VoIP Security at the Enterprise Edge - PowerPoint PPT Presentation

About This Presentation
Title:

VoIP Security at the Enterprise Edge

Description:

VoIP Security at the Enterprise Edge Steve Johnson, Ingate Systems Managed SIP Trunk Connected to Separate Enterprise VoIP LAN in Operator s Space Managed SIP ... – PowerPoint PPT presentation

Number of Views:91
Avg rating:3.0/5.0
Slides: 12
Provided by: JanneMa8
Category:

less

Transcript and Presenter's Notes

Title: VoIP Security at the Enterprise Edge


1
VoIP Security at the Enterprise Edge
Steve Johnson, Ingate Systems
2
Managed SIP Trunk Connected to Separate
Enterprise VoIP LAN in Operators Space

SIP Trunking Provider Network
Public Internet
PSTN
Operator Security Warning!
Managed SIP Trunk
Enterprise Security Warning!
IP-PBX
Data LAN
VoIP LAN
3
Managed SIP Trunking with SBC Adapting SIP to
NATed Space of the Enterprise LAN

SIP Trunking Provider Network
Public Internet
PSTN
Managed SIP Trunk
IP-PBX
VoIP Data LAN
4
Ingate Firewall Creating a Common Data andVoIP
LAN for Managed SIP Trunking Service

SIP Trunking Provider Network
Public Internet
PSTN
Managed SIP Trunk
Ingate Firewall
Demarcation point and SIP communication via both
WAN pipes.
Data VoIP LAN
5
NAT/Firewall Traversal Problem when SIP Trunking
over the Internet

SIP Trunking Provider
Public Internet
PSTN
IP-PBX
6
Ingate SIParator Used with Existing Firewall for
SIP Trunking Service over Internet

SIP Trunking Provider
Public Internet
PSTN
Demarcation point and bringing SIP communication
to the LAN
IP-PBX
7
The Function of a Full Featured SIP Proxy
Ingate SIP Proxy
SIP Proxy/Registrar
SIP Signaling
Media
IP-Phone
ITSP
1.Check the SIP signaling, packet
inspection -Full flexibility to handle future
threats
2.Rewrite for the different address spaces
3.Forward the signaling to the correct SIP proxy
or client
4.Open ports (UDP/TCP) in the firewall for the
media -Only for the duration of the call -Only
between the exact endpoints
5.Media flows through the ports
6.Close ports after the call
8
SPIT, DoS Filter, IDS/IPS
Dynamically allow authenticated users
Internet
Mobile user
Block non authenticated users
ITSP
Monitor traffic and block end-points with a
un-normal behavior
Spamer
IP-PBX
9
Encryption
  • Encrypted SIP signalling
  • Support for TLS
  • Encrypted media
  • Support for SRTP (Sdescriptions)
  • Support for Microsoft encryped media

10
Branch Office and Partner Interconnect
US office
Ingate Firewall
IP-PBX
Internet
Connecting branch offices Customers Partners
IP-PBX
SIP-unaware Firewall
Swedish office
11
ThanksQuestions?
Write a Comment
User Comments (0)
About PowerShow.com