SIP trunks allow enterprises to take full advantage of VoIP and eliminate costly time-division multiplexing (TDM) trunks and gateways. With SIP trunks, enterprises can route calls over the carrier's IP backbone and use the same IP connection for all their communications.
However, SIP trunking comes with a list of important security and deployment issues for the enterprise as well:
To achieve SIP trunk security, enterprises must deploy a comprehensive, real-time Unified Communications security solution that offers comprehensive threat protection, strict policy enforcement, robust access control, and privacy in a single security appliance.
The Sipera UC-Sec family of security appliances offers real-time Unified Communications security to address the issues associated with SIP trunk deployments. Built on the foundation of the VIPER engine and real-time platform, the UC-Sec performs the following functions for securing SIP Trunks:
A single Sipera UC-Sec security appliance can be deployed at the customer premise between the internal and external firewalls. The appliance provides complete network security, enforces security policies, and handles other SIP trunk deployment issues for the enterprise network.
In this deployment, the Sipera UC-Sec performs border control functionality such as FW/NAT traversal (local and remote), security policy enforcement based on fine-grained UC policies, and threat protection functionality to prevent denial of service, spoofing, and stealth attacks.
Because the Sipera UC-Sec product is a trusted host in the DMZ, IP signaling traffic to the enterprise is received by the external firewall and sent to the Sipera UC-Sec, which processes the signaling information. If the SIP signaling traffic is encrypted, the Sipera UC-Sec security device decrypts all TLS-encrypted traffic and looks for anomalous behavior before forwarding the packets through the internal firewall to the appropriate IP PBX to establish the requested call session.
Once a valid call has been set-up, RTP packets are allowed to flow through the external firewall to the Sipera UC-Sec product, which decrypts the SRTP traffic (if required) and looks for anomalous behavior in the media before passing on the RTP stream to the intended recipient.
The popularity of SIP Trunks is primarily due to cost savings and the increased reliability offered through service provider service level agreements (SLAs). SIP Trunks can deliver much lower cost local, toll-free, domestic, and international long distance service to any enterprise willing to replace its PSTN connectivity. They also offer a unique opportunity for large distributed enterprises to consolidate their VoIP/UC infrastructure and connectivity to the PSTN.
However, without solving network security and demarcation challenges, SIP trunks cannot be deployed on a large scale. The Sipera UC-Sec product offers comprehensive security solution with threat protection, access control, policy enforcement and privacy protection in a single device that enables enterprises to address all of these challenges and securely deploy SIP Trunks.
| Document | Date | Size |
|---|---|---|
 Safe SIP Trunks: Sipera’s E-SBC | 25/02/11 10:51 am | 576.99 KB |
| E-SBC Overview | 07/03/11 5:08 pm | 576.99 KB |
© Copyright 2012 Sipera Systems, Inc. All rights reserved. Sipera, the Sipera logomark, Sipera UC-Sec and related products, SLiC, Sipera LAVA and Sipera VIPER are trademarks of Sipera Systems, Inc. Privacy Policy
Site by Design & Develop
