openscape uc firewall and openscape session border...
TRANSCRIPT
OpenScape UC Firewall and OpenScape Session Border ControllerSecurity within and beyond the boundaries
3
Our connected world We are living and working in a new world that is defined by global connections, where mobility and collaboration are the norm.
Technologies that allow us to work in a more fluid, dynamic and collective manner are defining the age.
This new communicative era heralds a multitude of opportunities for businesses. But with the unprecedented opportunities come unprecedented risks.
Security threats are emerging quicker than the new technologies are being adopted. In recent month’s large organisations have been hit by security breaches that have compromised their customers’ data and damaged their brands and stock values.
Safe and secureInformation security is the number one priority for any business.
Unified communications are no different to any other areas of technology and are vulnerable to risks – such as toll fraud, call interception, Denial of Service (DoS), or spam over IP telephony, to name just a few.
So enterprises need connectivity solutions that allow relationships between staff and customers to deepen and flourish – while at the same time delivering security and control.
All IP-based systems require protection built into the heart of any infrastructure – in the form of security controls that can protect data and ensure reliable enterprise communication.
Beyond bordersCompanies are increasingly relying on web-based applications for collaboration and communication outside the organisations boundaries. In simple terms, this means more complex connections within applications are being made. Information flows to and from customers are increasing, and companies’ data centers are under growing strain.
Perimeter security controls are constantly required to be kept up-to-date with the rapid changes in the communications environment — yet such controls can quickly become outdated.
Many enterprises use traditional firewalls to secure their data network. But these firewalls have a raft of limitations and are simply inadequate when it comes to VoIP and UC security. The consequences have far deeper ramifications then isolated security breaches.
Trust in the Unified Communications system itself can diminish among staff and customers. As relationships suffer, so do business brands.
Yet Unify’s next-generation OpenScape UC Firewall and OpenScape Session Border Controller provide enhanced security features and performance levels that resolve these issues and bring the benefits of VoIP/UC collaboration securely into your network.
Security within and beyond your network’s boundaries
5
Security built into your solutions, not tacked on as an afterthoughtUnify believes the most reliable security solutions should be integrated and not bolted on. OpenScape UC Firewall and OpenScape Session Border Controller are specifically designed to protect OpenScape VoIP/ UC.
Both may be used independently or in conjunction with each other. The result is a two-tier security controls that boosts the defenses of your network.
OpenScape UC Firewall and OpenScape Session Border Controller help to keep your VoIP/ UC system safe from both IP-based attacks and unauthorized access from untrusted networks.
Working in harmonyWhatever your specific security needs, OpenScape UC Firewall and OpenScape Session Border Controller can be used flexibly. Both can be perfectly integrated into your company‘s infrastructure to complement your security policy.
And it is worth knowing that all Unify’s products, solutions and services provide sophisticated functionality, reliable operation and high quality. And of course they all comply with internationally recognized standards.
Getting Technical Traditional Firewalls protect IP data networks, servers and applications against threats by using stateful filtering of IP data traversing through the IP firewall.
Some firewalls add gateway functionality to extract the information necessary to set up and maintain the call. This allows the firewall to create and maintain a single end-to-end SIP session on both sides of the firewall.
By comparison, a Session Border Controller (SBC) is a VoIP session-aware device that controls call admission to a network – at the boundary of the network. SBC securely connects multiple locations and extends communications to remote workers and agents.
Data CenterScenario
UC Firewall =SIP Firewall + Data Firewall
Decentralized BranchFirewall Scenario
Data Center
Access Areas Branch
SIP TrunkingScenario
UC Firewall
UC Firewall
SSP
PSTN
WAN/Internet
PSTN
SIP
SIP + UC
SIP + UC
OpenScapeBranch
SIP
OpenScapeVoice
CentralizedApplications
Media Gateway SBC UC Firewall
6
Trust and securityOpenScape UC Firewall provides the most fundamental security measures that not only protect an OpenScape Voice and UC infrastructure but also data infrastructures and applications against unauthorized access, unwanted traffic and (SIP-based) attacks. It is both firewall and Intrusion Prevention System (IPS) that ensures a reliable and secure communication exchange to/from your OpenScape solution.
OpenScape UC Firewall handles all traffic types – including voice, UC and data. It guarantees a secure interaction between all existing applications and OpenScape Voice.
OpenScape UC Firewall scenarios
OpenScape UC Firewall – secure communications, safe data
OpenScape UC Firewall overview:
• Globally available• Proven compatibility
with OpenScape Voice and UC solutions
• Professional support• Managed services
7
Getting to know youFurthermore, groups, departments and stakeholders are recognised by the OpenScape UC Firewall according to their responsibilities and access permission. Entry to specific areas, networks and devices can therefore be granted or denied.
In short, OpenScape UC Firewall secures all areas of trust according to an enterprise‘s security policy. Furthermore, OpenScape UC Firewall is capable of real-time intrusion prevention. So it scans voice traffic for malicious content and block the traffic where necessary.
World leaders in security solutions Fortinet – a world leader in unified threat management appliances – is Unify’s trusted partner in offering OpenScape UC Firewall.
Fortinet provides a broad, flexible and scalable product platform called FortiGate. In simple terms, Fortigate provides an appropriate security solution for every type of project and company size.
The platform minimizes the necessary investment, and maximises the opportunity for securing communications.
Fortinet – an overview:• A market leader in Unified Threat Management• Strong increase of Fortinet market shares in the past years• Innovation, high-performance ASIC technology – cost efficient• Clear commitment and integration of VoIP and UC Security• Strong experiences with Voice / SIP and UC in Carrier / Service Provider Business
Certified. Tested. Approved.OpenScape UC Firewall complies with all requirements of contracting authorities and is Common Criteria EAL 4+ certified. Furthermore, it supports all OpenScape Voice features.
This guarantees a quick and reliable implementation and ensures a smooth interaction with OpenScape Voice and UC.
A security solution for every project and company size
8
RemoteUser
SIP Trunking
OpenScape Branch(Proxy Mode)
OpenScapeSBC OpenScape
Voice
CommonManagement
Platform
PSTN
SSP
PSTN
Internet
9
Extending communications OpenScape Session Border Controller (SBC) was developed by Unify as a solution component of the award-winning OpenScape solution portfolio.
It allows VoIP networks to securely extend communications beyond an enterprise’s network boundaries.
Focus on VoIPOpenScape SBC dynamically opens and closes firewall “pin holes”, allowing controlled access to your protected network.
OpenScape SBC performs the necessary inter-operability, security, management, and control capabilities to support SIP trunking applications.
It also supports the SIP endpoint registration services that are necessary to facilitate remote-user and remote-branchoffice applications.
OpenScape SBC supports all OpenScape Voice features and is fully manageable via the same OpenScape Common Management Platform (CMP) that is used to manage other network elements in the OpenScape Solution Set.
OpenScape Session Border Controller use case scenarios
OpenScape Session Border Controller – beyond the enterprise’s boundaries
OpenScape SBC review• Linux-based operating
system• Designed specifically
for OpenScape Voice solution
• Single point of administration for OpenScape Voice and SBC
• Provides highly secure unified communications solutions
• Supports secure calls by encrypted signalling
• Supports secure calls by encrypted media – Secure Real-Time Transport Protocol (SRTP)
• Intrusion detection, topology hiding and strict SIP validation
• Delivers Network Address Translation (NAT) and Port Address Translation (PAT) for remote worker/agent access
10
11
When two become oneBoth OpenScape UC Firewall and OpenScape SBC are state-of-the-art security solutions that perfectly complement one another and work in harmony.
OpenScape UC Firewall protects voice, UC and data infrastructures and applications against unauthorized access, unwanted traffic and (SIP-based) attacks.
Meanwhile, OpenScape SBC controls call admission at the border of the network.
Both may be used independently or in conjunction with each other.
Typical use-case scenarios for OpenScape UC Firewall:
• Protecting critical centralized servers within a data center• Protecting a local or de-centralized network – such as corporate branches• Customers that require Common Criteria EAL4+ certified security protection
Typical use-case scenarios for OpenScape SBC:• SIP trunking to a SIP service provider (SSP)• Secure remote-user access regardless of location or public/private network
Two-level security OpenScape UC Firewall and OpenScape SBC are ideal solutions in a two-level security strategy. This is often required by large enterprises and governmental organizations that have strong, and often unique, security requirements and policies.
