SIP Security and the Role of the SBC

Ask the SIP Trunk Expert

SIP Security and the Role of the SBC

By TMCnet Special Guest
Rich Garboski, president and founder of
  |  March 04, 2015

2014 was certainly the year of the security breach. Notable companies like eBay, AOL (News - Alert), Holiday Inn, Marriott, Target, Neiman Marcus, and P.F. Chang, to name a few, were compromised by hackers looking to do harm by acquiring private and sensitive data.

With more and more breaches occurring, security is no laughing matter. Enterprises and small business alike should be developing and deploying an intense security strategy whether you are protecting your database, internal LAN, and yes your PBX (News - Alert) or unified communications network. Adding cloud-based functionality and security is more important.

One may ask, what could possibly be breached with a voice communications network, it's just voice. Well, think again. Your voice network is susceptible to a wide variety of attacks such as the ones listed below.

Toll Fraud – This occurs when an outside user attempts to access your network to use it for outbound communications with the enterprise bearing the cost of the call.

Denial of Service/Registration Attacks – Comparable to the typical DOS/DDOS attack in an IT environment, a registration attack is where hackers attempt to emulate IP phones outside of the local network environment and flood the PBX or UC with massive registration attempts, forcing the PBX to run out of resources attempting to process registration attempts.

Reconnaissance – In this type of attack a hacker will case your system using various penetration tools to learn more about your network. Like traditional email messages, SIP messages are in plain text format with a treasure trove of information about your network. This information can then be used to abuse or hack into your system.

Intrusion (News - Alert) of Services – This involves purposely inserting fake data into the source IP field to hide the true source of a call, allowing the hacker to take over or hijack a session. This could lead to abuse and or compromise of the PBX or SIP trunking service.

These types of attacks can be avoided or mitigated by utilizing an SBC such as the Ingate session border controller. With support for TLS and SRTP, SIP signaling and media are fully encrypted preventing eavesdroppers from discovering specific information about your network. Intruder detection and prevention features of the SBC guard against denial of service/registration attacks.

You can learn more about the Ingate SBC and review case studies at

Edited by Maurice Nagle