Upload File

enabling sip to the enterprise steve johnson, ingate systems security: how sip improves telephony

  • Home
  • Documents
  • Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony
11
Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony

Upload: lillian-poole

Post on 16-Dec-2015

220 views

Category:

Documents


2 download

Report

Tags:

TRANSCRIPT

Page 1: Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony

Enabling SIP to the Enterprise

Steve Johnson, Ingate Systems

Security: How SIP Improves Telephony

Page 2: Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony

Managed SIP Trunk Connected to Separate Enterprise VoIP LAN in Operator’s Space

PSTNPublic

Internet

SIP Trunking Provider Network

GW

SIP System

Data LAN

FirewallIP-PBX

ManagedSIP Trunk

No Remote Users!

VoIP LAN??

No Soft or Multimedia Clients!

Operator: Security Warning!

Enterprise: Security Warning!

Page 3: Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony

SIP Trunking Provider Network

Managed SIP Trunking with SBC Adapting SIP to NAT:ed Space of the Enterprise LAN

PSTNPublic

Internet GW

SIP System

VoIP& Data LAN

FirewallIP-PBX

No Remote Users!

ManagedSIP Trunk

Enterprise: Can we trust having our LAN pulled to the operator?

Other customers

Page 4: Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony

SIP Trunking Provider Network

Ingate Firewall® Creating a Common Data andVoIP LAN for Managed SIP Trunking Service

PSTNPublic

Internet GW

SIP System

Data & VoIP LAN

IP-PBXDemarcation point and SIP communication via both WAN pipes.

Soft Clients and Multimedia Terminals

Remote Users Managed

SIP Trunk

Ingate Firewall®

Page 5: Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony

Data LAN

NAT/Firewall Traversal Problem when SIP Trunking over the Internet

PSTNPublic

Internet

SIP Trunking Provider

GW

IP-PBX Firewall

SIP Trunking does not pass a SIP unaware NAT/firewall!

… and the firewall cannot even be opened enough to make it work.

SIP System

Page 6: Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony

Data LAN

Ingate SIParator® Used with Existing Firewall for SIP Trunking Service over Internet

PSTNPublic

Internet

SIP Trunking Provider

GW

SIP System

IP-PBX Firewall

Soft Clients and Multimedia Terminals

Demarcation point and bringing SIP communication to the LAN

Data & VoIP LAN

SIP Trunk over Internet

Ingate SIParator®

Remote Users

Page 7: Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony

The Function of a Full Featured SIP ProxyIngate SIP Proxy

SIP Proxy/Registrar

SIP Signaling 10.x.xx168.x.xx

1.Check the SIP signaling, packet inspection-Full flexibility to handle future threats

2.Rewrite for the different address spaces

3.Forward the signaling to the correct SIP proxy or client

4.Open ports (UDP/TCP) in the firewall for the media-Only for the duration of the call

-Only between the exact endpoints 5.Media flows through the ports

Media

6.Close ports after the call

ITSP

IP-Phone

Page 8: Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony

SPIT, DoS – Filter, IDS/IPS

Internet ITSP

IP-PBX

Mobile user

Spammer

Dynamically allow authenticated users

Block non authenticated users

Monitor traffic and block end-points with a un-normal behavior

Page 9: Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony

Encryption• Encrypted SIP signalling

– Support for TLS

• Encrypted media– Support for SRTP (Sdescriptions)

IP-Phone

Ingate Firewall or SIParatorIP-PBX / SIP Server

SRTP

In the clear

RTP

TerminationTLS

__SRTP__ SRTP

, Pass throughTLS

or Transcoding

SRTP

In the clear

Page 10: Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony

Branch Office and Partner Interconnect

Swedish office

IngateFirewall®

US office

Internet

IP-PBX

DMZ

Connecting branch officesCustomers & Partners

Securing with TLS andEncrypted Media SRTP

IngateSIParator®SIP-unaware Firewall

IP-PBX

Page 11: Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony

Enabling SIP to the Enterprise

Ingate SystemsSteven J. Johnson

[email protected]

www.ingate.com


Understanding SIP - NTUAkkontog/ECE355-05/tutorials/SIP-basics.pdf · Outline aIt’s IP Telephony aWho is who aIP Telephony Basics `Protocol ZOO `SIP Signaling `Multimedia Communication