For SIP trunking, SBC functionality is a fundamental requirement that can’t be substituted by pure firewall functionality.
The OpenScape UC Firewall offers enterprise-grade firewalling to the IP connection as a first line of defence — while OpenScape SBC sits behind offering further protection.
A flexible pair in a secure relationship
12
OpenScape SBC
Far end-NAT/ Hosted NAT traversal
Adaption, manipulation, and repair of SIP protocol (SIP-Trunking)
Media anchoring
Transcoding between codecs or RTP/SRTP
OpenScape UC Firewall
Web collaboration
Protect UC (HTTP/HTTPS) traffic
Unified security for voice/SIP and UC/HTTP
Legacy firewalling for management traffic
Load balancing
Network segmentation / security zone
separation
SIP & RTP protocol inspection
Dynamic pin-holling
SIP message limitation
SIP/TLS support beginning with OpenScape UC
Firewall V1 R2
• Transparent for signaling & Session Description Protocol (SDP)
• Single session across system
• Inspects SIP header, body and protocol conformance as defined by firewall policy of the SIP-ALG and IPS
• Dynamically open / close RTP media ports
• Terminates, re-initiates and initiates signaling & SDP
• Two sessions – one on each side of system
• Inspects and modifies any application layer header info (SIP, SDP, etc.)
• Able to resolve interworking issues
• Dynamically open / close RTP media ports
13
The security you require Use-case scenarios for both OpenScape UC Firewall and OpenScape SBC can widely differ as every organization has specific security requirements.
However, in SIP-trunking scenarios we consider OpenScape SBC to be mandatory – regardless of the enterprise size.
Meanwhile, the OpenScape UC Firewall should be a basic requirement for medium-to-large enterprises wishing to protect a data center.
OpenScape UC Firewall and OpenScape SBC offer the flexibility you need – and the level of security you require for your network.
Functional Differentiation OpenScape UC Firewall – OpenScape SBC
OpenScape UC Firewall vs. OpenScape SBC:
Data Center
OpenScapeUC Firewall
OpenScapeVoice
Data Center
OpenScapeSBC
OpenScapeVoice
14
15
World beatersUnify has long been a global leader in corporate communications. And when it comes to communications security, nobody knows better than us.
Relying on Unify as your single contact for all voice, UC and security-related matters makes business life more convenient. Relationships become easier, staff become happier, customers become more satisfied.
Unify offers a highly qualified service worldwide. Meanwhile, our security solutions are based on an open architecture that complies with the most rigorous government standards.
Depending on the vulnerability of the business areas, customers can choose between different Service Level Agreements (SLA). It all comes down to our customers’ specific business needs.
In short, Unify can provide the appropriate support to solve any security issues.
Leading you to securityAs a global leader in communications security, our years of experience uniquely position us to offer the best-in-class and most secure products, solutions and services — allowing executives to focus on their core businesses.
As already mentioned, we provide security that is built in, not bolted on — a system that works in harmony with your infrastructure and needs. Be secure in the knowledge our offering is the best on the market.
Unify – a global leader in corporate communications
About Unify
Unify is one of the world’s leading communications software and services firms, providing integrated communications
solutions for approximately 75 percent of the Fortune Global 500. Our solutions unify multiple networks, devices and
applications into one easy-to-use platform that allows teams to engage in rich and meaningful conversations. The result
is a transformation of how the enterprise communicates and collaborates that amplifies collective effort, energizes the
business, and enhances business performance. Unify has a strong heritage of product reliability, innovation, open
standards and security.
unify.com
Copyright © Unify Software and Solutions GmbH & Co. KG, 2016 Mies-van-der-Rohe-Strasse 6, 80807 Munich, Germany All rights reserved.
The information provided in this document contains merely general descriptions or characteristics of performance which in case of actual use do not always apply as described or which may change as a result of further development of the products. An obligation to provide the respective characteristics shall only exist if expressly agreed in the terms of contract. Availability and technical specifications are subject to change without notice.
Unify, OpenScape, OpenStage and HiPath are registered trademarks of Unify Software and Solutions GmbH & Co. KG. All other company, brand, product and service names are trademarks or registered trademarks of their respective holders.