Ask the Expert

Do session border controllers (SBCs) improve security at the level of VoIP traffic?

Do session border controllers (SBCs) improve security at the level of VoIP traffic? Or is it only useful for NAT/PAT features?

    Requires Free Membership to View

Session border controllers were originally designed to overcome an issue with VoIP traffic and firewalls. Many VoIP implementations, especially SIP-based ones require a large number of ports to be opened on a firewall. While they use specified ports for the signaling, the media is transported through ports dynamically assigned during the signaling process. This meant that the original firewall implementations required large ranges of ports to be opened for the media traffic, reducing their efficiency. SBC vendors designed their products to address this firewall deficiency allowing 'pinholes' in the perimeter to be dynamically assigned which reduces the security risk by taking care of the NAT/PAT.

However, SIP-enabled firewalls have addressed this deficiency, allowing VoIP implementations to utilize a standard firewall at the perimeter without an SBC. In response, many SBC vendors have increased the functionalities of their products, moving closer to the capabilities found in a SIP-based firewall and providing limited application layer security on top of a NAT/PAT solution. Full application layer security can be provided by a SIP-based firewall that provides full authentication and protection against both transport and protocol attacks. DOS, DDOS, impersonation, hijacking, SPAM/SPIT and other attacks can be prevented by utilizing this approach.

This was first published in November 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: