VoIP Security

VoIP Security

What is Session Border Controller(SBC)

Session Border Controller(SBC) is a network element deployed to protect SIP based voice over Internet Protocol(VoIP) networks. SBC has become the de-facto standard for telephony and multimedia services of NGN / IMS.

Session:A communication between two parties. This would be a call’s signaling message, audio, video, or other data along with information of call statistics and quality.

Border:A point of demarcation between one part of a network and another.

Controller:The influence that session border controllers have on the data streams that comprise sessions like security, measurement, access control, routing, strategy, signaling, media, QoS and data conversion facilities for the calls they control.

Why do you need an SBC

Challenges of IP Telephony

Connectivity Issues:No voice / one-way voice caused by NAT between different sub-networks.

Compatibility Issues:Interoperability between SIP products of different vendors is unfortunately not always guaranteed.

Security Issues:Intrusion of services, eavesdropping, denial of service attacks, data interceptions, toll frauds, SIP malformed packets would cause big losses on you.

Connectivity Issues

NAT modify private IP to external IP but can’t modify application layer IP;Destination IP address is wrong,therefore can’t communicate with endpoints.

  • NAT Transversal

NAT modify private IP to external IP but can’t modify application layer IP.

SBC can identify NAT, modify IP address of SDP. Therefore obtain correct IP address and RTP can reach endpoints.

  • Session Border Controller acts as a proxy for VoIP traffics

Security Issues

  • Attack Protection

Q: Why Session Border Controller is needed for VoIP attacks?

A: All behaviors of some VoIP attacks conform to the protocol, but the behaviors are abnormal. For example, if the call frequency is too high, it will cause damage to your VoIP infrastructure. SBCs can analyze the application layer and identify user behaviors.

  • Overload Protection

Q: What causes traffic overload?

A: Hot events are the most common trigger sources, such as double 11 shopping in China (like Black Friday in USA), mass events, or attacks caused by negative news. A sudden surge of registration caused by data center power failure, network failure is also a common trigger source.

Q: how does SBC prevent traffic overload?

A: SBC can sort traffics intelligently according to user level and business priority, with high overload resistance: 3 times overload, business won’t be interrupted. Functions like traffic limitation/control, dynamic blacklist, registration/call rate limiting etc. are available.

Compatibility Issues

Interoperability between SIP products is not always guaranteed.

SBCs make the interconnection seamless.

Q: Why do interoperability issues occur when all devices support SIP?

A: SIP is an open standard, different vendors often have different interpretations and implementations, which can cause connection and/or audio issues.

Q: How does SBC solve this problem?

A: SBCs support SIP normalization via SIP message and header manipulation. Regular expression and programmable adding/deleting/modifying are available in Dinstar SBCs.

SBCs ensure Quality of Service (QoS)

Management of multiple systems and multimedia is complex. Normal routingis difficult to deal with multimedia traffic, resulting in congestion.

Analyze audio and video calls, based on user behaviors.Call controlmanagement:Intelligent routing based on caller,SIP parameters,time,QoS.

When IP network is unstable, packet loss and jitter delay cause bad qualityof service.

SBCs monitor the quality of each call in real time and take immediate actionsto ensure QoS.

Session Border Controller/Firewall/VPN

Differences between Firewall and SBC

Do you still need an SBC in additional of VPN?

Firewall and SBC are complementary, SBC is an essential network element of IP Telephony System.

Yes, an extra SBC is still needed for Attack Protection, traffic control and SIP user access.

Session Border Controllers (SBCs) Protect Your VoIP Environment

DINSTAR Session Border Controller Family

SMB SBC

Enterprise SBC

Carrier grade SBC

SBC300

5 to 50 SIP sessionsUp to 50 trans-coding callsMaximum SIP registrations: 100020 Registration per secondUnlimited SIP TrunksSIP TLS/SRTP

SBC1000

50 to 500 SIP sessionsUp to 200 trans-coding calls25 calls per second at maximumMaximum SIP registrations: 500025 Registration per secondUnlimited SIP TrunksSIP TLS/SRTP

SBC3000

500 – 2000 SIP sessionsUp to 1200 trans coding calls200 calls per second at maximumMaximum SIP registrations: 10000200 Registration per secondUnlimited SIP TrunksSIP TLS/SRTPCDRs/WebRTC

SIP Trunking for SMEs Access to ITSP / Carrier

SIP Trunking for Enterprise Access to Multiple Carriers

Secure Communication of Remote Offices

ITSP Access to Carriers

Hosted /Cloud IPPBX / Call Center

Carrier Interconnect

Top 6 Reasons to Choose Dinstar SBCs

Small Investment

Entry Level start from 5 sessionssmall budget on micro&smallorganizations

Reliable Design

Designed by experts in Canada and Chinawho have been worked in telecommunicationfor more than 15 years

Full Protection

Complete protection on VoIPtraffics,preventing fraudsand attacks.

Fast Support

A professional support team isready to help you on deployment,maintenance and debugging.

 

 

Simple License

No additional license on anyfeatures,no additionalcost

 

Flexible Scalability

Increasing SBCs capacity via simply upgradingthe license when your business growsNo downtime