VoIP needs new enterprise security plan

VoIP needs new enterprise security plan

Session border controllers are being touted as the future of IP telephony security

The top threat for 2008 will be denial of service (DoS) and distributed DoS (DDoS) attacks on voice over IP (VoIP) networks, according to VoIP security vendor Sipera.
In a statement summarising recent research carried out by Sipera’s Viper Lab, Sipera chief technology officer Krishna Kurapati said that the openness and extensibility of session initiation protocol (SIP) make it an attractive choice for enterprises and service providers to realise the promise of unified communications. “Unfortunately, those very attributes make it attractive to the hacking community and increase the overall security risk,” he said.

Several days after that announcement, communications vendor Avaya announced its new call centre product incorporating updated IP telephony software. With this release, Avaya has moved away from proprietary systems and incorporated the SIP standard end-to-end.

One device currently capable of defending against DDoS and DoS attacks on IP telephony, and being increasingly touted as the answer to these threats ­ especially for large IP telephony deployments such as IP-based call centres ­ is the session border controller (SBC).

Communications vendor Covergence’s marketing vice president Rod Hodgman describes an SBC as, “A system providing a single point of policy-based integration, control, security and management for SIP applications. We normally deliver this as a hardened appliance, but increasingly we’ve had requests from customers wanting to use this on other platforms, particularly in enterprises.”

SBCs have been deployed at carriers and service providers for years, but in late January, Covergence launched what it said was the first SBC “wrapped up” as a virtual appliance.

The Covergence Virtual Appliance 50 (CVA-50) is a pre-configured, ready-to-run enterprise SBC integrated with an operating system inside a virtual machine.
Kevin Mitchell of SBC specialist Acme Packet said that SBCs were the main piece of hardware used for securing IP voice systems, especially for service providers. He added they are becoming more important for enterprises as they interconnect their VoIP systems to IP networks.

Asked whether the main driver for using an SBC was securing IP telephony systems, Covergence’s Hodgman said, “It’s an important factor, but it’s not the main driver today for these purchasing decisions ­ that goes to the process of rationalising your infrastructure.”

Hodgman added that the key goal of deploying IP telephony systems was to get voice to run on corporate networks. “Today it does not do that. It may run from the handset to your PBX, but then it jumps off to a service provider to do any routing to any other PBX the enterprise may have,” he said. “Once you have VoIP integrated onto your IP network then you are ready to move to unified communications ­ it is just another data type that can be integrated into other applications.”