May 20, 2010

Ingate Knowledge Base - a vast resource for information about all things SIP – including security, VoIP, SIP trunking etc. - just for the reseller community.  Drill down for more info!

 

The introduction of SIP brings the challenge of protecting the network from an untrusted network, and the opportunity to manage the routing of calls to a degree not possible with traditional telephony. This installment of our continuing Knowledge Base will review how an Ingate Enterprise Session Border Controller (E-SBC) can address both the challenges and opportunities.

  
 

The Role of an E-SBC

 

There has been a vigorous debate sparking up the Internet recently about the efficacy of an Enterprise Session Border Controller (E-SBC) in SIP deployments. 

 

E-SBCs such as the Ingate SIParator sit at the edge of the network to provide control over the SIP traffic.  Traditionally they were seen as just providing firewalling protection – the security – for SIP-based voice networks.  Today’s E-SBCs do indeed provide that security, which is absolutely a critical function, but have evolved to serve as a crucial element in enabling SIP deployments.

 

An E-SBC will:

 

Normalize the SIP signaling so that the IP-PBX at the customer site and the service provider’s network are fully compatible. While SIP is a standard, each implementation can be slightly different, and the service providers may each require a different level of authentication from the business. With the Ingate in place, these requirements can be met.

Additionally, normalization of the SIP signaling allows service providers to support more IP-PBXs, or those IP-PBXs that are not yet certified by the ITSP. In this manner the ITSP can provide a wider array of options for their customers and expand their business without the need for extensive interoperability certification with each IP-PBX. 

 

Resolve NAT traversal issues to enable the adoption of SIP, SIP trunking and full Unified Communications by securely permitting SIP signaling and related media to traverse the firewall. Without this function, most companies will have one-way audio only.


Provide security through deep packet inspection (DPI). DPI is a powerful way to protect not just SIP traffic, but also the network. It is a form of computer network packet filtering that examines the data (or datagram) and UDP/TCP header part of a packet as it passes through an Ingate SIParator or Firewall. DPI can be effective against buffer overflow attacks, denial of service (DoS) attacks, sophisticated intrusions, and a small percentage of worms that fit within a single packet.

 

Provide control through authentication – Many service providers require authentication of the user with their network. Some IP-PBXs do not support this function. With the Ingate in place the service provider’s requirement can be met regardless of which IP-PBX is used.


Enable disaster recovery. In the event a customer’s main office goes down, the E-SBC can reroute SIP traffic to a secondary office to keep business up and running.  Since SIP is basically traffic on the Internet, VoIP calls and other SIP applications can be rerouted to anywhere in the world.  


Deliver Quality of Service by ensuring that mission-critical voice calls have priority over other Internet traffic, and that call quality remains high.


Provide Encryption. Encryption features are inherent in the SIP protocol and when used between two sites minimizes any opportunity for unrelated parties to intercept the call.  This offers maximum privacy even over the public Internet.

 

Provide Intrusion Detection/Prevention. The Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) in Ingate’s Enhanced Security software module enables the Ingate to detect DoS attacks based on SIP, and to block malicious SIP signaling packets designed to attack certain SIP phones, servers or other devices on the enterprise LAN. This secures the enterprise network as the E-SBC handles the attacks while the servers and other SIP devices in the network can still be used.

 

We will address this issue more in upcoming Knowledge Bases, and at the SIP Trunk Summit in October at the ITEXPO.

 

 

We would like to hear from you.
Let us know of any topics you’d like to see addressed in future issues of the Knowledge Base series by writing to sofia@ingate.com or steve@ingate.com.

 
 
 
 

Want more information

 

  Follow the links to find out more:

Solving Firewall NAT Traversal

For more information, visit the Ingate Knowledge Base online at http://www.ingate.com/Knowledgebase.php.

Please visit the Ingate SIP Trunk Community

Ingate Systems Inc.    l    Ph: +1-603-883-6569    l     info@ingate.com    l    www.ingate.com

To be removed from the newsletter distribution, click here.
If you would like to forward this to a friend, click here.
To sign up a friend, have them email sofia@ingate.com