News
Ian Kilpatrick, Wick Hill Group: VoIP And SIP Trunking - The Security Issues
May 2011 by Ian Kilpatrick, chairman Wick Hill Group, specialists in secure IP infrastructure solutions
For those of you looking to replace PSTN connectivity, so you can take full advantage of VoIP, giving you much cheaper local, toll-free, domestic and international long-distance services, then SIP trunking can help you save money. That’s why it’s increasingly popular.
SIP trunks eliminate costly time-division multiplexing (TDM) trunks and gateways, allowing calls to be routed over the carrier’s backbone and use the same IP connection for all communications.
But the caveat is that it needs to be secured. With most VoIP systems, the PSTN serves as a barrier between a company and the outside world, minimising the risk of attack from the Internet. If SIP trunking replaces the PSTN, then that barrier is removed and your phone system becomes vulnerable to IP-based attacks through the SIP trunk.
Security issues around SIP trunking include whether or not you have the same security requirements and security policies as your provider; what changes might have to be made to the firewall, NAT device, IP PBX, private IP addresses, numbering plan and other components; and how you will maintain user/caller ID privacy.
You wouldn’t contemplate connecting your data network to the Internet just relying on the router for security. Everyone has a firewall for good reason. Similarly protecting your SIP connection is crucial.
To ensure security, you need to deploy a real-time security solution which provides comprehensive threat protection, strict policy enforcement, robust access control, and privacy.
Some data firewall suppliers have now extended their solutions to meet some of the security requirements for connectivity. However, as in all things to do with security, it is sometimes better to deploy specialist solutions for specialised requirements.
Companies like Sipera are now providing solutions which specifically address UC security issues, including SIP trunking. Sipera’s UC-Sec appliance solution, for example, serves as the demarcation point for the client’s VoIP and UC network, enforcing fine-grained security policies.
It protects against SIP and RTP threats, by blocking them at the enterprise perimeter. It maintains the privacy of the internal network, caller/user IDs, and communications, as well as performing firewall/NAT traversal to simplify the deployment of SIP trunks.
