A remote phone deployment in branch offices or work-at-home employees is completely different than SIP trunking. Remote phones are dynamic in location, and require significantly more calling features. Remote phones cannot be considered as peers, as phones register for services and change IP addresses often, across multiple devices and locations.

Remote phones require automatic provisioning with file servers and possibly require web access and REST API access to the IP‑PBX. The interconnectivity between remote phones and a IP‑PBX is complicated with many communication requirements.

The application of security solutions involves providing a firewall solution that is used to define the remote phone to IP‑PBX relationship between various networks using VoIP application layers, file provisioning, and other services, while ensuring signaling and media are secure. Meanwhile, remote phones most often are located behind other firewalls, presenting additional communication issues.

In this example, the IP‑PBX resides behind a typical network firewall. The Firewall is the border element between the Internet (or untrusted network zones) and Local Area Networks (or trusted zones). The remote phone is located on a remote network across the Internet. The firewall is monitoring network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

Firewall Features & Setup

The firewall controls the traffic by redirecting SIP signaling and audio media streams to the defined destinations. In this solution, the firewall is controlling communications for allowing SIP VoIP traffic from remote phones to be directed to the IP‑PBX.

If you enjoyed this blog, and would like to learn more about Security Best Practices for VoIP, download our whitepaper here: sangoma.com/voip-security-best-practices/

As discussed in my previous blog, SIP trunking is often a peer-to-peer connection for the primary use of delivering PSTN connectivity over VoIP, and is delivered over a couple of different methods using ITSPs and Managed Service Providers.

In this blog, I’ll be addressing a Session Border Controller (SBC) element that is used to define the peer-to-peer relationship at various networks and VoIP application layers, and additionally ensuring signaling and media are secure as well.

IP-PBX with SBC

In this example, the IP-PBX resides behind an SBC. The SBC is the border element between Internet (or untrusted network zones) and Local Area Networks (or trusted zones). The SBC is a network security device as well as a VoIP security device that monitors incoming and outgoing network and voice traffic and decides whether to allow or block specific traffic based on a defined set of network and voice security rules.

SBC Features & Setup

The SBC controls the voice traffic by processing SIP signaling and audio media streams to the defined destinations. SBCs typically use B2BUA technology for processing SIP traffic. In this solution, the SBC is intelligently controlling communications for allowing SIP trunk traffic from carriers, to be directed to the IP‑PBX.

There are many VoIP Security features the SBC adds to the SIP trunk call flow. One of the SBCs primary functions is to provide VoIP security, analyzing and protecting mission critical VoIP applications from malicious activity, so these mission critical applications are protected from direct attacks. There are several different security features on the SBC to ensure complete coverage.

If you enjoyed this blog, and would like to learn more about Security Best Practices for VoIP, download our whitepaper here: sangoma.com/voip-security-best-practices/