SIP Trunk Security with Session Border Controllers

As discussed in my previous blog, SIP trunking is often a peer-to-peer connection for the primary use of delivering PSTN connectivity over VoIP, and is delivered over a couple of different methods using ITSPs and Managed Service Providers.

In this blog, I’ll be addressing a Session Border Controller (SBC) element that is used to define the peer-to-peer relationship at various networks and VoIP application layers, and additionally ensuring signaling and media are secure as well.

Security Best Practices

IP-PBX with SBC

In this example, the IP-PBX resides behind an SBC. The SBC is the border element between Internet (or untrusted network zones) and Local Area Networks (or trusted zones). The SBC is a network security device as well as a VoIP security device that monitors incoming and outgoing network and voice traffic and decides whether to allow or block specific traffic based on a defined set of network and voice security rules.

Security Best Practices

SBC Features & Setup

The SBC controls the voice traffic by processing SIP signaling and audio media streams to the defined destinations. SBCs typically use B2BUA technology for processing SIP traffic. In this solution, the SBC is intelligently controlling communications for allowing SIP trunk traffic from carriers, to be directed to the IP‑PBX.

There are many VoIP Security features the SBC adds to the SIP trunk call flow. One of the SBCs primary functions is to provide VoIP security, analyzing and protecting mission critical VoIP applications from malicious activity, so these mission critical applications are protected from direct attacks. There are several different security features on the SBC to ensure complete coverage.

If you enjoyed this blog, and would like to learn more about Security Best Practices for VoIP, download our whitepaper here: sangoma.com/voip-security-best-practices/

SIP Trunk Security with Firewalls

SIP Trunking is often a peer-to-peer connection for the primary use of delivering PSTN connectivity over VoIP. SIP Trunking is delivered over a couple of different methods:

Internet Telephony Service Providers (ITSP)

  • Deliver SIP Trunking over the Internet

Managed Service Providers (MSP)

  • Deliver SIP Trunking over the dedicated carriers WAN connections

The application of security solutions involves providing a firewall in combination with an IP‑PBX that’s used to define the peer-to-peer relationship at various networks and VoIP application layers, and also ensuring signaling and media are secure as well.

Security Best Practices

In the example above, the IP‑PBX resides behind a typical network firewall. The firewall is the border element between Internet or Untrusted Network Zones and Local Area Networks or Trusted Zones. The firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

If you enjoyed this blog, and would like to learn more about Security Best Practices for VoIP, download our whitepaper here: sangoma.com/voip-security-best-practices/

Why Security is Important with VoIP

Security is one of the most frequently discussed topics, yet the importance of securing VoIP is hard to overstate. Over the course of the next six weeks, we’ll discuss VoIP Security specific to SIP Trunking and Remote Phone applications.

Due to the growth of VoIP, it’s important to understand some of the common threats. Every device and service are in part responsible for providing a secure VoIP solution, but there are a few different ways to deploy a secure VoIP solution.

Traditional telephony delivered via analog or digital involves transmission over some physical medium. Security attacks to traditional telephony such as eavesdropping, require physical presence with access to the physical lines.

Security Best Practices

Toll Fraud over traditional telephony has several forms, one common attack was to hairpin telecom traffic. This is when inbound calls into a voice network were sent back out to an alternate destination. Now that Voice Networking has merged with Computer Networking there’s an “End of Geography”. Physical presence is no longer required to gain access to a voice system. Computer Networking is an OPEN network system, as any IP Address can connect with any other IP Address.

IP Protocol (IPv4 RFC 791 & IPv6 RFC 8200) and IP Addresses are fundamental in both public and private networks used in everyday communications for both voice and data. This leads to computer networking attacks having tremendously more access and tools available to conduct malicious attacks on VoIP infrastructures.

Security Best Practices

The hackers’ objective is to search through the range of IPv4 and IPv6 IP Addresses looking for VoIP Services to target with other forms of attacks. Once a VoIP Service is discovered, other types of attacks can then follow. It’s best to understand the tools and methods used to discover VoIP Services and simply detect these methods and not acknowledge the VoIP Service back to the hacker. If the hacker does not know there’s VoIP service, they’re most likely going to overlook and move on.

If you enjoyed this blog, and would like to learn more about Security Best Practices for VoIP, download our whitepaper here: sangoma.com/voip-security-best-practices/

Sangoma Introduces Comprehensive Training with Sangoma University

Sangoma webinar

In a Constantly Evolving Field, How Do You Keep Up?

By keeping current on the latest solutions for your business or your clients, reading through the manual updates for new equipment and…Training. Sangoma is continuously working to improve their hardware and solutions as technology evolves.

Under normal circumstances, users of Sangoma products have time to learn and adopt Sangoma knowledge using wikis, user guides and other self-paced material. As your system and business grows, that time seems to diminish. And finding sources of information takes time you don’t have.

Adapt

Partners and customers require different degrees of knowledge and skill. Partners supporting greater number of deployments require a comprehensive understanding of Sangoma products, while customers and users may require some general familiarly. To address this need, Sangoma created Sangoma University.

Learn

Sangoma University endeavors to provide a diverse range of training solutions. Online Technical and Sales Training Videos provide easy, self-paced instructions on Sangoma products, which allow for excellent visibility for people interested in Sangoma solutions. Classroom Technical Training provides direct and in-depth training that ensures full comprehension of the product, in addition to having one-on-one access to go beyond just knowledge and strive into learning from other’s experiences.

Understand

Training shows your customers that you’re keeping up on the latest improvements of the solution you sold them. Training shows your employees that they are a valued part of your company, and worth investing in. When we designed Sangoma University, we wanted to make sure that fully trained people were recognized.

Recognize

Along with the Sangoma Training comes Sangoma Certifications. It will now be possible to mark your Online Training achievements with a certificate of Sangoma Certified Essentials. Two additional certification offerings will be provided with Classroom Training achievements, Sangoma Certified Apprentice and Sangoma Certified Professional.

Give Back

Sangoma is proud to freely offer Online Training to anyone interested in Sangoma products. The goal is to provide videos that increase the understanding and awareness of Sangoma products. In this initial offering, the key topic is PBXact/FreePBX – called PBXact Essentials. Of course, combined with this is the Sangoma Certified Essentials certificate should you choose to mark your knowledge achievement. Also, Sangoma Sales Training will be provided to those who wish to learn how to sell and market our products. But come back often as the goal is to have freely available technical training on most all Sangoma products.

Look Towards the Future

This is an exciting time to be interested in Sangoma Training. Look forward to Classroom Events, Classroom Course Material, Product Certifications and Portal Store integration for easy purchasing of training courses. Also look for Sangoma Certified Trainers, partners of Sangoma who have been authorized to provide Sangoma Classroom Training.

Commit

Where do I find Online Training? Sangoma has created Sangoma University to help guide you through all of your Sangoma knowledge needs and we have already signed you up for Online Training. Please visit Sangoma University at training.sangoma.com.

If you’re already a visitor of the Sangoma website, you may already have access. If you have registered and accessed portal.sangoma.com, please use the same Username and Password.