SBCs are used as VoIP control points. It is important to place an SBC between trusted and untrusted IP networks to provide security policies and ensure that each network does not have a direct connection. The Internet is the most untrusted IP network, and even private WAN IP networks should be considered untrusted for the security of the enterprise trusted LAN network. 5 Internet Carrier WAN LAN Untrusted Network Trusted Network
End of Geography With respect to traditional TDM technology, security issues such as toll fraud, intrusion of services, and eavesdropping are about point of presence. To listen in on someone’s telephone line, the malicious person needs to be physically located beside the line. This changes with Voice over Internet Protocol (VoIP). The Internet is an “open” system. If someone knows your IP address, they can get to it. Similarly, if someone knows the path you are taking, they may be able to get in the middle of the path and intercept data. This holds true for both public traffic as well as private traffic, independently. No longer does someone need to be physically beside the equipment to tamper or breach the security of the equipment. Security breaches can come from anywhere, private or public networks. To minimize the threat, one can enable VoIP security and routing policies on their IP network using an SBC—which will provide a Network Address Translation (NAT) firewall along with Intrusion Defense Systems (IDS) or Intrusion Prevention Systems (IPS). 6 Internet LAN ITSP
Rate Limiting In order to protect servers from overload and DoS attacks, enterprises may limit the amount of calls to or from a specific peer or device, either by the number of new calls within a given period, by the overall limit of concurrent calls, or both. The method for Rate Limiting on SIP is to determine the number of INVITEs or new calls that the SBC is going to allow to traverse through to the VoIP servers. This is beneficial when wanting to restrict the number of new calls presented in a given period of time. Concurrent Session Limiting is used on the SBC to limit the number of overall concurrent calls. This policy limits the overall call capacity dynamically between the peers. SBCs are designed to dynamically apply limiting policies. If the limit is reached, the peer or device will be blocked for the duration of the limit period. 7 Internet LAN DoS
Why Firewalls Are Not Enough Firewalls and Unified Threat Management (UTM) are ubiquitous in today’s networks as they offer comprehensive protection against blended threats. But these devices offer little coverage in VoIP security protection. Firewalls and UTM focus on data security, email, web, worms, trojans, and so on. None of these data applications are “real time”, where VoIP requires immediate application of security policies. In addition, the inherent function of firewalls is to deny all unsolicited traffic. For example, the act of making a phone call is an unsolicited event; thus, firewalls can be counterproductive to an effective VoIP deployment by denying VoIP traffic. Furthermore, firewalls do not provide the SIP protocol addressing needs to rewrite and re-address proper SIP signalling and media negotiations. The purpose of an SBC is to enhance the “real time” VoIP security policies of the existing security infrastructure, and focus on establishing reliable SIP communications instead of just “poking holes” in your firewall to allow phone calls through at the risk of breaching security. 8 Internet Private STOP
Why Firewalls Cause Problems When deploying remote phones, whether as a carrier in a hosted solution or as an enterprise with home or remote employees, these phones will have to reside behind some type of firewall. Firewalls are meant to provide security by hiding the private network addresses of end user devices and, at the same time, preventing all unsolicited network traffic from entering the private network. However, VoIP uses SIP (RFC 3261) as a communications protocol, which is an application and not a network routing protocol. Firewalls don't provide application support. Making a phone call by its very act is an unsolicited event, an event that every firewall will block or deny traffic. And, in most cases, poking holes in the firewall to allow these phone calls through simply causes more security and audio problems. An SBC provides several features to enhance the deployment security of VoIP. It works with firewalls by accepting the VoIP traffic and applying security and routing policies to the phone calls, in essence “vetting” the calls for the network firewall. In addition, SBCs provide Far End NAT solutions for SIP phones deployed behind firewalls whose traffic is coming from across the Internet. 9 Internet Private STOP
