Firewalls, SIP Servers and SBC - What's the Differences?
- 1. SIP Security Firewalls, SIP Servers and SBCs Explained • December 2018 1
- 2. 2 What are the Risks? Extortion Intrusion Theft of Services
- 3. 3 The Risk is Real Hackers targeted the phone system at Bob Foreman’s architecture firm in Georgia, making $166,000 in calls in a weekend. Credit: Tami Chappell for The New York Times
- 4. 4 Today’s Presenters: Alan D Percy Senior Director of Product Marketing alan.percy@telcobridges.com Luc Morissette Director of Technical Support luc.morissette@telcobridges.com
- 5. 5 Agenda Firewalls, SIP Servers and SBCs • What are they? • Why do I need them? • What do they do? • What do they NOT do? • Where to learn more?
- 6. 6 The Right Tool … “Every tool is a weapon if you hold it right” - Ani DeFranco
- 7. 7 Just a little SIP SIP is the foundation of the new voice network…but: • Specification is “loose” with interoperability issues • Separates call control signaling from media • “Chatty Cathy” • Asynchronous • “Stateful” By Korolev Alexandr RFC 3261
- 8. 8 OSI Model Application SIP User Agent Presentation G.711, G.729… Session SIP Transport TCP, UDP, RTP Network IP, ICMP Data Link Ethernet, 802.11 Physical CAT5, 2.4GHz Network Switches Firewall / Router Session Border Controllers SIP Servers
- 9. 9 Function of a Firewall Internet LANWAN 34.x.x.x 192.168.1.2 192.168.1.3 192.168.1.4 Trusted NetworkUntrusted Network
- 10. 10 Firewall Functions Packet Filtering – Layer 2-4 Tracking and passing “good” traffic Blocking “unsolicited” traffic Pinhole Management Packet Forwarding NAT – Network Address Translation DHCP – Assigning IP addresses to devices
- 11. Header ManipulationRouting Engine Media SIP Session s Public WAN 34.0.0. 1 SIP Server SIP Application s 34.0.0.X SIP Server Architecture
- 12. 12 SIP Server Functions SIP Proxy/Router SIP Header Manipulation SIP Routing / Load Balancing Script-based configuration No B2BUA Exposes network topology No Media Handling
- 13. What is a SBC? Local Area Network Network Border Wide Area Network SBC • Anywhere two SIP networks intersect • Software-based “Network Function” • Most often between a WAN and a LAN SIP SIP
- 14. Routing Engine Media Media Engine SIP Session s B2BUA UAS UAC Private LAN 192.168.0.X Public WAN 34.0.0.1 Session Border Controller SIP Applicatio ns Session Border Controller Architecture
- 15. 15 Firewall / SBC Deployment Models SBC Behind the Firewall LAN WAN 34.1.1.1 192.168.1.2 192.168.1.4 Trusted Network Untrusted Network SBC Internet Call Servers
- 16. 16 Firewall / SBC Deployment Models SBC Beside the Firewall LAN WAN 34.1.1.1 192.168.1.2 192.168.1.4 Trusted Network Untrusted Network SBC Internet Call Servers 34.1.1.2
- 17. 17 Use Case – Hosted IP-PBX/UC Tasks: Security – DDOS & Topology Hiding Registration/Subscription Forwarding NAT Traversal IP-PBX / UC / Contact Center with Local & Remote Users Asterisk Work-at-home users SBC
- 18. 18 Comparison Summary Function Firewall SIP Server SBC Layer 2-4 Packet Filtering Router / NAT / DHCP Prevent DOS / DDOS Attacks SIP Header Manipulation / Interoperability SIP Routing Toll Fraud Protection Topology Hiding Block Robocallers (STIR/SHAKEN) QOS Measurement / Reporting Media Transcoding / Transcryption Prevent Media DDOS Attacks
- 19. 19 Introducing… Learn more at: www.FreeSBC.com
- 20. 20 Congratulations! You now know enough to be dangerous! How do you continue your knowledge?
- 21. 21 Q&A Download your FreeSBC software: www.freesbc.com Frequently Asked Questions at: forums.freesbc.com Other educational webinars at: freesbc.com/video-library Q/A?
Editor's Notes
- #2: Welcome to “FreeSBC – A New Approach to the SBC”, a webinar event hosted by TelcoBridges Before we begin, a little housekeeping: As a live event participant, you’ll have the opportunity to interact with today’s speakers and hope you do pose your questions and comments on today’s topic using the Q/A panel. To pose a question or comment, open the Q/A panel by clicking on the box in the upper left of your screen. We’ll cover your questions toward the end of the session. We’ve found that some attendees may need to adjust the webinar View Options to see the full slide on your screen. If you are not seeing a full slide, move your mouse to the top of the webinar window and a View Option selection will appear – choose an option that best fits your screen. Also, today’s event is being recorded and all those that have registered will received a link to the recording for on-demand playback. We hope you share the link with your co-workers and others that would find the discussion valuable.
- #4: Full article at: https://www.nytimes.com/2014/10/20/technology/dial-and-redial-phone-hackers-stealing-billions-.html
- #5: Some introductions to get started: I’m Alan Percy, Senior Director of Product Marketing for TelcoBridges and today’s event moderator. Joining us again is Luc Morissette, Director of Customer Support and one of the founders of TelcoBridges. Luc, thanks for being a part of today’s event. Before we begin, a little housekeeping: As a live event participant, you’ll have the opportunity to interact with today’s speakers and hope you do pose your questions and comments on today’s topic using the Q/A panel. To pose a question or comment, open the Q/A panel by clicking on the box in the upper left of your screen. We’ll cover your questions toward the end of the session. We’ve found that some attendees may need to adjust the webinar View Options to see the full slide on your screen. If you are not seeing a full slide, move your mouse to the top of the webinar window and a View Option selection will appear – choose an option that best fits your screen. Also, today’s event is being recorded and all those that have registered will received a link to the recording for on-demand playback. We hope you share the link with your co-workers and others that would find the discussion valuable. And we’re glad to have you, our attendees, with us today and encourage you to use the opportunity to interact with our speakers by posing your questions and comments.
- #6: First a little background: As network architects in service providers and large enterprises plan their migration to cloud infrastructure, one network security element plays a critical role and needs special treatment - the Session Border Controller. At the crossroads of real-time voice and video traffic, SBCs are tasked with providing protection against DDOS attacks, facilitating NAT traversal, providing topology hiding, resolving interoperability issues and much more.
- #20: Recognizing these needs, TelcoBridges offers FreeSBC, a software SBC solution designed specifically for cloud and virtualized deployments. Highly scalable with carrier-grade reliability, FreeSBC is a commercial SBC, offered under a “freemium” business model. We feel FreeSBC better fits the emerging cloud application market needs for affordable voice network security.