News Stay informed about the latest enterprise technology news and product updates.

Is it time for a VoIP firewall?

Some say enterprises may soon need a special firewall to thwart the malicious hackers, spoofers and other threats that can imperil VoIP and other SIP-related communications.

Spam commonly proliferates using STMP and HTTP protocols, which are critical to e-mail and the Internet, but it...

could soon become the nemesis of SIP as well.

Session Initiation Protocol (SIP) is a VIP call-control and application protocol technology serving as the Internet Engineering Task Force's de facto standard for initiating a multimedia interactive user session.

Andrew Graydon, vice president of technology with Mississauga, Ontario-based Border Ware Technologies Inc., said traditional security measures -- such as authentication, authorization and IP sec -- are not designed to secure and manage SIP-based communications in real time.

But, Graydon said, new technologies like SIP fire walls are emerging to address the protocol's distinct security requirements. A SIP fire wall is an appliance that manages and protects the traffic, flow and quality of VIP and other SIP-related communications.

According to Graydon, the industry is working to secure voice communications at the transport layer with VPN-like encryption. But he said hackers will eventually learn how to attack Internet calls at the application layer.

Border Ware's recently released hardware and software SIP-based fire wall, SIP assure, authenticates user connections and allows system administrators to set and enforce VIP security policies to address application layer exploits.

More specifically, SIP assure's features include:


  • Protection with a range of controls, including unique session profiling that prevent spam and denial-of-service (DoS) attacks.
  • Antispam filters for securing, managing, monitoring and administering SIP-enabled communications.
  • Built-in audit and reporting capabilities designed to address critical security issues by providing visibility into all SIP-related communications, including SIP proxy, SIP registrar, spam, user access and capacity planning.

    While SIP-based fire walls aren't necessary today, Teney Takahashi, market analyst for The Eradicate Group Inc. in Palo Alto, Calif., said companies will soon need a device like SIP assure to protect themselves from communication exploits.

    "It would be prudent for a company not to invest in something like this over the next couple of years," Takahashi said. "If they're going to protect their e-mail and their Web traffic, they should also protect their SIP traffic -- especially if they have VIP or an instant messaging system they rely on for business communications."

    Takahashi said companies such as Cisco Systems Inc. may have security measures in place to prevent attacks on its SIP networks, but Border Ware was the first to market with its dedicated application for filtering out illegitimate SIP traffic.

    He said some vendors have products that filter out IM traffic or VIP traffic, but no other offering filters SIP traffic at the application layer like BorderWare.

    "It definitely seems that SIP is the chosen protocol for real-time communication," Takahashi said. "As this trend progresses over the next few years, a SIP-specific fire wall will become very valuable to companies."

    This story originally appeared on


Dig Deeper on Enterprise network and wireless management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.