EGISTECH

What is the benefit of VoIP Firewall?

The best solution to protect your business from VoIP threats.

How to Protect IPT Network

  • Use private IP to hide IP-PBX and Separate Voice network and Data networks by VLAN.
    Most of enterprises use same networks for voice and data. But it causes QoS problem and Eavesdropping. Although it is the safest to configure voice and data network respectively, it can cause to raise cost in IP network. Therefore, two networks should be separated logically by using VLAN, it is the most efficient measure to operate VoIP safely.
  • Strengthen user authentication and access control.
    Sometimes the system managers overlook changing the default password and configure ACL for access to system, moreover the extensions have no password or consist of extension number plus a certain code to remember easily. By making using of hacking tool, this easy password will be cracked with little effort.
  • Use TLS/SRTP to protect eavesdropping.
    The only way to avoid eavesdropping is to encrypt Signal Message and RTP by TLS(Transport Layer Security)/SRTP(SecureRTP). Especially it is required in the field of government and Military.
  • Install VoIP Firewall certified by CC(Common Criteria) certified by ITCC.
    Vulnerabilities of internet is likely to occur in VoIP networks. In order to secure VoIP Infra, VoIP firewall should be installed and open or close port pinholes dynamically by analyzing SIP messages and detect and block VoIP attacks.
How to Protect IPT Network

What is the benefit of VoIP Firewall?

When introducing VoIP into your network. It is inevitable to consider how to connect your network and how to secure your network from VoIP Cyber Threats. VoIP firewall absolutely meets the requirements that is suggested by Cyber Security Authorities in Korea

SIP Connectivity

VoIP Firewall should resolve networking and NAT related issues and interconnect SIP compatibility for SIPtrunking.

SIP Connectivity

Cyber Security

VoIP Firewall should inspect SIP protocol, sessions and prevent denial of Service attack, toll fraud attacks.

Cyber Security

What is different from each other?

This table shows you the reason why you choose VoIP Firewall.
As it has shown, Data F/W is useless to protect your IPT, as Data Firewall has no ability to parse SIP messages.
SBC has just limited security functions, most of SBC of vendors work security functions based on rate limit of SIP packet, and so these are not enough to detect the professional hacking attacks like a International Revenue Sharing Fraud.

What is different from each other?
Tables VoIP F/W E-SBC Data F/W
Abnormal SIP Massage Protection SIP Systax Error O O X
Abnormal Call flow O X X
Flooding SIP DoS/DDoS(Dynamic rate control) O X X
SIP DoS/DDoS(Static rate control) O O X
SIP SPAM Protection Call SPAM O X X
Message SPAM O X X
Registration Security Registration Blocking Based on GeoIP O X X
SIP Signature(Domain/UA etc.) O X X
No Response for OPTION Requst O O X
Toll Fraud Call Protection Intemationl Call Permission or Blocking Based on Country O X X
Call limitation based on Calls/Duration O X X
Security Pollcy Security Pollcy Configuration per Groups O X X
Encryption TLS/SRTP O O X
TLS/TCP/USP Conversion O O X
ACL StaticACL O O O
DynamicACL O O X
NAT Traversal Local and Far-End NAT Traversal O O X
Routing Routing Method : Realm/Domain/Prefix O O X
Standalone Survivability(Alternative routing) O O X
Alternative Server Routing O O X
SIP SIP Trunking/SIP Connect O O X
SIP over TCP/SIP over UDP O O X
DTMF(In-Band/RFC 2833/SIP INFO) O O X
TOS Marking/Remarking O O X
SIP Head Manipulation O O X
NAT Forwarding NAT Port Forwarding for HTTPS, SNMP etc. O X O

What does SentryAll provide?

