[VOIPSEC] Session Border Controller use

micaela giuhat micaela at sipera.com
Wed Jun 21 08:46:29 CDT 2006 

Bruce,

1. You don't need an SBC for handing calls to the PSTN.
2. You will need an SBC between the two networks. The best placement will be
before the layer 2 switch on the hosting center (as close to the edge as
possible).
3. SBCs are mainly use to solve demark issues such as FW and NAT traversal,
as well as provide session admission control, session detail records, QOS
mediation, and not really for security, although they may do some rate
limiting for certain messages. Some SBCs will look at media, just to monitor
whether media comes to ports after a call has been terminated. 

Best,
Micaela
--------------------------------------------------------------
Micaela Giuhat
VP PLM
Sipera Systems
(w) 214 206 3294
(c) 214 418 8547
www.sipera.com
---------------------------------------------------------------

-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Kaalund, Bruce
Sent: Wednesday, June 21, 2006 8:21 AM
To: Voipsec at voipsa.org
Subject: [VOIPSEC] Session Border Controller use

I have questions about the use and placement of Session Border
Controllers.  I have a rather general understanding of their purpose and
use, but I am being questioned about placement in the network.  My
questions are as follows:
 
1.  When the end user and the Layer 2 Switch (CMS, Media gateway, etc.)
reside on the same network, and the calls are passed to the PSTN, is
there a need for the SBC?  If so, where should the SBC be placed?
 
2.  When the end user resides on one network, and the Layer 2 Switch
resides in a hosting facility on a different network, is there a need
for the SBC?  If so, where should the SBC be placed?
 
3.  I see a lot of value in the SBC for the protection of signaling
traffic.  However, I have not been convinced of the value of using the
SBC for bearer traffic.  I believe an attack on a particular call is
dependent upon either obtaining and replicating, or corrupting the
signaling traffic, in order to affect the bearer traffic of a particular
call.  Why would I want to run the bearer traffic through the SBC?
 
Any and all opinions would be greatly appreciated.  Thanx.
 
Bruce A. Kaalund
Director, Product Security Architecture
National Engineering & Technical Operations
Comcast Cable
1500 Market Street
Philadelphia, PA 19102
Telephone -- 215-851-3303
e-mail -- bruce_kaalund at cable.comcast.com
Doveryai No Proveryai - Trust but Verify
 
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list