Peer-to-Peer Blog: Combating the Seven Deadliest Attacks with an E-SBC

The seven deadliest attacks on Unified Communications do not need to be fatal. However, they do require multiple approaches.

August 6, 2010

3 Min Read
Peer-to-Peer Blog: Combating the Seven Deadliest Attacks with an E-SBC

By David Byrd

The seven deadliest attacks on Unified Communications do not need to be fatal. However, they do require multiple approaches. First, here is the list as developed by Dan York. If you want to see details, please visit the Wednesday blog or read his book, the “Seven Deadliest Unified Communications Attacks.”

  1. The Ecosystem Expansion exposes voice and video applications to the same security challenges as data.

  2. Insecure Endpoints

  3. Eavesdropping/Modification

  4. Control Channel vulnerability

  5. SIP Trunking and PSTN Interconnection requires authentication

  6. Identity/Spoofing

  7. The end of geographical limits for potential victimization

In addition to practices that an IT Department should be imposing on users, such as strong passwords, periodic changing of passwords, restricting various Internet activity, approving/certifying software, etc., IT departments should also consider the use of Enterprise Session Border Controllers (E-SBC).

An E-SBC will provide a strong firewall but also offer additional features. Steve Johnson, president of Ingate Systems, summarizes the role of an E-SBC as follows:

  • Normalize the SIP signaling so that the IP-PBX at the customer site and the service providers network are fully compatible.  

  • Resolve NAT traversal issues to enable the adoption of SIP, SIP Trunking and full Unified Communications by securely permitting SIP signaling and related media to traverse the firewall.

  • Provide security through deep packet inspection (DPI), a powerful way to protect not just SIP traffic, but also the network.  

  • Provide control through authentication of the user/IP PBX with the carrier network.

  • Enable disaster recovery in the event a customers main office goes down, the E-SBC can reroute SIP traffic to a secondary office to keep business up and running.

  • Deliver Quality of Service by ensuring that mission-critical voice calls have priority over other Internet traffic, and that call quality remains high.

  • Provide Encryption which is inherent in the SIP protocol and when used between two sites minimizes any opportunity for unrelated parties to intercept the call.

  • Provide Intrusion Detection/Prevention to detect denial of service (DoS) attacks based on SIP, and to block malicious SIP signaling packets designed to attack certain SIP phones, servers or other devices on the enterprise LAN.

Alan Percy, director of Market Development at AudioCodes, also adds Interoperability between an IP PBX an ITSP, such as Broadvox, to the above list. According to Alan in SIP Trunking and the Increasing Importance of the E-SBC,” an E-SBC eliminates this issue (interoperability) by implementing a back-to-back user agent, essentially terminating one SIP session (using one set of rules) and establishing another session (with a different set of rules), interconnecting previously incompatible systems

Share this with your VARs, agents, customers and prospects. It may be the wild, wild, wild west out there, but there are a few sheriffs in town.

See you Monday.

David Byrd is vice president of marketing and sales for


, and is responsible for marketing and channel sales programs to SMBs, enterprises and carriers as well as defining the product offering. Prior to joining Broadvox, David was the Vice President of Channels and Alliances for Eftia and Telcordia. As Director of eBusiness Development with i2 Technologies, he developed major partnerships with many of the leaders in Internet eCommerce and supply chain management. As CEO of Planet Hollywood Online he was a pioneer in using early internet technologies to build a branded entertainment and eCommerce website company partnered with Planet Hollywood. Having over twenty years of Telecom sales and marketing experience, he has held executive positions with Hewlett-Packard, Sprint and Ericsson.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like