SIP Trunk Security with Session Border Controllers

As discussed in my previous blog, SIP trunking is often a peer-to-peer connection for the primary use of delivering PSTN connectivity over VoIP, and is delivered over a couple of different methods using ITSPs and Managed Service Providers.

In this blog, I’ll be addressing a Session Border Controller (SBC) element that is used to define the peer-to-peer relationship at various networks and VoIP application layers, and additionally ensuring signaling and media are secure as well.

Security Best Practices

IP-PBX with SBC

In this example, the IP-PBX resides behind an SBC. The SBC is the border element between Internet (or untrusted network zones) and Local Area Networks (or trusted zones). The SBC is a network security device as well as a VoIP security device that monitors incoming and outgoing network and voice traffic and decides whether to allow or block specific traffic based on a defined set of network and voice security rules.

Security Best Practices

SBC Features & Setup

The SBC controls the voice traffic by processing SIP signaling and audio media streams to the defined destinations. SBCs typically use B2BUA technology for processing SIP traffic. In this solution, the SBC is intelligently controlling communications for allowing SIP trunk traffic from carriers, to be directed to the IP‑PBX.

There are many VoIP Security features the SBC adds to the SIP trunk call flow. One of the SBCs primary functions is to provide VoIP security, analyzing and protecting mission critical VoIP applications from malicious activity, so these mission critical applications are protected from direct attacks. There are several different security features on the SBC to ensure complete coverage.

If you enjoyed this blog, and would like to learn more about Security Best Practices for VoIP, download our whitepaper here: sangoma.com/voip-security-best-practices/