KNOW HOW
over t h e s a m e IP net wo r k a s d ata
a pplic at io ns , a nd m ove d into t h e
clo u d , t h e c y b e r- at ta c k s u r fa c e
g row s . Wh at m o s t p e o p l e d o n’ t
rea lis e is t h at U C a p p l ic at io ns
a re p ro ne to t h e s a m e t y p e of
data s e c u r it y at ta c k s t h at h ave
been p l a gu ing b u s ine s s e s fo r
ma n y y e a r s .
UC applications differ
from their pure data-based
counterparts because they are
real-time applications that use
the Session Initiation Protocol
(SIP) for signalling between UC
stacks and endpoints. Real-
time communications and data
communications also have different
requirements. For example, if you
drop a packet while downloading a
website, you can just send another
packet. But if you drop a word in
a real-time voice conversation,
you can’t re-insert it into the
conversation later on.
These different requirements
are important to security, because
most companies rely on data-
based security devices, such
as firewalls, as their primary line
of defence. However, firewalls
simply weren’t designed for
the more complex SIP-based
communications. Using a
traditional data firewall is fine to
protect things like deep packet
inspection and threat intelligence.
But even the most advanced next-
generation firewalls don’t have
the awareness or statefullness to
protect complex SIP services. As a
result, enterprises turn off certain
security features, such as SIP ALG,
to accommodate scaling of real-
time voice and video. This, in turn,
creates new security holes.
What do these holes
open a network up to?
UC’s three primary cyber threats
are denial of service, toll fraud and
data exfiltration. Theft of service,
voice phishing, telephony denial-
of-service (TDoS) attacks and
eavesdropping are also risks that
IT managers need to consider.
Session border controller
(SBC) are the first step to
protecting your network. SBCs
include features such as media
transcoding and SIP interworking
that make UC applications
work better. They also act as a
sophisticated firewall designed
specifically for real-time
communications. SBCs provide
security features such as media
and signalling encryption, back-
to-back user agents, network
topology hiding and grey/
blacklisting designed specifically
for SIP communications.
But SBCs and firewalls should
not be treated as separate security
entities and an SBC is not a firewall
replacement. SBCs and firewalls
need be thought of as co-network
defenders, sharing information
across an enterprise, data and
policies. This would mean that as
every SBC and firewall detects an
attack, they could immediately
blacklist the source IP address and
phishing and DDoS attacks could
be halted. With SBCs and firewalls
working holistically and sharing
security information together, the
security of the whole network
would be greatly increased.
Furthermore, a network should
be able to become smarter over
time. SBCs shouldn’t be ‘dumb’
sentries. They should leverage
behavioural analytics to help
drive customised and dynamic
policies for your enterprise to more
accurately identify anomalous
and suspicious traffic, and safely
quarantine that traffic until a
determination can be made.
IHS predicts that the number of
UC and voice over Internet Protocol
network (VoIP) subscribers in the
cloud will reach over 75 million
by 2020. Growing together with
this are cyber-attacks over
SIP protocol, which can cost
companies hundreds of thousands
of dollars. In fact, toll fraud is even
higher than credit card fraud.
Although there is no one
solution that is going to completely
secure the enterprise, in terms of
UC, SBCs and firewalls working
together are a good start. The
problem is over one-third of all
enterprises (37%) that have SIP
trunks coming into their business
do not have an SBC in place to
secure those communications.
So, if you are moving your unified
communications to SIP or the cloud,
remember to consider an SBC and
firewall combination for a truly
unified and secure experience.
For further information visit:
www.sonus.net
September 2017 | 43