SIP用例

SBC usecase overview

• [ Why SBC]
  • [ Real Time IP Communications are Complex]
  • [ Security and Fraud]
  • [ Standard Firewalls are not enough]
• [ Enterprise Security Threats]
  • [ Denial of Services]
  • [ Theft of service / Fraud]
  • [ BYOD]
• [ Firewall is not enough]

Sangoma SBC acts as the interface between 2 SIP networks:

• Solve firewall and NAT issues
• Normalize and fix SIP messaging
• Register with SIPtrunking provider
• Hide Network Topology
• Secure SIP and Voice (TLS, SRTP)
• Codec Conversion (Transcoding)

Why SBC

Real Time IP Communications are Complex

• Sessions initiated from inside or outside firewalls – NAT
• QOS is needed to provide voice quality over internet
• Interoperability problem between vendors

Security and Fraud

• State full session security
• Media security and encryption
• Session Limits: call per second, max calls per user
• Intrusion detection and prevention

Standard Firewalls are not enough

• Unlike firewalls SBC maintains session state
• SBC opens pin holes for ports associated with the session
• The firewall will close and reopen different port numbers breaking the session
• SBC inspects, controls and manipulates all network layers: 2 to 7
• The firewall only works on layer: 2 to 4 (IP/TCP)

Enterprise Security Threats

Denial of Services

• Call/registrationoverlaod
• Malformed messages (fuzzing)
• Configuration errors
• Mis-configured devices
• Operator and applicatoin errors

Theft of service / Fraud

• Unauthorized users
• Unauthorized media types

BYOD

• Smartphones running unauthorized apps
• Viruses and Malware  attacks your VoIP network

Firewall is not enough

Traditional firewalls cannot:

• Prevent SIP-specific overload / SIP DOS
• Open/Close RTP media ports in sync with SIP signaling
• Track session state and provide uninterrupted service
• Perform inter-networking  or security on encrypted sessions
• Solve multi-vendor SIP interoperability
• Topology Hiding

SBC do all of the above.