Security Threats: Denial of Service A Denial of Service (DoS) attack is when there is concentrated effort to ‘flood’ an available application, transport, or connection with overwhelming traffic in an attempt to slow down or disrupt an available service. In the context of VoIP, a DoS attack is focused on the telecommunication services, attempting to slow down, disrupt, or even outright stop VoIP from occurring. The SBC is designed to protect mission critical Unified Communications (UC) applications such as IP PBXs, IVR, call centers, and more. The SBC contains features, such as Intrusion Detection System (IDS) and Intrusion Prevention System (IPS), specifically designed for SIP applications, detecting attacks and automatically adjusting to prevent the DoS attack from traversing into the private network. In addition, the SBC has other features such as call admission control, rate limiting, and advanced call routing with ACL to prevent unwanted DoS traffic. 10 Internet LAN DoS
Reconnaissance Attacks and Signature Recognition In the context of VoIP, a reconnaissance attack occurs when a malicious party tries to learn information about your network. Place a SIP device directly on the Internet and watch the network activity. It won’t take long before you see a number of erroneous SIP packets searching for SIP devices. Before any concentrated effort to purposefully attack a VoIP service, there first needs to be a process of information gathering. In most cases, reconnaissance attacks precede an actual access or DoS attack. First is the discovery of a VoIP service, as the malicious party conducts a SIP scanner sweep of the target network to determine which IP addresses have live SIP services. Sending specific SIP packets, these SIP scanners can provoke a response from the SIP device and confirm its availability. Then the malicious party determines which VoIP services, accounts, extensions, and trunks are active on the live VoIP addresses. From this information, more activity may potentially follow, such as DoS attacks, toll fraud, and others. There are a number of common SIP scanners that have a unique ‘signature’ within SIP. The best way to deal with these SIP scanners is to identify its ‘signature’ within the SIP, and then outright reject the packet. The SBC is designed to do just that. It recognizes these SIP scanners by their ‘signature’ and rejects them. Not responding to SIP scanners allows the VoIP deployment to be hidden from future security attack attempts, making it harder for malicious parties to compromise your network. 11 Internet LAN Reconn STOP SBC says “STOP! I know you!
Toll Fraud Toll fraud is the most common and costly security problem in the telecommunications industry, in both legacy telephony as well as Voice over Internet Protocol. With VoIP, the opportunity for toll fraud is greater due to the accessibility and connectivity to the public Internet. Toll fraud is achieved through compromised IP-PBXs, IVRs, subscription/identity theft, compromised account authentication, and a host of other methods. It is important to note that toll fraud is not restricted to just public Internet connections, as carriers with private WAN networks can be compromised by their own customers if their carrier equipment is compromised. Every VoIP device in the call flow path is responsible to prevent toll fraud, but the SBC may be the most important. Tools built into the SBC, such as rate limiting, blacklisting, and advance call control, help identify potential toll fraud activities. Other features, such as SNMP and SMTP alert notifications, alert IT administrators to potential issues. Simply put, the SBC is designed to play an integral role in toll fraud prevention. 12 Internet Carrier WAN LAN Untrusted Network Trusted Network
SBC Deployment & Use Examples: Enterprise Network Edge The SBC is designed to sit on the network edge, between different networks, expanding the business communication network’s ability to be flexible and resilient – no matter who is in the communication path, making the future of the business communications more about connectivity and less about delivery. To accomplish this, simply place an SBC at the edge of two networks. This can take different forms. One interface will always be on the private LAN, while the other can be on the Internet or on the carrier WAN. From there, you can create a control point where policies can be applied to provide solutions for: Security and routing Resiliency and interoperability Quality of service Failover and troubleshooting SLA management and encryption Access control, call admission control, and authentication And more. 13 Internet LAN MPLS LAN WAN LAN
VoIP in the Cloud Cloud solutions offer greater flexibility in many VoIP and SBC deployments. Public cloud services (like those offered by Google, Amazon, and others), a private cloud, or some hybrid cloud service all essentially provide a virtual office to give the flexibility of connecting to business VoIP services anywhere, any time. With the growing number of voice and video-enabled devices used in today's business environment, access to VoIP services is even easier. There are many benefits to moving VoIP to the cloud: The SBC provides the ability to operate in various cloud services, allowing carriers and enterprise deployments to reduce costs, scale effectively, and increase continuity with other cloud VoIP applications, all ultimately increasing the flexibility of VoIP deployments. Reduced IT costs Scalability Collaboration efficiency Flexibility of VoIP deployments 14 Hybrid Cloud Private Cloud Public Cloud
