Sangoma
Where to Buy Contact Us
Menu 
  • Products
    • PBX Platforms
      • PBXact CloudCloud Based PBX Phone Service
      • Now with Phone Rentals!
      • PBXactPremise Based PBX Phone Systems
      • PBXact SaaSSoftware as a service
      • FreePBX®Now Backed by Sangoma
    • Phones
      • s-Series IP PhonesDesigned for FreePBX & PBXact
      • DECT PhonesCordless VoIP Solution for SMBs
      • Zulu UCThe Ultimate Desktop Integration
      • PhoneAppseasy-to-use visual applications
    • Session Border Controllers
      • SBC Hardware ModelsVoIP Protection at its Best
      • SBC VM SoftwareVega Enterprise SBC VM/Software
    • VoIP Gateways
      • Vega Enterprise Gateways60G, 100G, 200G, 400G, 3000G
      • Dialogic Enterprise
        Gateways
        DMG Series
      • NetBorder High Density GatewaysHigh Density PRI and SS7
      • Dialogic High Density
        Gateways
        IMG Series
    • Cloud Services
      • SIPStationSIP Trunking for FreePBX®
      • PBXact CloudCloud Based PBX Phone Service
      • FAXStationFAX OVER IP
    • Telephony Cards
      • Sangoma Voice CardsA and B Series
      • Dialogic Voice CardsJCT, Diva, cg, dni, eiconcards
      • Transcoding CardsD series
    • Products for Call Centers
      • Session Border Controllers
      • Call Tapping & Recording
      • Digital Gateways
      • High Density VoIP Gateway
      • High Density SS7 VoIP Gateway
    • More Sangoma Products
      • Telecom Accessories and Cables
      • Data RoutingWAN Router Solution
      • Dialogic High Density
        Modems
  • Solutions
    • Unified Communications
      • What is Unified Communications?
    • IP PBX Systems
      • Business IP Phone Systems
      • Hosted IP PBX
      • Connecting Legacy Equipment to an IP PBX
    • Market Verticals
      • Education Solutions
      • Hospitality Solutions
      • Auto Dealer Solutions
      • Mission Critical Fixed Telecom Solutions
    • Mobility
      • Stay Connected With Softphone Integration
    • Service Providers
      • Value-added Solutions for Service Providers
    • Call Center
      • Build Your Call Center with PBXact
      • Interactive Voice Response (IVR)
      • Call Recording Directly From T1/E1
    • SIP Trunking
      • SIP Trunking for the Enterprise
      • SIP Trunking for Carriers
    • VoIP Security & Access Control
      • Securing Your VoIP Network
      • Remote User Security Management
      • Remote Office Connection Without VPN
  • Resources
      • Application Notes
      • Case StudiesSangoma partners deliver real solutions to Enterprises and Carriers
      • Event CalendarDiscover upcoming webinars, training, tradeshows & roadshows
      • TutorialsTutorials on various WAN and communications topics
      • VideosYouTube video Channel
    • Featured Whitepapers
      • VoIP Security and Best Practices

      • Five Things to Look for in Your Next Small Business Communication System

      • Session Border Controllers - The Critical Component

  • Support
    • Support Services
      • Maintenance Plans
      • Customer Support
      • Software Maintenance
      • Warranty, Repair & Return Policy
      • PBXact POMPs
      • End of Life Policy
      •  
      •  
    • Professional Services
      • Product Registration & License Key Generators
      • Wiki and Documentation
      • Software Downloads
    • Sangoma University

      • Sangoma University Training Courses


        Sangoma University offers a comprehensive selection of both online and classroom technical training courses.

        Enroll Today!

  • Company
    • Company
      • About Sangoma
      • Awards
      • Management
      • Sangoma Blog
      • Careers
    • Contact Us
      • Request for Information
      • Contact Sangoma
      • Contact Support
      • Media Contacts
      • Ordering
    • For Investors
      • Investor Relations
      • Annual Financial Reports
      • Quarterly Financial Reports
      • News & Events
      • Event Calendar
      • News Releases
      • Quarterly Newsletter
    • Sangoma Newsletter

      Sangoma eNews

      Register to our monthly newsletter.

  • Partners
    • Login: Partner Portal
    • Become a Partner
    • Where to Buy: Partner Finder
    • Get Certified
  • Request a Quote

The Place of VoIP Firewalls in Your Network

Home» Security » The Place of VoIP Firewalls in Your Network

Author: Mac McCarver – Content Marketing Specialist

In a previous blog, we described the concept and purpose of a session border controller (SBC). An SBC ensures the security of a PBX network. But implementing an SBC into a network does not necessarily replace the utility of firewalls. A properly configured VoIP firewall still constitutes a useful line of defense for a network.

VoIP Firewall?

The concept of ‘hacking’ and network security predates the Internet (notably, for example, the hacking of telephone lines to make free calls or for more malicious intentions). But in the early days of computer networking, it quickly became apparent how vulnerable digital networks are. This led to the adoption of ‘firewalls’ within computer networking circles.