What does SentryAll provide?
Item Functions Contents
Security Abnormal Message/Syntax error
  • Abnormal messages detection and Block based on SIP(RFC 3261)/SDP(RFC 2327) standard
  • Mandatory Header(From/To/Via/Call-ID/Cseq/ Content-Length .etc) Check
Abnormal Call Flow
  • Detect and block call interruption and call termination (Bye/Cancel) attacks
  • Detect and block SIP messages without proper registration
SIP/RTP Flood
  • Detect and block DoS attack based on Source URL
  • Detect and block DoS attack based on Rate limit
  • Detect and block DoS attack based on SIP Signatures
Call / Message SPAM
  • Detect and block SMS messages including Keyword
  • Detect and block Call SPAM based on call pattern
Toll Fraud Call
  • Permit and block outbound international calls based on pre-set national code
  • Permit and block outbound international calls based on traffic analysis
ACL
  • Interwork GeoIP API
  • IP and SIP based on White/ Black list
SBC NAT Traversal
  • VoIP NAT
  • NAT Traversal function for remote terminals and FMC
Call Routing
  • Prefix, Priority Call Rout
  • SIP connect and SIP Trunk
Encryption
  • Call Security with TLS(v1.0/v1.2)/SRTP
  • Conversion between TLS/SRTP and SIP/RTP
NAT NAT Port Forward
  • Offer Forward Function for FMC and IP-PBX

How does SentryAll detect VoIP Attacks?

This chart explains SentryAll security engine, when packets flow into SentryAll, Every packets goes through security engine, Just normal messages can go to next steps.
Most of VoIP Firewall and SBC have similar functions from Step 1 to Step 4, While Step 5 and Step 6 are unique functions, SentryAll looks up IP address in the Register messages and deny messages from the prohibited countries, examines signatures in the SIP message, ie, USER-Domain.

  • STEP1 STEP1
    • L3/L4 layer firewall function( 5-tuple base)
    • Black List, White List
    • Priority access
  • STEP2 STEP2
    • Network packet : Block DoS/DDOS attack
  • STEP3 STEP3
    • SIP MESSAGE : SIP Interface ACL
    • Rate Control
    • Bandwidth Control
  • STEP4 STEP4
    • SIP MESSAGE block(pre-set)
    • Block Abnormal SIP MESSAGE(Parsing error, out of range/value)
    • SIP MESSAGE ACL(Pass/Screen Specific Prefix number)
    • Block SIP MESSAGE DOS/DDOS attack
  • STEP5 STEP5
    • Block register messages from prohibited countries
    • Block mismatched DOMAIN in register messages
    • Block mismatched USER-AGENT in register messages
    • Pass/Drop specific prefix calls
    • Block Auth-failed USER continuously
  • STEP6 STEP6
    • SPAM Filter
    • Gap calls
    • Limit call attempts
    • Limit maximum number of accumulated calls
    • Static / Dynamic international call limitation
    • liSystem Capacity : CPU/Concurrent SESSION / MAX CALL

How to install SABER for Your IPT?

This diagram shows how the SentryAll should be implemented in order to secure IPT from VoIP Cyber threats.

This is the most common scenario for All SIP network, SentryAll is doing main 2 features, Session Border Controller and VoIP Security In the past, IP administrators used to install NAT/Firewall for secure the IPT, and they believe the firewall would protect the VoIP Attacks But it would fail to detect VoIP Attacks, because most of firewall has no feature to handle SIP messages to attain RTP port info. for communication. So it should open all UDP port, and it causes to be victims of VoIP Cyber criminal.
Data Firewall may be optional but when you want to install it in front of SentryAll, you should set IPS mode and turn off SIP ALG feature.

Back to this diagram, SentryAll should have public IP address and role as Session Border Controller that enables to solve NAT Traversal issue and manipulates SIP messages for interworking with Telco, sometimes IP-PBX doesn’t meet SIP requirement of Telco.
SentryAll has many references for interworking with Global IP-PBX vendors, Cisco, Avaya, Nortel, SAMSUNG, ERICSSON, Asterisk.

It would scan all SIP messages with its own security algorithm at the same time.
As for the redundancy, it provides switchover for the seamless service when active system doesn’t work normally based on periodic health check.

How to install SABER for Your IPT?
CONTACT

CONTACT

  • Seoul, Korea
    • Tel_Icon+82 (0)2-6932-1630
    • E-mail_Iconsales@egistech.co.kr