Interoperability Interoperability is the ability of a system or a product to work with other systems or products without special effort on the part of the customer. Internet Telephony Service Providers (ITSP) offer many different services to different customers. Therefore, their products and services come in many different deployment forms utilizing many different policies and utilizations of SIP. In addition, SIP itself is written in a manner that is open for interpretation, with some 40+ RFCs in use, all with some form of interpretation. Accommodating this diversity can be very challenging for many deployments. While each provider may use similar commonly deployed carrier grade vendor equipment, these devices can be configured in many different ways to provide a number of different solutions meeting the needs of the individual service provider. This makes interacting with each provider uniquely different. The SBC allows the IP PBX and ITSP to standardize on one implementation of SIP trunking, while handling all of the configuration and adjustment to the corresponding services as well. This allows for greater flexibility by allowing the enterprise deployment to be independent of any external factors imposed by the service provider. 15
SIP Header Manipulation When trying to accomplish multiple vendor integration and leverage the equipment and solutions available, you will often find firsthand that each vendor has completely different SIP protocol requirements. In this situation, you need an "all-purpose tool"—one that accepts all the different variations of the SIP being sent and provides the ability to rewrite every possible header and field within the SIP protocol messages. This ability enables an enterprise to be less vendor-dependent, and thus, opens up the flexibility of the solution to interconnect with any other vendor. The SBC is the key component in this multi-vendor scenario. Multiple IP PBXs, carriers, phones, and other UC applications can all be interconnected seamlessly with an SBC. Your SBC should allow you to rewrite the SIP protocol (and in the process, become less reliant on vendor certifications and recommendations) and focus on providing a solution that works for your unique business requirements. 16 Address of Records P-Preferred Identity Request URI Diversion History-Info P-Asserted Identity
Peer-to-Peer Some providers simply require the enterprise to provide their IP addresses, creating an IP address-to-address or peer-to-peer relationship. The authentication is based mainly on the IP addresses. Peer-to-peer offers layers of security, along with SIP formatting restrictions. Rather than an open policy with account look-up and authentication, this deployment style is a “trusted” relationship between the provider and the enterprise equipment, processing phone calls only from trusted peers. The SBC allows an IP PBX and other devices to connect peer-to-peer with vendor SIP trunks by acting as an integration point between the IP PBX and the ITSP. The SBC provides the same additional security features, SIP interoperability and routing requirements in peer-to-peer as it would in registration or authentication deployments. 17 Peer to Peer Peer to Peer Internet LAN ITSP
Sangoma.com © 2020 Sangoma Technologies Proprietary - Every effort has been made to ensure accuracy of this document. Due to ongoing improvements and revisions, Sangoma reserves the right to make changes without notice. 100 Renfrew Drive, Suite 100, Markham ON L3R 9R6 Canada +1 (256) 428-6000 or +1 (877) 344-4861 (Toll Free in North America) SBC Playbook.En.20200428.R2 Everything Connects, Connect with Sangoma Sangoma (TSX Venture: STC) is the leading provider of enterprise grade, value-based communications solutions. With Sangoma, businesses of all sizes can find affordable cloud and on-premise Unified Communications (UC) systems with advanced functionality. Sangoma’s global footprint extends to millions of customers in over 150 countries who rely on Sangoma technology for their mission critical communications infrastructure. Sangoma offers a complete portfolio of next-generation UC solutions, delivering industry-leading quality at price points that maximize customers’ return on investment. Sangoma products and services are developed by the best engineers in the industry and backed by a professional services team that is second to none, offering as much support and assistance as any business needs, up to a fully managed solution. To learn more about Sangoma products and services, visit us at www.sangoma.com.

