begins - 1:00 et/12:00 ct/11:00 mt/10:00 pt. today’s topic the top five reasons you need an sbc!...

Begins - 1:00 ET/12:00 CT/11:00 MT/10:00 PT

Today’s TopicThe Top Five Reasons You Need an SBC!

Presenter:Dwight Reifsnyder, Convergence Systems Engineer

Let’s Take a Tour of Your Screen

Copies and Replay Information!

Hard Copies of Today’s

Presentation

Recorded Replay Available

Please contact your NACR Representative. If you do not have one, you may email

Valerie Rodriguez @ vrodriguez@nacr.com.

Visit www.nacr.com – click on the Education tab.

Today’s Replay will be available starting Friday after 3 PM Central

Stay Tuned!

Coming in February:

Information from ConvergeOne Capital

The Center of Excellence Training

E-SBC Installation and AdministrationCourse # CE025ILT

System Manager & Session Manager (SMGR)Course # CE021ILT

More info and registration Available: www.nacr-coelearning.com

Questions? email:COELD@NACR.COM

Enterprise Session Border ControllerFive Reasons Why You Need an SBC

8

Could this be your network? Al Qaeda-Linked Group Steals

Hundreds of Thousands from NY Businesses with Toll Fraud Attacks

(Jan 2013)

Vishing Scams Claim $11 Million Euros in the UK Alone (August

2013)

DDoS for hire vendor starts offering TDoS attack capabilities

“..operates 24/7, and promises 100% anonymity. It charges $20 for one hour of DDoS attack, $50 for a day, and $500

for one week, (Oct 2013)

Hacker toured dozens of global conference rooms using common videoconferencing equipment. Easily hacked several top venture capital, law firms, pharmaceutical and oil companies…(and) the Goldman Sachs boardroom. Videoconferencing systems were designed with visual and audio clarity in mind, not security (January 2012)

DoS Attackers Turn from Websites to Phones

"New attacks on mobile devices are targeting executives of companies. It's not to steal money, it's to steal

corporate information and manipulate the stock price.”

(May 2013)

DHS Warns of ‘TDoS’ Extortion Attacks on Public Emergency

Networks (April 2013)

ReMax office owner hit by tollfraud, $600,000 bill (May

2013)

Sheriff’s Office Taken Down by TDoS Attack(May 2013)

9

What Does an SBC Actually Do?

SBC Basic SIP Trunking Functions

0.1 - Entity/Flow Based Access Control0.b - Status Monitoring with Automatic Failover1 – SIP Feature Support (Internetworking)2 – Security BCP Topology Hiding3 – Packet and Protocol Inspection and Correction4 – Scenario Specific Message Manipulation5 – In Dialog Message Interception/Redirection

Real Life Examples

10

0.1) Entity/Flow Based Access Control

Digital War

Dialing

11

Entity/Flow Based Access Control

Trusted Server ConfigurationIP/Protocol/Port

Server Based Flow Server Configuration,

Interface

12

0.b) Status Monitoring with Automatic Failover

Verizons Alternate Route Recovery Service (VARRS)� � �o VARRS provides a business continuity option for VoIP IP

Trunking and VoIP IP Integrated Access in which Company provisions mirrored capacity in secondary geographically-diverse Session Border Controller (SBC) High Availability (HA) Pairs serving Customers enterprise. This feature will �permit Customer to route inbound and outbound traffic through a redundantly-provisioned backup Company SBC HA Pair in the event of an outage on the primary Company SBC HA Pair, or an outage affecting Customers facilities or �equipment that necessitates secondary routing.

13

Status Monitoring with Automatic Failover

OPTIONS messages for Heartbeat

Multiple Routes in Profile

14

1) SIP Feature Support (Internetworking)

The SIP Interoperability Testbed

“SIPit is organized by the SIP forum and lead by Robert Sparks, one of the engineers in the IETF. At SIPit we test both the base SIP standard, as documented in RFC 3261, and the new additions, like SIP Outbound, SIP identity, GRUU and ICE. We have phones, proxys, conference bridges, session border controllers and all kinds of devices as well as SIP stacks under development. We have a gentleman’s agreement not to reveal anything else than generic test results. I can’t use Facebook and say “ha ha, Saul’s new SIP server sucks!“. This leads to a very open and helpful environment.

http://www.voip-forum.com/sip/2013-01/sipit30/

15

Feature Support Internetworking

Early MediaOptions

One Way Media

Fax Relay

16

2) Security BCP Topology Hiding

The Value of an IP Address:

“an IP itself will not let you break into a computer, but it is necessary to launch an attack and can reveal information about the user”

https://www.hackthissite.org/forums/viewtopic.php?f=24&t=6970&start=10&sid=d28fe5d2e3e713ccfb10e4bc072c9087

17

Security BCP Topology Hiding

Internal Domains/IP numbers are hidden

10.192.172.1033.44.140.121

18

3) Packet and Protocol Inspection and Correction

Denial of Serviceo Call/registration overloado Malformed messages (fuzzing)

Configuration errorso Mis-configured deviceso Operator and application errors

Theft of serviceo Vishingo Unauthorized userso Unauthorized media types

Viruses and SPITo Viruses via SIP messages o Malware via IM sessionso SPIT – unwanted traffic

Source: Nemertes Research

Enterprise Adoption of Collaboration Tools

Increased usage of collaboration toolsmeans security threats are more of a concern

19

Packet and Protocol Inspection and Correction

Proactively identifying and preparing defenses against the ever changing unknowns of the wild beyond your network borders.

