SIP Trunking and Security

by William Flanagan

Lot's of activity around SIP trunking over the last few months.  More carrier offerings, more carriers.  Quite a bit about how to use a Session Border Controller (SBC), both within the carrier and on the customer premisses.  Two issues remain unsettled:


Major strides have been taken toward settling on the minimum requirements for SIP trunks so any device could operate with any service.  The goal is to play as soon as you plug.  Not quite there yet, but efforts such as, SIPconnect 1.1, the SIP Forum's Technical Recommendation, show real promise. 

The SIP standards are huge, constantly expanding (more than 50 separate task groups are at work most of the time),  and subject to interpretation.  That is, different implementers can read the text of the documents in conflicting ways.  Hence the need for compatibility testing, certifications of interoperability between vendors, and considerable care in configuring new installations.

An enterprise SBC can resolve many compatibility issues.  They can have separate configurations for inside and outside connections, converting between the two as necessary.
For a more detailed description and a diagram see this sample page from my new book, VoIP and Unified Communications.


I mentioned this before, but it bears repeating:  VoIP has all the vulnerabilities of data networks and needs to be protected from the Internet even while it must connect to it.  Tough situation--complicated by  the many new protocols and behaviors that voice introduces to the network.  Data firewalls and Intrusion Detection/Prevention Systems don't always understand SIP signaling messages and stream formats so may ignore exploits unique to voice.  For examples:

Some of this information comes from Addis Hallmark and VIPER Lab, a VoIP security research company acquired by Avaya in 2011 when it bought Sipera Systems.  For the past decade they observed and tested VoIP systems to characterize "normal" and "deviant" behaviors.  That information built into software differentiates the SBC from a traditional firewall or IPS.  They also created the "VLANhopper" tool that illustrates how a device assigned to a voice vLAN can access another vLAN on the same network. 

Be aware.

How Can Flanagan Consulting Help You?   

     We understand not only the technology of networks, but also
     the surrounding business processes:  procurement, bid
     preparation/analysis, statements of work, financial analysis,
     consensus building around a solution, and more.
     Find out now:  call +1.703.242.8381  or email Bill@Flanagan-Consulting.com

Flanagan Consulting Supports Litigation Professionals

   Several associates are experienced in analysis of patents, trademarks,
   contracts, and other intellectual property related to IT and communications.
   We have assisted attorneys preparing claims, depositions, and testimony.
   How can we help you?  Queries to +1.703.242.8381.

We Know Hard Drive File Recovery

   Through bitter experience we learned how to apply several powerful software tools
   to the problem of recovering files from a hard drive when the partition table disappears.
   If you have a similar problem with a SATA or IDE drive, particularly on a Linux system,
   we can help.  Contact us for information.

Advertise Here...

  ...to reach over two thousand interesting people in Telecom and IT.
  For details, call the Publisher at +1.703.855.0191


        VoIP and Unified Communications
          Internet Telephony and the future Voice Network

Wiley Interscience, part of Wiley & Sons, should publish my sixth book in February 2012.  For the list of previous books see the Publications page on the web site.  Together, those five titles have sold over 70,000 copies.  Hope you like this one too.  I'll let you know when it's out and where you read an excerpt.

Responses to ViewsLetter and Subscriptions

    Mail is welcome when addressed to publisher@viewsletter.com.

Special thanks
for supporting ViewsLetter to www.Webtorials.com,
your best source for communications tutorials and white papers.

Flanagan Consulting
In Converged Networking
We Have the Experience
3800 Concorde Parkway, Suite 1500, Chantilly, VA USA
Ph: +1.703.242.8381      Fx: +1.703.242.8391

Flanagan Consulting is a Service Mark of W. A. Flanagan, Inc.

"Beware of false knowledge; it is more dangerous than ignorance."
                                 --George Bernard Shaw