AudioCodes Security Solution
The device provides a comprehensive package of security features, which handles the following two main security areas:
|
■
|
Securing the Service: Secures the call services by implementing separation and defense of different network entities (e.g., SIP Trunk, softswitch, and users): |
|
●
|
Physical separation of networks |
|
●
|
SRDs per SIP entity (user agent) |
|
●
|
IP Groups per SIP entity (user agent) |
|
●
|
Ensures that only authorized users can access the device's management interface |
|
●
|
Protection against attacks on the device from SIP signaling and media (RTP). |
For the SBC application, the device provides built-in protection from Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks:
|
◆
|
Prevention of DoS/DDoS SIP flood attacks |
|
◆
|
Defense against TCP\IP vulnerabilities |
|
◆
|
Defense against ICMP flooding |
|
◆
|
Optimal handling of SIP user registration avalanche |
|
◆
|
Prevents over-the-top traffic from unknown sources |
Due to the vast number and types of potential attacks (some described in the previous section), security of your trusted VoIP network should be your paramount concern. The device provides a rich set of features to support perimeter defense for protecting your trusted network from the un-trusted ones. However, the device's security features and capabilities are only effective if implemented correctly. Improper use of the device for perimeter defense may render the overall security solution ineffective, thereby exposing your network to multiple threats.
The benefits of an IP-based telephony network are quite clear, but so are the threats and security implications that need to be addressed. The IP borders of the IP telephony network are the attack points and it's AudioCodes security solutions that are designed to help safeguard your trusted network from such threats.