[VOIPSEC] SBC and Firewalls

Mo Khan mo.m.khan1 at gmail.com
Mon Apr 26 21:22:09 CDT 2010 

Rob, you are correct on the reason why a Firewall was looking to be used in
conjunction with a SBC. IT Security requirements. I my self work within IT
Security but personally I look to incorporate a proven technology that will
provide sound security, high performance in order to meet business
objectives. This is why I wanted to throw it out on this forum to see if
others have this type of security setup or if not how they security teams
have taken the control back on the Firewall feature with the use of SBC.
It's really all about control on our end. Many Security departments are this
way just as you mentioned. In my opinion, separation of duties, auditing the
controls of SBC can address some of these issues to incorporating
Since you work for a SBC vendor, the companies (other then service
providers) who have used SBCs how have Security departments gained the trust
and control of using a SBC? Can RBAC be incorporated at all in these devices
where maybe the Security features can be offloaded to the IT Security
groups?

On Mon, Apr 26, 2010 at 8:50 PM, Rob Welbourn <robert at welbourn.com> wrote:

> Mo,
>
> So what aspects of control do you think a conventional firewall will give
> you that an SBC does not?
>
> The *only* reason that SBCs are used in conjunction with firewalls is
> because corporate IT security people have strict rules about using approved
> firewalls, and don't understand what SBCs do.  The path of least resistance
> to getting an SBC in place is to acquiesce to this dictate.
>
> If you *must* implement a firewall in front of or behind an SBC, or have
> the
> SBC between an inner and outer firewall, then make sure you turn off any
> SIP
> awareness in the firewall, as it will most likely degrade performance and
> introduce problems for the SBC.
>
> Rob
>
> Disclaimer: I work for an SBC vendor, and have had to deal with this issue
> on multiple occasions.
>
> -----Original Message-----
> From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] On
> Behalf Of Mo Khan
> Sent: Saturday, April 24, 2010 12:54 PM
> To: voipsec at voipsa.org
> Subject: [VOIPSEC] SBC and Firewalls
>
> Hello. I was wondering if there are folks who have implemented the use of
> SBC and Firewall together to protect their voip environments. I was looking
> to see if it makes sense to use SBC along with an enterprise level Firewall
> to secure SIP Trunks over MPLS. I know most SBCs come with a built in
> application layer firewall feature which is voice friendly but to gain
> control of the environment we want to introduce Firewall to the mix.  The
> SIP Trunks are setup from corporate HQ over to  multiple outsourced partner
> contact centers. To create a defense in-depth strategy, a SBC, FW and an
> IDS
> will be used. Any suggestions comments experiences on this type of setup
> would be help full.
>
> Regards.
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>

More information about the Voipsec mailing list