State-of-the-art research facility with a dedicated team of expert vulnerability assessment professionals.

Uncover vulnerabilities that put communications at risk in next-generation, multi-vendor networking environments.

20

21

4) Scenario Specific SIP Message Manipulation

SIP can be implemented in slightly different ways. “Tweaking” is required to make things work

The two previous topics (Internetworking and Topology Hiding) are examples of SIP signaling manipulations

SBC vendors user different terms for this function:o Header Manipulation Rules o SIP Header Manipulation o SIP Message Manipulation

22

Specific SIP Message Manipulation

Domain PoliciesSignaling Rules

General

23

Slight Detour –Dialogues and Transactions

All SIP calls must have:o INVITEo 200 OKo ACK

A call is a dialogue

A dialogue consists of multiple transactions

http://telconotes.files.wordpress.com/2013/03/sip-transaction-vs-dialog.png

24

Slight Detour – SIP Request Methods

STANDARD SIP REQUEST METHODSINVITE Establishes a sessionACK Confirms an INVITE requestBYE Ends a sessionCANCEL Cancels establishing of a sessionREGISTER Communicates user location (host name, IP)OPTIONS Communicates information about the capabilities of the calling and receiving SIP phonesPRACK Provisional AcknowledgementSUBSCRIBE Subscribes for Notification from the Notification serviceNOTIFY Notifies the subscriber of a new eventPUBLISH Publishes an event to the ServerINFO Sends mid session informationREFER Asks the recipient to issue call transferMESSAGE Transports Instant MessagesUPDATE Modifies the state of a session

STANDARD SIP RESPONSE CODES1xx informational responses2xx success responses3xx redirection responses4XX request failures5xx server errors6xx global failures

25

SIP Message Manipulation

Domain PoliciesSignaling Rules

Requests

26

SIP Message Manipulation

Domain PoliciesSignaling Rules

Responses

27

SIP Message Manipulation

Domain PoliciesSignaling Rules

Request Headers

28

SIP Message Manipulation

Domain PoliciesSignaling Rules

Response Headers

29

SIP Message Manipulation

SigMa Scripting Language for granular control of every header, every parameter, every option, at any point within the call flow

30

SigMa Scripting Language

Language Constructso Variables

Built-in: %HEADERS, %SDP, %BODY, %INITIAL_REQUEST … User defined: %foo

o Statements Assignment: %foo = “bar”; Conditional: if (…) then { … } else { … } Function call

o Header operations: remove(), exists(), append()o Regex functions: regex_replace(), regex_get(), regex_match()

Print statement: print “hello”, “there”;o Functional Blocks

Session Block: within session “…” where <condition>{…} Message Block: act on […] where <condition>{…}

31

Hook Points - %ENTRY_POINT, %DIRECTION

PRE_ROUTINGPRE_ROUTING POST_ROUTINGPOST_ROUTING

Proxy (Routing)Proxy (Routing)

Transaction Layer

Transaction Layer

Transaction Layer

Transaction Layer

TransportTransportTransportTransport AFTER_NETWORKAFTER_NETWORK

INBOUND OUTBOUND

32

5) In Dialog Message Interception/Redirection

SBC – TrunkingSession Manager

Experience Portal

Internet

Carrier

3rd Party SIP(Call Manager, Fax, etc)

SBC – VO Users

SIP EndpointsMessaging

Communication Manager

H.323 Endpoints

Communication Manager

3rd Party SIP(Call Manager, Fax, etc)

SBC – VO Users

SIP EndpointsMessaging

H.323 Endpoints

Original Call Transferred CallSame Call Outside/New Call Inside

33

In Dialog Message Interception/Redirection

Click this checkbox

34

Life in the Trenches - Real World Examples

35

Large Hospital System –The Case of the Missing Voicemail Box

Customer Requirement:o Integrate Definity (pre-SIP) to voicemail systemo Dialogic gateway 8 line digital to SIP converter

36

Large Hospital System – The Case of the Missing Voicemail Box

Issue Description:o Diversion Header used “Tel” format, not “SIP”o From and To Headers used dashes in number

<tel:3034422181><sip:3034422181@nacrlab.com>

37

International Law Firm –The Case of the Incomplete Transfer

Customer Requirement:o Provision Incoming SIP trunks for Centralization

Issue Descriptiono Internal Transfers work fine, but

incoming SIP calls were dropped when attempting to transfer or cover to voicemail

38

International Law Firm –The Case of the Incomplete Transfer

SBC SM CM SM MMCarrier – MaxFwds=10

MaxFwds+2 MaxFwds+2 MaxFwds+2 MaxFwds+2 MaxFwds+2

39

Thank you!

Questions?

A friendly reminder to please click the survey link before exiting today’s webinar. Thank you!