Recommended

Securing VoIP Networks
Securing VoIP NetworksSecuring VoIP Networks
Securing VoIP NetworksGENBANDcorporate
 
An approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxAn approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxamalouwarda1
 
6 Steps to SIP trunking security
6 Steps to SIP trunking security6 Steps to SIP trunking security
6 Steps to SIP trunking securityFlowroute
 
Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056mashiur
 
Sbc the-critical-component for a successful IP PBX Deloyment
Sbc the-critical-component for a successful IP PBX DeloymentSbc the-critical-component for a successful IP PBX Deloyment
Sbc the-critical-component for a successful IP PBX DeloymentSelf Employed
 
Voice over IP
Voice over IPVoice over IP
Voice over IPTogis UAB Ltd
 
Askozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksRohan Fernandes
 

Recommended

Securing VoIP Networks
Securing VoIP NetworksSecuring VoIP Networks
Securing VoIP NetworksGENBANDcorporate
 
An approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxAn approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxamalouwarda1
 
6 Steps to SIP trunking security
6 Steps to SIP trunking security6 Steps to SIP trunking security
6 Steps to SIP trunking securityFlowroute
 
Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056Abdullah Al Mamun 062507056
Abdullah Al Mamun 062507056mashiur
 
Sbc the-critical-component for a successful IP PBX Deloyment
Sbc the-critical-component for a successful IP PBX DeloymentSbc the-critical-component for a successful IP PBX Deloyment
Sbc the-critical-component for a successful IP PBX DeloymentSelf Employed
 
Voice over IP
Voice over IPVoice over IP
Voice over IPTogis UAB Ltd
 
Askozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksRohan Fernandes
 
Case study about voip
Case study about voipCase study about voip
Case study about voipelmudthir
 
1, prevalent network threats and telecommunication security challenges and co...
1, prevalent network threats and telecommunication security challenges and co...1, prevalent network threats and telecommunication security challenges and co...
1, prevalent network threats and telecommunication security challenges and co...Alexander Decker
 
Voice over IP (VOIP) Security Research- A Research
Voice over IP (VOIP) Security Research- A ResearchVoice over IP (VOIP) Security Research- A Research
Voice over IP (VOIP) Security Research- A ResearchIJMER
 
76 s201919
76 s20191976 s201919
76 s201919IJRAT
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedureijsrd.com
 
Kartik Powerpoit
Kartik PowerpoitKartik Powerpoit
Kartik Powerpoitguest0d8c40c
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51martinvoelk
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxronak56
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxdaniahendric
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxmakdul
 
SIP Trunking White Paper
SIP Trunking White PaperSIP Trunking White Paper
SIP Trunking White PaperLeanne Bird
 
10.1.1.64.2504
10.1.1.64.250410.1.1.64.2504
10.1.1.64.2504Dan Drumm
 
Protect your guest wifi - NOW
Protect your guest wifi - NOWProtect your guest wifi - NOW
Protect your guest wifi - NOWJoshua Sibaja
 
Wi Fi
Wi FiWi Fi
Wi FiGuruprasad Iyer
 
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdfWireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdfSeanHussey8
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
VoIP Security
VoIP SecurityVoIP Security
VoIP SecurityDayanand Prabhakar
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999TomParker
 
VoIP Research Paper
VoIP Research PaperVoIP Research Paper
VoIP Research PaperAashish Pande
 
Wi fi Technilogy
Wi fi TechnilogyWi fi Technilogy
Wi fi Technilogythasnim1304
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 

More Related Content

Similar to why-your-network-needs-an-sbc-guide.pdf

Case study about voip
Case study about voipCase study about voip
Case study about voipelmudthir
 
1, prevalent network threats and telecommunication security challenges and co...
1, prevalent network threats and telecommunication security challenges and co...1, prevalent network threats and telecommunication security challenges and co...
1, prevalent network threats and telecommunication security challenges and co...Alexander Decker
 
Voice over IP (VOIP) Security Research- A Research
Voice over IP (VOIP) Security Research- A ResearchVoice over IP (VOIP) Security Research- A Research
Voice over IP (VOIP) Security Research- A ResearchIJMER
 
76 s201919
76 s20191976 s201919
76 s201919IJRAT
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedureijsrd.com
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51martinvoelk
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxronak56
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxdaniahendric
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxmakdul
 
SIP Trunking White Paper
SIP Trunking White PaperSIP Trunking White Paper
SIP Trunking White PaperLeanne Bird
 
10.1.1.64.2504
10.1.1.64.250410.1.1.64.2504
10.1.1.64.2504Dan Drumm
 
Protect your guest wifi - NOW
Protect your guest wifi - NOWProtect your guest wifi - NOW
Protect your guest wifi - NOWJoshua Sibaja
 
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdfWireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdfSeanHussey8
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999TomParker
 
Wi fi Technilogy
Wi fi TechnilogyWi fi Technilogy
Wi fi Technilogythasnim1304
 

Similar to why-your-network-needs-an-sbc-guide.pdf (20)

Case study about voip
Case study about voipCase study about voip
Case study about voip
 
1, prevalent network threats and telecommunication security challenges and co...
1, prevalent network threats and telecommunication security challenges and co...1, prevalent network threats and telecommunication security challenges and co...
1, prevalent network threats and telecommunication security challenges and co...
 
