Session border control: Firewalls for VoIP

As a follow-on to our recent security discussions, today we’re going to take a quick look at session border control, a specialized area that firewalls are starting to address because traditional firewalls are not optimized for working with VoIP.

Border control firewalls are designed to help solve a major VoIP conundrum.

You could run VoIP only within your corporate intranet, and you’d have very few security concerns. Most VoIP security concerns lie primarily in the area of the network being compromised by external entities entering the secure corporate network. But a telephony network that only spans an intranet is not fully functional. We need external connectivity. And while external networks can be rather securely reached via gateways that transform IP-based calls to traditional telephony, this is best viewed as an interim step, and the future certainly will include all-IP scenarios.

This is where the session border control products come in. They are designed to allow an enterprise to control calls among multiple independent entities while maintaining a secure infrastructure.

In particular, these products help enterprises deal with issues surrounding how network address translation (NAT) interacts with signaling protocols. (The fundamental problem here is that NAT usually occurs at the IP layer. However, the signaling protocols use the IP addresses – which may or may not have been translated – within the call control messages.)

This is an area that we believe will be one of the hottest over the next year, and this week when both Larry and Steve are at the VoiceCon conference, we’ll be taking a close look at developments here. Also, if you would like an update on this topic, please see “The Border Patrol: Firewalls For VOIP” at Webtorials. This is a great overview written by our colleague, Gary Audin.