Session Initiation Protocol (News - Alert) (SIP) is the protocol of choice for Voice over IP and other real-time communications applications. All of the major IP-PBX vendors, service providers and others, including Microsoft (News - Alert), have embraced SIP as the protocol of the future. SIP trunking is the catalyst for enterprises of all sizes to adopt SIP as their primary voice service, and the promise of Unified Communications (News - Alert) and peer-to-peer IP communications is now an emerging reality.

 

SIP is the logical protocol choice. The Internet Engineering Task Force (IETF) developed and standardized the SIP protocol based on the experience of creating the other dominant Internet protocols: HTTP and SMTP. This makes for a very resilient protocol that is built to take advantage of the inherent capabilities of the Internet, and is further enhanced to support the many features that are essential for modern business communications.

 

Today, SIP is known as the de facto standard for VoIP and all other real-time communications. However, SIP depends on finding a PBX or end-point in the network. Most networks are protected by firewalls/NATs (Network Address Translation), and firewalls/NATs create private IP address spaces and prevent inbound communications. As enterprises adopt SIP, one of the concerns is enabling SIP traffic to traverse their firewall while maintaining the security of their network. 

 

Using SIP for realtime communications does not pose a security threat to the enterprise network if the right solutions are used.

 

This revolution toward Internet-based communications, enabling companies to use the power and ubiquity of the public Internet as the backbone of business communications while maintaining control over their networks, has been possible in great part thanks to the security solutions developed by innovative vendors and other industry leaders to protect the enterprise network while enabling VoIP, etc. These solutions are designed specifically with SIP in mind, to leverage the security benefits available with the protocol. Using a firewall that handles the protocol correctly, the enterprise networks are secured against improper use of the SIP protocol.

 

For example, Ingate’s products include a full SIP proxy, which gives them the unique ability to deeply inspect the SIP signaling packets and perform other filtering and control functions around SIP. And more recently, Ingate has introduced Intrusion (News - Alert) Prevention and Denial of Service features, all in the interest of ensuring reliable and secure SIP communications.

 

When taking SIP traffic outside the enterprise and transporting it over the public Internet to other networks or service providers, the security aspects of eavesdropping, call hijacking and call spoofing need to be addressed. The IETF considered these issues as well when developing the SIP standard, and integrated security features proven by other Internet protocols to ensure the robustness of SIP. One of those techniques is the use of Transport Layer Security (TLS), a variant of HTTPS, in the signaling stream, enabling all the important setup information to be kept private over the public Internet.

 

It is also possible to encrypt the media itself. Secure Real Time Protocol (SRTP) encrypts the voice, video and other media packets. Using TLS in combination with SRTP secures the communication making it almost impossible to eavesdrop.

 

SIP is an open standard, and many enhancements and extensions have been developed and submitted to the IETF for review and implementation. Since the IETF takes the role of standards author only, the SIP Forum, a voluntary association of those interested in the SIP protocol, sponsors several working groups to develop best practices for SIP deployments, including the recently released SIPconnect standard for SIP trunking. And the Voice over IP Security Alliance (VOIPSA) focuses on security concerns and provides guidance on solutions.

 

Leading IP-PBX vendors and several ITSPs (Internet Telephony (News - Alert) Service Providers) are adopting SIP trunking as a secure means of connecting SIP users with those still on the PSTN (Public Switched Telephone Network). With the right security devices at the edge of the enterprise network, the benefits of SIP can be realized by the enterprise without concern for loss of control or malicious attacks from unauthorized individuals.

 

In the future, these benefits will expand to include new ways of communicating, with more integration of media types, all enabled by SIP.

 

Want to join the discussion? If you are interested in SIP and security please attend Ingate’s SIP Trunking Seminars, Jan 23–25, at the upcoming Internet Telephony Conference & EXPO in Miami. The seminars are free to attend, so please make time to attend these informative discussions with leading IP-PBX vendors, ITSPs and industry leaders for thought-provoking conversations and helpful information about SIP trunking, and SIP in general. For more information about the seminars please click here.