Securing voice in an IP environment

By Stephanie Kanowitz,
Contributor, Route Fifty

Connecting state and local government leaders

| August 23, 2016

As agencies migrate their voice networks to internet-based platforms, session border controllers can provide additional security in unified communications.

As agencies transition from traditional voice and video communications systems to modern, IP-based ones, there are obvious benefits like quality and speed. Yet with new technology comes new challenges, too.

Security is one of the biggest issues federal agencies face as they begin to move toward Session Initiation Protocol trunking for telephone services and unified communications. Whereas voice calls used to be sent over landlines, SIP trunking can send multiple signals, including voice, video, chat and other unified communications (UC) applications, over IP.

“As a lot of the carriers are starting to transcend and migrate their networks over to SIP-based trunking, we’re now leaving a world that was pretty self-contained,” said Bill Hartwell, vice president for federal government sales at Sonus Networks. Traditional telecommunication networks “did not expose government organizations to security risks that come into play when you’re in an IP, SIP environment.”

Those risks include denial-of-service attacks and ID spoofing, for example. That’s where a session border controller can help. SBCs are devices in voice-over-IP networks that control signaling and other aspects of communication.

“If the SBC is properly configured, it can play a dual role for the agency and for the carrier -- where it can provide the SIP session management, [and] it can provide the security.… It can act like a firewall,” Hartwell said. “This is an important feature, an important capability. Your traditional firewalls really don’t address the security concerns for voice and video and even unified communications.”

For the intelligence community’s Common Desktop Environment part of the IC Information Technology Enterprise, agencies are using SBCs to help with the Skype for Business unified communications platform. The reason for the move, Hartwell said, is the IC’s need for real-time, secure communications and information sharing through a common desktop. “Speed and security are very, very important,” he said.

But adding security tools such as firewalls and software often strain the existing infrastructure’s performance. SBCs, however, can fully encrypt every SIP session, Hartwell said. “By doing that, we can provide [the intelligence community] with a clear path to full, secure voice, UC collaboration calls, and we can do it in a very large-scale environment -- up to as many as 150,000 concurrent sessions,” he added.

During a DOS attack, for instance, the SBC would shift dedicated resources to another area of the network so that performance and capabilities are not affected.

To illustrate how federal officials might think about transitioning to SIP trunking, Hartwell described how one agency is looking to consolidate its three or four voice and UC solutions and move to SIP circuits in the next few months. To do that, it needs an architecture that can provide secure, real-time voice, video and/or UC across the enterprise. It also needs interoperability and scalability in the event that the department can’t consolidate its four solutions into one. Finally, the agency wants to be able to procure this solution as a service, he added.

Hartwell said he expects that more agencies will begin to make the transition to SIP trunking, particularly in 2017 and 2018. Carriers are not going to support legacy telephony indefinitely, so migration is not a question of if, but when, he said. The question is how to plan for that and how long it will take. The bigger the agency, he added, the longer the migration.

“The good news for the end user is that SIP trunking is less expensive,” Hartwell said. “However, typically when they’re migrating … they’re also moving off of old telecom-type solutions like a PBX and moving into a different world like Skype for Business, as an example, or Avaya Voice Solutions.” That could mean some big upfront costs.

That’s why opting for SBC as a service can be an appealing option, especially for agencies that are updating their technology with virtual and cloud environments. Most agencies have more “OpEx” dollars than “CapEx” dollars, making leasing or renting an SBC attractive, Hartwell said.

NEXT STORY: Can endpoint security stop ransomware attacks?

This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. / Do Not Sell My Personal Information

Accept Cookies