Voice over IP (VOIP) Security Research- A Research
Voice over IP (VOIP) Security Research- A ResearchVoice over IP (VOIP) Security Research- A Research
Voice over IP (VOIP) Security Research- A Research
 
76 s201919
76 s20191976 s201919
76 s201919
 
Analysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence ProcedureAnalysis of VoIP Forensics with Digital Evidence Procedure
Analysis of VoIP Forensics with Digital Evidence Procedure
 
Kartik Powerpoit
Kartik PowerpoitKartik Powerpoit
Kartik Powerpoit
 
VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51VoIp Security Services Technical Description Cyber51
VoIp Security Services Technical Description Cyber51
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
SIP Trunking White Paper
SIP Trunking White PaperSIP Trunking White Paper
SIP Trunking White Paper
 
10.1.1.64.2504
10.1.1.64.250410.1.1.64.2504
10.1.1.64.2504
 
Protect your guest wifi - NOW
Protect your guest wifi - NOWProtect your guest wifi - NOW
Protect your guest wifi - NOW
 
Wi Fi
Wi FiWi Fi
Wi Fi
 
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdfWireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdf
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/Secuirty
 
VoIP Security
VoIP SecurityVoIP Security
VoIP Security
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999
 
VoIP Research Paper
VoIP Research PaperVoIP Research Paper
VoIP Research Paper
 
Wi fi Technilogy
Wi fi TechnilogyWi fi Technilogy
Wi fi Technilogy
 

Recently uploaded

Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 

Recently uploaded (20)

Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 

why-your-network-needs-an-sbc-guide.pdf

  • 1. A Sangoma SBC Playbook Why Your Network Needs an SBC VoIP Security
  • 2. Session Border Controllers by Sangoma Security Concepts Security Threats SBC Deployment & Use Examples 3 4 10 13
  • 3. Field-upgradeable session expansion available Compatible with virtual environments Session Border Controllers by Sangoma As VoIP networks have become the de facto standard for modern business telecommunications, the number of threats and malicious actors have multiplied. Securing your VoIP network is more important now than ever before. To help support organizations as they tighten up the security of their VoIP networks, we’ve put together this guide to VoIP security, including plenty of general VoIP security information as well as some of the ways in which a Sangoma Session Border Controller (SBC) can enhance security and offer the highest level of protection for your VoIP network. Protects SMBs, enterprises, and service providers from VoIP threats Securely connects remote users to the corporate phone system without requiring a VPN connection Compatible with virtually all phone systems, including Sangoma's own Unified Communications (UC) solutions Session-based licensing with all features included Supports 5 - 4,000 simultaneous calls Browser-based GUI for easy configuration Hardware-based transcoding and media handling Provides business continuity, quality of service, interoperability, and more Annual support and maintenance plans available 3
  • 4. 4 Security Concepts: Security Starts with a Policy Security is the last requirement (if at all) addressed in too many deployments, when it should be the first and most important topic to be discussed. When planning or implementing a VoIP solution, make security a priority. Security breaches don’t come exclusively from the public Internet but may very well also come from within trusted networks, in the form of worms, trojans, and other malware. Although there are few widespread malware threats targeting VoIP— don’t rule it out! Internal breaches can come from misconfiguration and unattended devices. Remember, IP networks are open—if someone knows your IP address, they can communicate with it. An SBC has the ability to apply a tremendous amount of security policies for VoIP and IP networks. SBCs enable IT Administrators to enhance their overall security solution with a device that leads in VoIP security. Internet LAN ITSP
  • 5. Trusted and Untrusted Networks A common security concept we encounter every time we connect a device to a network is deciding whether the network is trusted or untrusted. For example, whenever you take your laptop into a coffee shop for the first time and use their open Wi-Fi connection, you’re typically prompted to define the network zone to which you are connecting, whether it be home, work, or public. Depending on what’s selected, the appropriate security settings are enabled. In the context of VoIP and IP networking, trusted and untrusted zones are defined by where the security control devices are located. Firewalls are typically used as an IP network control point, and SBCs are used as VoIP control points. It is important to place an SBC between trusted and untrusted IP networks to provide security policies and ensure that each network does not have a direct connection. The Internet is the most untrusted IP network, and even private WAN IP networks should be considered untrusted for the security of the enterprise trusted LAN network. 5 Internet Carrier WAN LAN Untrusted Network Trusted Network
  • 6. End of Geography With respect to traditional TDM technology, security issues such as toll fraud, intrusion of services, and eavesdropping are about point of presence. To listen in on someone’s telephone line, the malicious person needs to be physically located beside the line. This changes with Voice over Internet Protocol (VoIP). The Internet is an “open” system. If someone knows your IP address, they can get to it. Similarly, if someone knows the path you are taking, they may be able to get in the middle of the path and intercept data. This holds true for both public traffic as well as private traffic, independently. No longer does someone need to be physically beside the equipment to tamper or breach the security of the equipment. Security breaches can come from anywhere, private or public networks. To minimize the threat, one can enable VoIP security and routing policies on their IP network using an SBC—which will provide a Network Address Translation (NAT) firewall along with Intrusion Defense Systems (IDS) or Intrusion Prevention Systems (IPS). 6 Internet LAN ITSP
  • 7. Rate Limiting In order to protect servers from overload and DoS attacks, enterprises may limit the amount of calls to or from a specific peer or device, either by the number of new calls within a given period, by the overall limit of concurrent calls, or both. The method for Rate Limiting on SIP is to determine the number of INVITEs or new calls that the SBC is going to allow to traverse through to the VoIP servers. This is beneficial when wanting to restrict the number of new calls presented in a given period of time. Concurrent Session Limiting is used on the SBC to limit the number of overall concurrent calls. This policy limits the overall call capacity dynamically between the peers. SBCs are designed to dynamically apply limiting policies. If the limit is reached, the peer or device will be blocked for the duration of the limit period. 7 Internet LAN DoS
