No announcement yet.
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ingate SIParator

    Ingate is proud to be apart of the ShoreTel deployment. Providing SIP Security and SIP Protocol "Normalization" capabilities.

    Every IP-PBX vendor has a SIP Security product (SBC) in their offering....

    Cisco - CUBE
    Avaya - Acme Packet (OEM)
    Mitel - Mitel Business Gateway (MBG)
    Alcatel-Lucent - NeoTip (OEM)
    3Com - Ingate (OEM)
    Iwastu - Ingate (OEM)
    Nortel - a mess of various OEM vendors
    and the list goes on...

    Any type of security device can be described as blukheads in a submarine. If any one campartment fails, the whole boat is not compromized.

    Do you implicitly trust the Internet access to your Enterprise LAN?
    => Crap! No! So you put a Firewall in place.

    Do you implicitly trust the Carrier Network access to your Enterpirse LAN?
    => I certainly hope Not!

    Do you implicitly trust the Voice Carriers Network access to your Enterprise LAN?
    => Of course.. No.

    Firewalls stop unsolicited Traffic, thus prevent unauthorized access into your Enterprise LAN. But making a "Phone Call" is by definition Unsolicited, thus Firewalls stop most all VoIP traffic including SIP.

    Now SIP Voice Communications is unsolicited traffic, you need to define Security Policies to allow the unsolicited SIP Traffic into your Enterprise LAN. Who is allowed to make calls, and who is not, what they are allowed to dial and also to prevent Attacks, such as DoS Attacks, Intrusion of Service Attacks, Toll Fraud, SPIT (SPAM over Internet Telephony) and so on. The Session Border Controller (SBC) (ie Ingate SIParator) does this function by putting SIP Security Policies around the SIP Traffic in and out of the Enterprise LAN.

    You could just put the IP-PBX directly on the Internet or Untrusted Network. But if you do this you leave you IP-PBX directly exposed to any attack. Do you want you IP-PBX to handle a DoS Attack? If the IP-PBX were to recieve a DoS Attack, the IP-PBX requires to handle this "Flood" attack, either Network interfaces, CPU Resources, Memory and all of this is taken away from actual "real" communications. Your business is know non-functional and loosing revenue. IP-PBX should be deemed a "Mission Critical" Server. So you do not want you IP-PBX handling security issues. Let Security products be independent of the Call Control Server.

    Like bulkheads on a submarine, should the Ingate be attacked by a DoS Attack, the ShoreTel can keep on running.

    Unfortunately Security is the last thing people think about when deploying VoIP, when it should be the first.

  • #2
    Hi Scott,

    interesting post. has the setup of the ingate siperator gotten any easier?