SIP trunk implementation introduces an IP connection between the enterprise and service provider networks. Connecting two disparate networks together should always raise security concerns. A Session Border Controller (SBC) is a security product designed to police any real-time IP media session established using SIP that may traverse between a trusted and untrusted network. It is the ideal solution to securely proxy SIP and media traffic to and from the voice service provider.
Organizations sometimes do not invest in an SBC of their own because there’s already an SBC within the service provider’s network. This is a misunderstanding of the role of the service provider’s SBC, as it is intended to protect the provider and not the customer. Another oversight is connecting the SIP trunk through an existing corporate firewall. Although preferable to having no security device in the network path, utilizing a traditional firewall for SIP trunking comes with an array of problems.
SIP is a complex protocol and SBCs are specifically engineered to both identify and defend against SIP-based attacks. Firewalls often lack detailed SIP analysis and may permit malformed traffic or disguised denial-of-service attacks to propagate to the communications infrastructure. Additionally, the deep packet inspection of firewalls can add latency to media resulting in reduced call quality. By contrast, SBCs are tuned for real-time traffic where milliseconds matter.
As firewalls employ Network Address Port Translation (NAPT) to modify layer 3 and layer 4 data, SBCs manipulate the layer 7 payload of the SIP packet itself where private IP addresses and version strings of your telephony equipment are contained. This conceals details about your internal topology to the outside world that would otherwise still be visible through a firewall.
SBCs offer value propositions beyond SIP-focused security capabilities. SBC proficiency with SIP data are effective translators where variances in SIP implementations creates interoperability issues between communications vendors and service providers. SBCs also act as demarcation points between networks which helps to streamline troubleshooting because areas of responsibility are clearly delineated. Furthermore, SBCs are powerful tools for bandwidth management by enforcing policies of codec prioritization and session limits.
Whether you’re already using SIP or planning a migration to SIP trunking, Meridian IT is ready to tailor an SBC solution that will meet your unique requirements, ensuring your SIP investment is both secure and performing optimally. Contact Meridian IT today!.