When defining SBC performance, there are many new and effective strategies that can be employed to reinforce security efforts in a VoIP environment. Current real world security issues are driving this trend, and you don’t have to be a multi-national concern to be at risk. The technologies that really matter are the ones that provide protection from real, current and potential threats, and companies of all sizes can benefit from a sound SBC protocol.
Session Border Controllers, or SBC, comprises three basic concepts: session, border and control. The session can be further broken down into two primary components: the signaling itself, which creates and tears down the actual communications between the end points; and the media, which consists of the audio and/or video stream produced during the session between the end points.
These elements use TCP/IP, a common data transport that is ubiquitous on a global basis, and more commonly known as VoIP (Voice over Internet Protocol). VoIP has been used in data networks for decades and has been adapted as the choice primary transport for voice networks. The action of combing voice into the data network has effectively merged all known services into a single common transport. Innovation has spawned a new era of end points with full integration of voice, video and data on a single device such as the smart phone.
Under normal circumstances, these communications would traverse separate networks and be delivered on separate interfaces. The SBC sits at the border of these networks to act as a “gate keeper”, so to speak, in order to control the amount, volume and types of data being used during these sessions. You could say that the SBC is part security and part traffic control, policing the types and amounts of data to prevent overloads and attacks from malicious sources.
Another primary role of an SBC is to make the incompatible compatible. Transcoding between audio codecs such as G.711 and G.729 would be necessary when required by the SIP trunk provider. Call incompatibly issues are resolved at the border of the network so it does not become an enterprise-wide issue. Voice codec selection and controlling the routing of data to registered destinations are basic functions of the SBC. With such great responsibility placed on the SBC, you can understand why it is important to optimize your SBC performance.
Security and Interoperability
So with a broad understanding of what an SBC does, it’s easy to see how valuable it would be to have one protecting your enterprise. For Service Provider networks, they are very common in order to assure user data security and to support a wide range of functionality, but they are also ideal for businesses of any size or complexity. While they are broadly viewed as being the secure entry point into your VoIP network, the new generation of SBC’s provide much more. You might consider an SBC if you:
✓ Have a need to protect your voice network from malicious attacks, denial of service and toll fraud
✓ Need to balance the delivery of your SIP traffic into the network to prevent overloads
✓ Provide interoperability between a multitude of devices, also known as transcoding
Why do I need an SBC?
Fortunately, there are many options on the market today that can provide excellent functionality and scalability for every kind and size of business, with solutions appropriate for supporting just one location or up to thousands. SBC’s can be physical or virtual, and many providers will include an SBC as part of their setup, taking the expense of costly hardware maintenance out of your hands. Your SBC should perform the following security tasks:
Security: the more complex your system is, the more sense it makes to shore up the gateways to your network. The multiple SIP trunks and geographically diverse networks combined with cloud services expose VoIP solutions to potential loss of service. Some risks are voice-specific, such as denial of service attacks, and some more targeted, such as attempts to manipulate media, or toll fraud. As the SBC can handle the media as well as the signaling, it has far more control than the firewall or Application Layer Gateway (ALG). Seen as such, an SBC should be regarded as an adjunct to the firewall as opposed to a replacement.
Interoperability: connecting all your various networks, the SBC transcodes every codec at the border one time so that you do not have to change every device in your network multiple times.
Migration: useful in scenarios where the integration of a third party system is required or where there is a need for co-existence. An SBC also simplifies a migration from another phone system or legacy PBX.
Performance: an SBC boosts network performance through media bypass functionality and through Digital Signal Processing.
Applications: Some SBC’s can interoperate with third party functionality, such as call recording or SIP Phone Support (SPS), which tend to introduce complexity into the network.
What Really Matters
CCG offers several SBC performance products that provide the functionality you need in hardware and software based solutions. Audiocodes and Sonus are two of the top developers of SBC software; they have a wide enough range of products that it is easy to find something suitable. They both offer virtualized SBC products, which promises unmatched scalability with the same great features you will find on their hardware based SBC’s. Leverage your own virtual environment not your rack space!
Packet Viper is one of the newest additions to the CCG portfolio of solutions. It further enhances the security of the SBC by offering specific bi-directional geo-filtering in a device that is as easy to install as it is invisible to use. Without disrupting your current network environment, the Packet Viper complements your security, SBC and firewalls. It improves SBC performance by removing unwanted traffic trying to enter your environment, which in turn lowers the volume of traffic and reduces the overall risk. Packet Viper is a cost effective way to improve security by extending a perimeter fence around your network infrastructure.
Since the introduction of voice into the data network, the role of IT has moved up to the top of the organization. High Availability Networks are becoming more of a requirement than “a nice to have” functionality. Hardware Load Balancers (HLB) paired with your SBC’s now offers an additional layer of security and more importantly an Active-Active enablement of SBC. Kemp Technologies offers a complete line of high-performance hardware, cloud or virtual delivery system of load balancers. An essential adjunct for any enterprise level business, it optimizes application infrastructure to ensure ease of use, flexibility in scaling, performance and gateway security.
Security Solutions for the Real World
Whether your company is a startup or an established, multinational enterprise, the need for network data security is becoming more and more important every day. Being able to provide solutions to present-day problems like network performance, traffic regulation, geographically based filtering and protection from malicious sources is front and center in CCG’s range of products. The industry’s most nimble solutions often don’t provide an all-in-one package that suits all of your needs. Fortunately, you can trust the experts at CCG to help you discover all the ways in which you can protect your network and its users from any possible threat. The trusted leaders in VoIP telephony and hardware technology, CCG has a security solution that is right for you.
Like this article? Signup for quarterly email updates from CCG!