
	Home > Unified Communications Tips > > Secure SIP-based IP telephony networks

Unified Communications Tips:

EMAIL THIS

TIPS & NEWSLETTERS TOPICS

Secure SIP-based IP telephony networks

Tom Lancaster
11.14.2002
Rating: -3.00- (out of 5)

Digg This!

StumbleUpon

Del.icio.us

At some point in the evolution of your IP Telephony network, you're probably going to want to establish connections between your internal network and devices on the Internet. If this is in your future, even if it's far in the future, you should consider taking steps to secure it today.

The most obvious suggestion is to deploy a firewall that is:

Capable of understanding and securing SIP (session initiation protocol);
Able to minimize the security risks inherent in opening a large number of UDP ports for VOIP traffic;
Fast, fast, fast;
And, if possible, capable of integrating into your QoS scheme. This is a bonus, but not entirely necessary as the Internet is a best-effort class of service anyway.

Once you have such a firewall, consider deploying a SIP Proxy in a DMZ. In fact, it's not a bad idea to do this now, even if you're not currently supporting VOIP calls to or from the Internet. SIP Proxy servers can offer a number of security features that can protect your network internally and externally.

From a design standpoint, a SIP Proxy makes it easy to deal with external endpoints attempting to contact internal endpoints, of which the latter are usually dynamically addressed and also Network Address Translated. This offers substantial protection for internal endpoints, which can be very important in a diverse network where many brands of endpoints may be deployed and some will necessarily be less secure than others.

It also makes it easier to recognize outbound calls. You can block all signaling traffic between the your network and the Internet, and only allow traffic between your network and the DMZ, and the Internet and the DMZ. This is a major plus in an environment where regulatory mandates require you to record or monitor calls.

Some of the more expensive SIP Proxies have many other advantages, which include supporting IPSec for voice VPNs, the ability to restrict traffic with access-control lists, and implementation of various forms of authentication, such as HTTP Digest.

Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.

Rate this Tip
To rate tips, you must be a member of SearchUnifiedCommunications.com. Register now to start rating these tips. Log in if you are already a member.
Submit a Tip

Digg This!

StumbleUpon

Del.icio.us

RELATED RESOURCES

	2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
	Search Bitpipe.com for the latest white papers and business webcasts
	Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Communications Solutions for Business: Collaboration, Cell Phone Access, and IP Telephony

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2008, TechTarget \| Read our Privacy Policy