Enterprise SBCs: Why They Matter
When voice over IP (VoIP) emerged 20 years ago, businesses’ voice and IT teams were skeptical about how wise – and safe – it was to move voice calls over the Internet via data packets. Although VoIP was substantially more cost-effective, there were concerns around audio quality, latency and, of course, security.
Today, securing VoIP sessions and applications has become a huge challenge. With a growing number of calls and collaborative sessions using VoIP on public and private networks, service providers must respond to enterprises’ increasing concerns about security.
Session border controllers (SBCs) have always been the backbone of secure, quality VoIP. Today, enterprise session border controllers (E-SBCs) are making it possible for even the most mission-critical, massive enterprise VoIP systems to securely connect with SIP trunks, over-the-top trunks, and cloud-based unified communications (UC) technology. There are different types of SBCs, each serving similar but different purposes in a network. Essentially, SBCs are guardians at the gate: They make sure that only certain people are allowed in or out of a network domain.
An E-SBC is a type of SBC that is specifically deployed to manage SIP traffic access – including VoIP, video, or instant messaging traffic – between SIP trunks and the enterprise network or between a UC service and the enterprise network. It functions on the border of these networks to manage the session, or connection, between networks. It’s also tasked with maintaining the security and Quality of Service (QoS) of a session, as well as providing additional internetworking functionality. There are a variety of attacks E-SBCs can protect against including:
- Denial-of-Service (DoS) attacks: DoS attacks prevent legitimate users from accessing a service. For example, a hacker can make use of a botnet to flood the number of available connections to a website. This can cause the website to crash, or function incredibly slowly, as all its available resources are being hogged by the botnet. DoS attacks can be like queuing to use the bathroom at a festival or concert, but the person inside just won’t finish up.
- Toll fraud: Toll fraud is when a hacker can compromise your VoIP service and make calls from your account. These charges can all add up, especially if they are long distance and the hacker is making large volumes of calls from your account.
- Malformed packet attacks: A malformed packet attack, more commonly known as the ping of death, is a serious risk to your systems. When the targeted machine receives a malformed packet, it attempts to reassemble it, causing a buffer overflow to occur. This buffer overflow will either cause the system to crash or can allow for the injection of malicious code.
- Topology attacks: SIP traffic shares certain data with other networks when it communicates with them. The problem with this is that this data can be used to attack your network if an unscrupulous individual is able to access it. Think of it as a friend sharing your email using CC instead of BCC on a group mail. Next thing you know, you are getting spam mail for services you never signed up for.
E-SBCs and QoS
Security isn’t the only issue that can impact an enterprise’s services; QoS is another important factor. Here are a few ways the E-SBC can help maintain session QoS:
- Policing of traffic: The E-SBC ensures that all data traffic complies with the rules and regulations set by network administrators.
- Allocation of resources: Networking resources will be allocated by the E-SBC so that all services are able to function at an agreed-upon level. High-priority services like VoIP are sent first to ensure quality.
- Rate limiting: To maintain the functionality of the network – in addition to preventing DoS attacks – the E-SBC manages the rate of traffic sent or received by a network.
- Call admission control: Call admission control ensures that VoIP networks avoid being over-subscribed to and assists other QoS services by confirming that voice traffic is not impacted by other sources.
An E-SBC also assists with managing enterprise networks in other ways, including connectivity, regulation, and media services. Assistance with connectivity includes NAT traversal, VPN connectivity, and IPv4 to IPv6 interworking. The E-SBC also ensures regulatory compliance by prioritizing emergency calls and allowing for lawful interception of traffic. E-SBCs also contain built-in digital signal processors that allow them to perform media management services at the border of the network, including media transcoding, DTMF relay and interworking, and data and fax interworking.
E-SBCs are important for many reasons – but none are more important than improving the security and quality of an enterprise’s voice communications. More often than not, SBCs are the first line of defense for voice and video endpoints because of their ability to detect suspicious or anomalous behavior and communicate between other devices, firewalls, and technology within a network – an ability that firewalls alone do not have. As more and more voice travels over IP networks, and as more voice-activated technologies are adopted, SBCs will become an increasingly essential component of an enterprise’s security toolbox.