  • 8. Why Firewalls Are Not Enough Firewalls and Unified Threat Management (UTM) are ubiquitous in today’s networks as they offer comprehensive protection against blended threats. But these devices offer little coverage in VoIP security protection. Firewalls and UTM focus on data security, email, web, worms, trojans, and so on. None of these data applications are “real time”, where VoIP requires immediate application of security policies. In addition, the inherent function of firewalls is to deny all unsolicited traffic. For example, the act of making a phone call is an unsolicited event; thus, firewalls can be counterproductive to an effective VoIP deployment by denying VoIP traffic. Furthermore, firewalls do not provide the SIP protocol addressing needs to rewrite and re-address proper SIP signalling and media negotiations. The purpose of an SBC is to enhance the “real time” VoIP security policies of the existing security infrastructure, and focus on establishing reliable SIP communications instead of just “poking holes” in your firewall to allow phone calls through at the risk of breaching security. 8 Internet Private STOP
  • 9. Why Firewalls Cause Problems When deploying remote phones, whether as a carrier in a hosted solution or as an enterprise with home or remote employees, these phones will have to reside behind some type of firewall. Firewalls are meant to provide security by hiding the private network addresses of end user devices and, at the same time, preventing all unsolicited network traffic from entering the private network. However, VoIP uses SIP (RFC 3261) as a communications protocol, which is an application and not a network routing protocol. Firewalls don't provide application support. Making a phone call by its very act is an unsolicited event, an event that every firewall will block or deny traffic. And, in most cases, poking holes in the firewall to allow these phone calls through simply causes more security and audio problems. An SBC provides several features to enhance the deployment security of VoIP. It works with firewalls by accepting the VoIP traffic and applying security and routing policies to the phone calls, in essence “vetting” the calls for the network firewall. In addition, SBCs provide Far End NAT solutions for SIP phones deployed behind firewalls whose traffic is coming from across the Internet. 9 Internet Private STOP
  • 10. Security Threats: Denial of Service A Denial of Service (DoS) attack is when there is concentrated effort to ‘flood’ an available application, transport, or connection with overwhelming traffic in an attempt to slow down or disrupt an available service. In the context of VoIP, a DoS attack is focused on the telecommunication services, attempting to slow down, disrupt, or even outright stop VoIP from occurring. The SBC is designed to protect mission critical Unified Communications (UC) applications such as IP PBXs, IVR, call centers, and more. The SBC contains features, such as Intrusion Detection System (IDS) and Intrusion Prevention System (IPS), specifically designed for SIP applications, detecting attacks and automatically adjusting to prevent the DoS attack from traversing into the private network. In addition, the SBC has other features such as call admission control, rate limiting, and advanced call routing with ACL to prevent unwanted DoS traffic. 10 Internet LAN DoS
  • 11. Reconnaissance Attacks and Signature Recognition In the context of VoIP, a reconnaissance attack occurs when a malicious party tries to learn information about your network. Place a SIP device directly on the Internet and watch the network activity. It won’t take long before you see a number of erroneous SIP packets searching for SIP devices. Before any concentrated effort to purposefully attack a VoIP service, there first needs to be a process of information gathering. In most cases, reconnaissance attacks precede an actual access or DoS attack. First is the discovery of a VoIP service, as the malicious party conducts a SIP scanner sweep of the target network to determine which IP addresses have live SIP services. Sending specific SIP packets, these SIP scanners can provoke a response from the SIP device and confirm its availability. Then the malicious party determines which VoIP services, accounts, extensions, and trunks are active on the live VoIP addresses. From this information, more activity may potentially follow, such as DoS attacks, toll fraud, and others. There are a number of common SIP scanners that have a unique ‘signature’ within SIP. The best way to deal with these SIP scanners is to identify its ‘signature’ within the SIP, and then outright reject the packet. The SBC is designed to do just that. It recognizes these SIP scanners by their ‘signature’ and rejects them. Not responding to SIP scanners allows the VoIP deployment to be hidden from future security attack attempts, making it harder for malicious parties to compromise your network. 11 Internet LAN Reconn STOP SBC says “STOP! I know you!
  • 12. Toll Fraud Toll fraud is the most common and costly security problem in the telecommunications industry, in both legacy telephony as well as Voice over Internet Protocol. With VoIP, the opportunity for toll fraud is greater due to the accessibility and connectivity to the public Internet. Toll fraud is achieved through compromised IP-PBXs, IVRs, subscription/identity theft, compromised account authentication, and a host of other methods. It is important to note that toll fraud is not restricted to just public Internet connections, as carriers with private WAN networks can be compromised by their own customers if their carrier equipment is compromised. Every VoIP device in the call flow path is responsible to prevent toll fraud, but the SBC may be the most important. Tools built into the SBC, such as rate limiting, blacklisting, and advance call control, help identify potential toll fraud activities. Other features, such as SNMP and SMTP alert notifications, alert IT administrators to potential issues. Simply put, the SBC is designed to play an integral role in toll fraud prevention. 12 Internet Carrier WAN LAN Untrusted Network Trusted Network
