TMCnet - World's Largest Communications and Technology Community



SIP and Security: Just Do It Right!

TMCnews Featured Article

February 19, 2008

SIP and Security: Just Do It Right!

By TMCnet Special Guest
Steven Johnson, President, Ingate Systems

Session Initiation Protocol (News - Alert) (SIP) is the protocol of choice for Voice over IP and other realtime communications applications. All of the major IP-PBX (News - Alert) vendors, service providers and others, including Microsoft, have embraced SIP as the protocol of the future. SIP trunking is the catalyst for enterprises of all sizes to adopt SIP as their primary voice service, and the promise of Unified Communications and peer-to-peer IP communications is now an emerging reality.

SIP is the logical protocol choice. The Internet Engineering Task Force (IETF) developed and standardized the SIP protocol based on the experience of creating the other dominant Internet protocols: HTTP and SMTP. This makes for a very resilient protocol that is built to take advantage of the inherent capabilities of the Internet, and is further enhanced to support the many features that are essential for modern business communications.
Security of the enterprise network
Today, SIP is known as the de facto standard for VoIP and all other realtime communications. However, SIP depends on finding a PBX or end-point in the network. Most networks are protected by firewalls/NATs (Network Address Translation), and firewalls/NATs create private IP address spaces and prevent inbound communications. As enterprises adopt SIP, one of the concerns is enabling SIP traffic to traverse their firewall while maintaining the security of their network. 
Using SIP for realtime communications does not pose a security threat to the enterprise network if the right solutions are used.
This revolution toward Internet-based communications, enabling companies to use the power and ubiquity of the public Internet as the backbone of business communications while maintaining control over their networks, has been possible in great part thanks to the security solutions developed by innovative vendors and other industry leaders to protect the enterprise network while enabling VoIP, etc. These solutions are designed specifically with SIP in mind, to leverage the security benefits available with the protocol. Using a firewall that handles the protocol correctly, the enterprise networks are secured against improper use of the SIP protocol.
For example, Ingate’s products include a full SIP proxy which gives them the unique ability to deeply inspect the SIP signaling packets and perform other filtering and control functions around SIP. And more recently, Ingate has introduced Intrusion (News - Alert) Prevention and Denial of Service features, all in the   interest of ensuring reliable and secure SIP communications.
Security of the communications
When taking SIP traffic outside the enterprise and transporting it over the public Internet to other networks or service providers, the security aspects of eavesdropping, call hijacking and call spoofing need to be addressed. The IETF considered these issues as well when developing the SIP standard, and integrated security features proven by other Internet protocols to ensure the robustness of SIP. One of those techniques is the use of Transport Layer Security (TLS), a variant of HTTPS, in the signaling stream, enabling all the important setup information to be kept private over the public Internet.
It is also possible to encrypt the media itself. Secure Real Time Protocol (SRTP) encrypts the voice, video and other media packets. Using TLS in combination with SRTP secures the communication making it almost impossible to eavesdrop.
SIP Forum (News - Alert), VOIPSA help businesses leverage security advantages
SIP is an open standard, and many enhancements and extensions have been developed and submitted to the IETF for review and implementation. Since the IETF takes the role of standards author only, the SIP Forum, a voluntary association of those interested in the SIP protocol, sponsors several working groups to develop best practices for SIP deployments, including the recently released SIPconnect standard for SIP trunking. And the Voice over IP Security Alliance (VOIPSA) focuses on security concerns and provides guidance on solutions.
SIP Trunking- first step to secure communications over the Internet
Leading IP-PBX vendors and several ITSPs (Internet Telephony (News - Alert) Service Providers) are adopting SIP trunking as a secure means of connecting SIP users with those still on the PSTN (Public Switched Telephone Network). With the right security devices at the edge of the enterprise network, the benefits of SIP can be realized by the enterprise without concern for loss of control or malicious attacks from unauthorized individuals.
In the future, these benefits will expand to include new ways of communicating, with more integration of media types, all enabled by SIP.

Technology Marketing Corporation

2 Trap Falls Road Suite 106, Shelton, CT 06484 USA
Ph: +1-203-852-6800, 800-243-6002

General comments: [email protected].
Comments about this site: [email protected].


© 2023 Technology Marketing Corporation. All rights reserved | Privacy Policy