Unified communications (UC) is moving from cutting edge to commonplace as more enterprises see the value of consolidating communications into a single, simple-to-use application. But if applications with names like Slack or Hangouts have you second-guessing your security exposure, trust your instincts. The reality is that UC applications—even well-established applications—present a security risk to your enterprise.
While UC-based attacks haven’t been around as long as Internet-based hacks, they’ve attracted more attention from criminals because of their rate of success and their profitability. For 2015, the Communications Fraud Control Association (CFCA) estimated global losses for communications fraud at more than $38 billion. To put that into perspective, global credit card fraud is estimated at a little over $16 billion each year.
These UC applications run in real time on IP-based networks (e.g., TCP and UDP), and real-time IP communications use a protocol called SIP (Session Initiation Protocol) that is embedded within the TCP and UDP streams. Real-time communications have different requirements than data communications. For example, if you drop a packet while downloading a web site, you can just send another packet. But if you drop a word in a real-time conversation, you can’t re-insert it later in the conversation.
Why is the distinction between real-time and data important to security? Because many companies are using data-based security devices, such as firewalls, as their primary line of defense for everything, and firewalls simply weren’t designed for SIP-based communications. As a result, enterprises turn off certain security features to accommodate real-time voice and video, which in turn creates new security holes. And cybercriminals not only know this, but exploit this.
How Do You Spell UC Security? S-B-C.
The risks to enterprise security are well documented: data exfiltration, DDoS attacks, ransomware, etc. It seems a month doesn’t go by without stories of the latest security breach or website shutdown making the news. And those are just the big attacks. The reality is that most enterprises will be targeted by some type of sophisticated network attack—and more than once—over the next twelve months.
Mobile devices that use UC and real-time collaboration tools are as susceptible to attack as any other network-connected device—even more so when you consider risks such as non-secure wireless networks, weak password protection and the presence of “rogue” productivity applications. So, if the proliferation of UC applications is a problem, what’s the solution? Session border controllers, also known as SBCs.
An SBC functions as a kind of highly sophisticated firewall designed specifically for real-time communications such as voice, video, screen sharing and WebRTC applications. SBCs provide security features such as media and signaling encryption, back-to-back user agents, network topology hiding and gray/blacklisting designed specifically for SIP communications. Beyond security, SBCs include features such as media transcoding and SIP interworking that make UC applications work better. You can think of an SBC as a “traffic cop” that can enforce rules, give directions (in a variety of languages) and ensure that network real-time traffic flows smoothly and safely.
SBCs can take many forms. They can be small enough for a branch office of ten employees or big enough to handle thousands of calls per second in the largest data centers. They can be deployed on premises or in the cloud as a hosted service. They can run on a physical appliance or as software on a virtual machine. With so many options, you would think that every enterprise would have some type of SBC in place. And you would be wrong. In fact, over one-third of all enterprises (37 percent) that have SIP trunks coming into their data center do not have an SBC in place to secure those SIP communications.
Three Ways That An SBC Can Save Your IP Network
If I could talk to those one-third of SIP trunking customers without an SBC, I would tell them three things…
1. Don’t trust your firewall to do a job it wasn’t designed for.
Firewall technology is all good and fine for data communications; next-generation firewalls (NGFWs) are even better. But a NGFW isn’t designed to help you secure real-time communications. In fact, the application layer gateway (ALG) security feature on most NGFWs can negatively impact call completion on your network. In other words, UC applications exceed the IQ of the standard enterprise firewall. So, what do most enterprises do? They turn off the ALG feature, which immediately exposes their UC application to security hacks. Only an SBC is designed to address both reliability and security in real-time communications.
2. Don’t treat SBCs and firewalls as complementary devices; they are co-defenders.
Even enterprises that use SBCs often under-use them in the sense that they treat their SBCs and firewalls as separate security entities. This is a mistake, because cybercriminals will often attack multiple entry points within moments of each other. Why do cybercriminals do this? Because they’re looking for a weak link in your network’s armor. Imagine that the moment a network attack is detected, every SBC and firewall was alerted to the attack and could immediately blacklist the source IP address; a holistic security approach like that would shut down phishing attempts and DDoS attacks immediately.
3. Ensure your network gets smarter over time.
One of the biggest reasons why enterprises have trouble spotting abnormal network activity is because they don’t really understand what “normal” looks like. A flood of calls from California could be a TDoS attack—or it could be your California office dialing in for an all-hands conference call. SBCs shouldn’t be “dumb” sentries. They should leverage behavioral analytics to help drive customized and dynamic policies for your enterprise to more accurately identify anomalous and suspicious traffic, and safely quarantine that traffic until a determination can be made.
One final word of caution: don’t look at SBCs as just security devices. Interoperability is critical to unified communications, and SBCs are crucial to providing seamless communications between different applications, devices and networks through transcoding and interworking. In other words, it takes an SBC to make unified communications truly secure and unified. But that’s a whole separate conversation...
Image Credit Niekverlaan / Pixabay
Mykola Konrad, VP of Product Management and Marketing at Sonus Networks