  • 13. SBC Deployment & Use Examples: Enterprise Network Edge The SBC is designed to sit on the network edge, between different networks, expanding the business communication network’s ability to be flexible and resilient – no matter who is in the communication path, making the future of the business communications more about connectivity and less about delivery. To accomplish this, simply place an SBC at the edge of two networks. This can take different forms. One interface will always be on the private LAN, while the other can be on the Internet or on the carrier WAN. From there, you can create a control point where policies can be applied to provide solutions for: Security and routing Resiliency and interoperability Quality of service Failover and troubleshooting SLA management and encryption Access control, call admission control, and authentication And more. 13 Internet LAN MPLS LAN WAN LAN
  • 14. VoIP in the Cloud Cloud solutions offer greater flexibility in many VoIP and SBC deployments. Public cloud services (like those offered by Google, Amazon, and others), a private cloud, or some hybrid cloud service all essentially provide a virtual office to give the flexibility of connecting to business VoIP services anywhere, any time. With the growing number of voice and video-enabled devices used in today's business environment, access to VoIP services is even easier. There are many benefits to moving VoIP to the cloud: The SBC provides the ability to operate in various cloud services, allowing carriers and enterprise deployments to reduce costs, scale effectively, and increase continuity with other cloud VoIP applications, all ultimately increasing the flexibility of VoIP deployments. Reduced IT costs Scalability Collaboration efficiency Flexibility of VoIP deployments 14 Hybrid Cloud Private Cloud Public Cloud
  • 15. Interoperability Interoperability is the ability of a system or a product to work with other systems or products without special effort on the part of the customer. Internet Telephony Service Providers (ITSP) offer many different services to different customers. Therefore, their products and services come in many different deployment forms utilizing many different policies and utilizations of SIP. In addition, SIP itself is written in a manner that is open for interpretation, with some 40+ RFCs in use, all with some form of interpretation. Accommodating this diversity can be very challenging for many deployments. While each provider may use similar commonly deployed carrier grade vendor equipment, these devices can be configured in many different ways to provide a number of different solutions meeting the needs of the individual service provider. This makes interacting with each provider uniquely different. The SBC allows the IP PBX and ITSP to standardize on one implementation of SIP trunking, while handling all of the configuration and adjustment to the corresponding services as well. This allows for greater flexibility by allowing the enterprise deployment to be independent of any external factors imposed by the service provider. 15
  • 16. SIP Header Manipulation When trying to accomplish multiple vendor integration and leverage the equipment and solutions available, you will often find firsthand that each vendor has completely different SIP protocol requirements. In this situation, you need an "all-purpose tool"—one that accepts all the different variations of the SIP being sent and provides the ability to rewrite every possible header and field within the SIP protocol messages. This ability enables an enterprise to be less vendor-dependent, and thus, opens up the flexibility of the solution to interconnect with any other vendor. The SBC is the key component in this multi-vendor scenario. Multiple IP PBXs, carriers, phones, and other UC applications can all be interconnected seamlessly with an SBC. Your SBC should allow you to rewrite the SIP protocol (and in the process, become less reliant on vendor certifications and recommendations) and focus on providing a solution that works for your unique business requirements. 16 Address of Records P-Preferred Identity Request URI Diversion History-Info P-Asserted Identity
  • 17. Peer-to-Peer Some providers simply require the enterprise to provide their IP addresses, creating an IP address-to-address or peer-to-peer relationship. The authentication is based mainly on the IP addresses. Peer-to-peer offers layers of security, along with SIP formatting restrictions. Rather than an open policy with account look-up and authentication, this deployment style is a “trusted” relationship between the provider and the enterprise equipment, processing phone calls only from trusted peers. The SBC allows an IP PBX and other devices to connect peer-to-peer with vendor SIP trunks by acting as an integration point between the IP PBX and the ITSP. The SBC provides the same additional security features, SIP interoperability and routing requirements in peer-to-peer as it would in registration or authentication deployments. 17 Peer to Peer Peer to Peer Internet LAN ITSP
  • 18. Sangoma.com © 2020 Sangoma Technologies Proprietary - Every effort has been made to ensure accuracy of this document. Due to ongoing improvements and revisions, Sangoma reserves the right to make changes without notice. 100 Renfrew Drive, Suite 100, Markham ON L3R 9R6 Canada +1 (256) 428-6000 or +1 (877) 344-4861 (Toll Free in North America) SBC Playbook.En.20200428.R2 Everything Connects, Connect with Sangoma Sangoma (TSX Venture: STC) is the leading provider of enterprise grade, value-based communications solutions. With Sangoma, businesses of all sizes can find affordable cloud and on-premise Unified Communications (UC) systems with advanced functionality. Sangoma’s global footprint extends to millions of customers in over 150 countries who rely on Sangoma technology for their mission critical communications infrastructure. Sangoma offers a complete portfolio of next-generation UC solutions, delivering industry-leading quality at price points that maximize customers’ return on investment. Sangoma products and services are developed by the best engineers in the industry and backed by a professional services team that is second to none, offering as much support and assistance as any business needs, up to a fully managed solution. To learn more about Sangoma products and services, visit us at www.sangoma.com.