[VOIPSEC] Session Border Controller use

[Kaalund, Bruce]

I have questions about the use and placement of Session Border
Controllers.  I have a rather general understanding of their purpose and
use, but I am being questioned about placement in the network.  My
questions are as follows:
 
1.  When the end user and the Layer 2 Switch (CMS, Media gateway, etc.)
reside on the same network, and the calls are passed to the PSTN, is
there a need for the SBC?  If so, where should the SBC be placed?
 
2.  When the end user resides on one network, and the Layer 2 Switch
resides in a hosting facility on a different network, is there a need
for the SBC?  If so, where should the SBC be placed?
 
3.  I see a lot of value in the SBC for the protection of signaling
traffic.  However, I have not been convinced of the value of using the
SBC for bearer traffic.  I believe an attack on a particular call is
dependent upon either obtaining and replicating, or corrupting the
signaling traffic, in order to affect the bearer traffic of a particular
call.  Why would I want to run the bearer traffic through the SBC?
 
Any and all opinions would be greatly appreciated.  Thanx.
 
Bruce A. Kaalund
Director, Product Security Architecture
National Engineering & Technical Operations
Comcast Cable
1500 Market Street
Philadelphia, PA 19102
Telephone -- 215-851-3303
e-mail -- bruce_kaalund at cable.comcast.com
Doveryai No Proveryai - Trust but Verify