[VOIPSEC] Session Border Controller use

Bipin_Mistry at 3com.com Bipin_Mistry at 3com.com
Wed Jun 21 09:23:32 CDT 2006 

Hi,

Another element typically handled by SBC's is legal intercept - i.e. CALEA 
or wiretapping.  Plus if placed between carrier networks then VoIP 
peering.

Bipin



"micaela giuhat" <micaela at sipera.com> 
Sent by: Voipsec-bounces at voipsa.org
06/21/2006 09:46 AM
Please respond to
micaela at sipera.com


To
"'Kaalund, Bruce'" <Bruce_Kaalund at Cable.Comcast.com>, <Voipsec at voipsa.org>
cc

Subject
Re: [VOIPSEC] Session Border Controller use






Bruce,

1. You don't need an SBC for handing calls to the PSTN.
2. You will need an SBC between the two networks. The best placement will 
be
before the layer 2 switch on the hosting center (as close to the edge as
possible).
3. SBCs are mainly use to solve demark issues such as FW and NAT 
traversal,
as well as provide session admission control, session detail records, QOS
mediation, and not really for security, although they may do some rate
limiting for certain messages. Some SBCs will look at media, just to 
monitor
whether media comes to ports after a call has been terminated.

Best,
Micaela
--------------------------------------------------------------
Micaela Giuhat
VP PLM
Sipera Systems
(w) 214 206 3294
(c) 214 418 8547
www.sipera.com
---------------------------------------------------------------

-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Kaalund, Bruce
Sent: Wednesday, June 21, 2006 8:21 AM
To: Voipsec at voipsa.org
Subject: [VOIPSEC] Session Border Controller use

I have questions about the use and placement of Session Border
Controllers.  I have a rather general understanding of their purpose and
use, but I am being questioned about placement in the network.  My
questions are as follows:

1.  When the end user and the Layer 2 Switch (CMS, Media gateway, etc.)
reside on the same network, and the calls are passed to the PSTN, is
there a need for the SBC?  If so, where should the SBC be placed?

2.  When the end user resides on one network, and the Layer 2 Switch
resides in a hosting facility on a different network, is there a need
for the SBC?  If so, where should the SBC be placed?

3.  I see a lot of value in the SBC for the protection of signaling
traffic.  However, I have not been convinced of the value of using the
SBC for bearer traffic.  I believe an attack on a particular call is
dependent upon either obtaining and replicating, or corrupting the
signaling traffic, in order to affect the bearer traffic of a particular
call.  Why would I want to run the bearer traffic through the SBC?

Any and all opinions would be greatly appreciated.  Thanx.

Bruce A. Kaalund
Director, Product Security Architecture
National Engineering & Technical Operations
Comcast Cable
1500 Market Street
Philadelphia, PA 19102
Telephone -- 215-851-3303
e-mail -- bruce_kaalund at cable.comcast.com
Doveryai No Proveryai - Trust but Verify

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org



_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list