Secure SIP Elephants…

Any ideas what SIP stands for? Actually never mind that, any ideas about my title at the top?? Hmmmm deafening silence at the front and a few eager hands at the back… 

Well SIP stands for Session Initiation Protocol but for the less technically savvy amongst you I’m guessing this only serves to complicate this introduction to one of the most important protocols on the internet since HTTP.So again; what is SIP?  Well, yes it is what is described above but more importantly it, like the internationally recognised handshake, is a way of saying hello by sending an Invite OK message to another device and also waving to say Bye.  To the savvier readers this is the Signalling method, it, in its simplest term makes the other end ring…

Why is this important?  Well SIP is becoming a lot more apparent as the SIP Trunk revolution takes hold on the market to deliver the Voice over IP (VoIP) phone systems evolution.  More importantly for the bean counters amongst you is that this will bring competition to the Enterprise/SME market place which will drive prices down.

So where is my rambling taking you, well you will also need to consider the world of Session Border Controllers; aka SBC.  Yup, another juicy acronym to add to your glossary.  Whereas companies who have chosen to go down the route of installing fantastic UC propositions that utilise SIP for their Presence, Desktop Sharing capabilities and so forth are most likely well versed in these technologies, for the average SME who just want an IP Phone system and wish to simply make it go, then security is unlikely to have entered their conversations at this level.

So, moving onto the next part, what is a SBC? This is a VoIP session-aware device that controls call admission to a network at the border of that network.  Depending on its capability, perform various call-control functions to ease the load on the call agents within the network.  Azlan for example utilise and deploy AudioCodes SBCs for voice security.

A Session Border Controller can break down into two logically distinct pieces.

• The Signalling function controls access of VoIP signalling messages to the core of the network, and manipulates the contents of these messages.
• The Media function controls access of media packets to the network, provides differentiated services and QoS for different media streams, and prevents service theft.

SBCs are traditionally deployed at the border of service provider core networks. Service Providers have realised the requirement of SBCs located at the customer premises to address the security, mediation and SLA requirements of the VoIP enabled business, this is achieved by acting as the secure demarcation point between a VoIP installation and a service provider.

The following basic functions are offered by all Session Border Controllers.

• They can open pinholes in the firewall to allow VoIP signalling and media to pass through.
• Providing call admission control. SBCs control which calls may be signalled through the network.
• Signalling protocol interworking such as between H.323 and SIP or between variants of H.323.
• Tracking the progress of each call for the purposes of billing, and producing Call Detail Reports.

SBCs are usually deployed in the Demilitarized Zone (DMZ) of a network. The DMZ is the conceptual term for a small sub-network that sits between a trusted private network, such as a corporate private LAN, and an untrusted public network, such as the public Internet. The purpose of the DMZ is to prevent hostile or unwanted traffic from entering or, in some cases, leaving the private network.

So granted perhaps I have added to some of the confusion, but if parts of this blog have left you with more questions than answers AND you are pursuing the world of VoIP then I suggest you come and speak to Azlan.  We can advise you on all aspects of voice security in conjunction with AudioCodes, Microsoft, AVAYA and Cisco.

None of us are as smart as all of us…

Let me know what you think by leaving a comment

Christopher Ovett – Azlan Collaboration Solution Architect