The term comes from architecture. If you examine old townhomes, you’ll notice that a thick wall separates each unit. That wall is the firewall, so named for containing fires. So, in a PBX network, a VoIP firewall monitors and controls network packet exchange between a trusted internal network and an untrusted external network (like the Internet).

Best Practice: SBC AND VoIP Firewall

The best practice in implementing a Unified Communications system is to utilize both a VoIP firewall and an SBC. This is because they complement and support each other in a common function.

SBCs and firewalls both perform similar network border security functions, but they work in different ways. Traffic on a network is standardized on the OSI model, which abstracts traffic into seven layers without reference to the structure of the network or hardware from which it originates. (This type of standardization is what allows large networks of diverse systems like the Internet to exist.)

Protection at Different Levels

From one to seven, the information contained in each layer gets more specific, with layer one being the physical (electrical, radio, or optical) vehicle for network traffic and layer seven being application-level specific data.

A VoIP firewall monitors traffic by inspecting it at layers three and four. In other words, it inspects packets and packet segments of incoming network traffic. This allows it to block most threats, while remaining high-level enough to handle high traffic volumes. An SBC, on the other hand, can inspect traffic on any level.

Session Initiation Protocol (SIP), which establishes and ends real-time communication sessions on a network, is the most popular protocol used in VoIP telephony. And its specific operations (like its SIP address, for instance) reside in the seventh layer of network traffic.

Securing SIP Traffic

Some VoIP firewalls can distinguish a packet as a SIP packet but lack the ability to identify a malicious SIP packet. That’s why many firewalls have to be configured to allow SIP traffic through, sometimes blocking it by default. But even particularly SIP-aware VoIP firewalls that can dynamically open and close ports for SIP traffic, leave your network vulnerable to malicious SIP traffic.

An SBC can read all the intricate details of a SIP stack, understand if its properly addressed and safe, and even provide SIP codec translation to allow interoperability between systems operating on different SIP codecs. This enhances the security of the network by closing the small window of opportunity for attack via SIP channels.

To put it simply: if you compare a PBX network to a castle, a VoIP firewall is the gate and walls that are able to efficiently admit or exclude large volumes of traffic. And the SBC is like the guard who can more accurately monitor traffic but can become a bottleneck if confronted with too much traffic. The combination of high-level, high-traffic supervision that a VoIP firewall affords with the low-level, specific protection from an SBC ensures the total security of a PBX network.

Security – Only One Aspect of Network Readiness for Unified Communications

VoIP firewalls and SBCs perform vital functions in protecting a network internally from a malicious attack and externally with encryption and network address translation (protecting topology and network addresses). But security is only one consideration in ensuring your network is properly equipped for VoIP and Unified Communications (UC), whether you’re in the process of migrating to UC or are already operating with VoIP in some capacity.

Watch the Webinar

Join the Sangoma family for an informative, free webinar discussing every aspect of optimum network conditions for ensuring world-class quality of service on your Unified Communications system. Click here to watch!

Featured Success Stories

  • Simple Phone Co. Increases Sales and Efficiency with Fulfillment by VoIP Supply, a Sangoma Company

  • Case Study Thumbnail

    Symbio Networks’ VoIP Service Grows Rapidly in Australia and Beyond

  • Case Study Thumbnail

    VM Telecom Cuts Communications Costs up to 80% for Slovak Businesses

    Get the Latest Sangoma News

    Latest Products

    Dialogic Enterprise Gateways


    Dialogic High Density Gateways


    Dialogic Voice Cards


    Dialogic High Density Modems

    Find a Local Distributor

    Look for the Empowered by Sangoma symbol when purchasing Empowered by Sangoma
    • Save money on shipping and products
    • Speak in your native language
    • Get faster service in your own time zone
    • Get Sangoma's lifetime warranty
    Find a Distributor
    • Products
    • PBXact Cloud
    • PBXact
    • S-Series IP Phones
    • Zulu UC
    • SIPStation
    • Telephony Cards
    • SBCs
    • VoIP Gateways
    • Support
    • Customer Support
    • Application Notes
    • Tutorials
    • Maintenance Plans
    • Product Registration
    • Warranty & Returns
    • Company
    • About Sangoma
    • Sangoma Blog
    • Contact Us
    • Investor Relations
    • Event Calendar
    • News Releases
    • Careers
    • Legal
    • Partners
    • Partner Portal Login
    • Become a Partner
    • Locate a Partner

    Connect with us on Social Media

    • Email
    • Facebook
    • Linkedin
    • Twitter
    • Vimeo

     

    Stay in touch and keep up-to-date with all our latest news, events and training. Join us on Twitter, LinkedIn, Facebook, and other social networks.

    © Copyright 2019 Sangoma Technologies. All rights reserved.