Category: SBCs

VoiceOps – Mitigating SIP Threats With SBC Policies, Auto-Blacklisting

Voice Ops mailing listThere’s a good discussion going on right now (September 2014) in the VoiceOps mailing list about how you can mitigate SIP threats by configuring the policies and settings on your session border controller (SBC).  It started out with a detailed question from Robert Nystrom asking about how to configure an Acme Packet SBC in the most secure manner and asking about how best to configure access control lists (ACLs).  Several answers can be seen in the VoiceOps archive from folks such as Ryan Delgrosso, Mark Lindsey, Jim Gast and Patrick McNeil, offering commentary and suggestions about how best to proceed.

If you are not already subscribed, the VoiceOps mailing list is a great resource.  As stated on the subscription page:

This list is for discussions related to managing voice networks, both traditional and IP.

The VOIP Operators’ Group (VOG) charter is to facilitate the creation, maintenance, and operations of Voice over Internet Protocol (VOIP) related networks, products, and services.

Similar to the North American Network Operators’ Group (NANOG), The Voice Operators’ Group seeks to assist in the creation of a robust, stable and growing VOIP ecosystem.

While the topics are definitely not all about security, I would encourage you to join the list if you do anything with the operation of VoIP networks – or if you are just curious to learn more about such networks.

Avaya Acquires UC Security Firm and SBC Vendor Sipera Systems

Fascinating news today that Avaya has acquired Sipera Systems for an undisclosed sum. We’ve covered Sipera here on this blog any number of times over the past years as they have been one of the few firms very specifically focused on “VoIP security”, or, to be more appropriately buzzword-compliant in 2011, “Unified Communications security.” In fact, the first video podcast I did for the Blue Box Podcast (when I was doing that) way back in August 2007 was with Sipera.

Over the years Sipera has hired some truly excellent people in the field, released some useful tools, originated great research and done a great bit in general to help keep the dialog going on publicly about VoIP/UC security.

The Avaya purchase is fascinating because, as Eric Krapf noted in a NoJitter post this morning, Avaya has been OEMing a Session Border Controller (SBC) solution from market leader Acme Packet for quite some time. As Eric notes:

The deal therefore could represent a shift in the enterprise SBC market, at a moment when E-SBCs are emerging as a key component of enterprise real-time communications deployments, especially in SIP trunking deployments. Acme Packet has been far and away the market share leader in SBCs, with over 50%, and its SBC works with all the leading enterprise communications platforms.

However, enterprise vendors including Cisco and Siemens (and now, it seems, Avaya) have released their own SBCs, and in the case of Siemens, the SBC only talks to Siemens platforms on the enterprise side of the device. It remains to be seen whether the Sipera SBC will work only with Avaya Aura–but it seems unlikely that anyone other than an Avaya customer would buy an Avaya SBC.

Now, the news release of course plays up how Sipera’s solutions work with both Avaya and non-Avaya systems but to Eric’s point there may in the future be little incentive for non-Avaya customers to purchase a solution, given that there are other “independent” players out there in the SBC market like Acme Packet, Ingate Systems, Sonus Networks and others.

Regardless of how it all shakes out, it is an interesting move and one that bears watching.

Congrats to our friends at Sipera and Avaya on the acquisition, and we look forward to seeing how it evolves.