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security

P2P-SIP Peer to peer Internet telephony using SIP (Session Initiation Protocol)

Ingate & Dialogic SIP Trunking. Ingate Product Training Common SIP Applications SIP Trunking A SIP Trunk is a concurrent call that is routed over

SIP Trunking Workshop - Ingate Systems - SIP Trunking Workshop... · What is SIP Trunking? ... -AstriCon for Asterisk Developers and Users-Digium Asterisk World for Business Users

A SIP of IP-telephony - Columbia University · 2003-03-25 · A SIP of IP-telephony Master’s Thesis Fredrik Fingal & Patrik Gustavsson 10 February, 1999 ... 1 Introduction The telephony

SIP Trunking: IP Telephony using your existing PBX

Configuring Avaya SIP Telephony Users on Avaya … Avaya SIP Telephony Users on Avaya SIP Enablement Services and Avaya Communication Manager - Issue 1.0 Abstract These Application

XO SIP Service...XO COMMUNICATIONS CONFIDENTIAL 5 Configuration Guide for ShoreTel 10.2 and Ingate SIParator 4.8.1 with XO SIP 0/1000 3. ShoreTel IP PBX and Ingate SIParator Configuration

Internet Telephony VOIP SIP

SIP Trunking Benefits and Best Practices - Ingate Systems What is SIP trunking Unlike in traditional telephony, where bundles of physical wires were once delivered from the service

InGate SIP Trunking and Unified Communications Summit October, 2012

Vocera Voice Server Telephony Configuration Guide · Vocera SIP Telephony Gateway SIP Trunk Specifications.....6 Using the Administration Console

Internet Telephony based on SIP

PacketCable™ Residential SIP Telephony Feature … · This technical report describes the PacketCable Residential SIP Telephony feature ... PacketCable Codec-Media Specification,

Steven J. Johnson President Ingate Systems Inc. Enabling SIP to the Enterprise

SIP Trunking and Architecture - Ingate Systems enable SIP-based

Joel Maloff, Maloff NetResults [email protected] Selling SIP Trunking InGate SIP Trunking and Unified Communications Summit

Selling SIP Trunking InGate SIP Trunking and Unified Communications Summit September, 2011

Cisco’s IP Telephony Solution · SIP SIP Client network SIP Proxy SRST Cisco CallManager

Internet Telephony: VoIP, SIP & more

Internet Telephony – SIP Trunking

SIP security in IP telephony

SIP to Win: VOIP telephony

SSCA® SIP training - ingate.thesipschool.com SSCA® SIP and inGate...10. SIP in the Cloud, LTE, the IMS and VoLTE 11. SIP and Fax over IP 12. SIP and Unified Communications 13. Ingate

Telephony Features with SIP

Ingate & Dialogic Technical Presentation SIP Trunking Focused

Enabling SIP to the Enterprise Steven Johnson, Ingate Systems

SIP? NAT? NOT! Traversing the Firewall for SIP Call Completion Steven Johnson President, Ingate Systems Inc

SIP for Telephony

Ingate SIP Trunking White Paper

Ip telephony system sip

Copyright © 2010 SIP Forum Ingate SIP Trunking-UC Summit SIP Trunking and SIP Forum-SIPconnect Overview Marc Robins President and Managing Director, SIP

P2P-SIP Peer to peer Internet telephony using SIP

1 Installing Ingate Solutions in the Enterprise © 2014 Ingate Systems AB Prepared for:Ingate’s SIP Trunking, UC and WebRTC Seminars ITEXPO January 2014