“SIP用例”的版本间的差异
来自最权威最新完整开源SIP,语音通信,融合通信中文技术文档资料,提供详细的Asterisk Freepbx, FreeSBC, 免费会话边界控制器,网关,语音板卡,IPPBX,SBC配置资料-asterisk,freepbx,freesbc 用户手册 界面配置,呼叫路由,IVR, 网关对接,拨号规则,SIP 分机呼叫,pjsip, IVR, 录音, CDR, 队列呼叫,振铃组,CLI 命令中文资料手册
(创建页面,内容为“'''SBC usecase overview''' * [ Why SBC] ** [ Real Time IP Communications are Complex] ** [ Security and Fraud] ** [ Standard Firewalls are not enough] * [ Ent...”) |
(没有差异)
|
2015年11月11日 (三) 21:50的版本
SBC usecase overview
- [ Why SBC]
- [ Real Time IP Communications are Complex]
- [ Security and Fraud]
- [ Standard Firewalls are not enough]
- [ Enterprise Security Threats]
- [ Denial of Services]
- [ Theft of service / Fraud]
- [ BYOD]
- [ Firewall is not enough]
Sangoma SBC acts as the interface between 2 SIP networks:
- Solve firewall and NAT issues
- Normalize and fix SIP messaging
- Register with SIPtrunking provider
- Hide Network Topology
- Secure SIP and Voice (TLS, SRTP)
- Codec Conversion (Transcoding)
Why SBC
Real Time IP Communications are Complex
- Sessions initiated from inside or outside firewalls – NAT
- QOS is needed to provide voice quality over internet
- Interoperability problem between vendors
Security and Fraud
- State full session security
- Media security and encryption
- Session Limits: call per second, max calls per user
- Intrusion detection and prevention
Standard Firewalls are not enough
- Unlike firewalls SBC maintains session state
- SBC opens pin holes for ports associated with the session
- The firewall will close and reopen different port numbers breaking the session
- SBC inspects, controls and manipulates all network layers: 2 to 7
- The firewall only works on layer: 2 to 4 (IP/TCP)
Enterprise Security Threats
Denial of Services
- Call/registrationoverlaod
- Malformed messages (fuzzing)
- Configuration errors
- Mis-configured devices
- Operator and applicatoin errors
Theft of service / Fraud
- Unauthorized users
- Unauthorized media types
BYOD
- Smartphones running unauthorized apps
- Viruses and Malware attacks your VoIP network
Firewall is not enough
Traditional firewalls cannot:
- Prevent SIP-specific overload / SIP DOS
- Open/Close RTP media ports in sync with SIP signaling
- Track session state and provide uninterrupted service
- Perform inter-networking or security on encrypted sessions
- Solve multi-vendor SIP interoperability
- Topology Hiding
SBC do all of the above.