The growing spread of VoIP introduces a wrinkle in the fabric of security that firewalls are supposed to provide. One can assume that a firewall is sufficient but that can be from lack of appreciation of vulnerabilities in SIP and VoIP protocols and the higher need for security in voice/video communications. Firewalls, to state a proven fact, are insufficient. They are best complemented by SBC solutions that are far superior to address security concerns of VoIP traffic. It is far better than a souped up firewall that has SIP application layer gateway.
The layers
The open system interconnection framework has seven layers. Layer 1 is the physical layer. Layer 2 is data link. Layer 3 is the network layer where switching and routing functions take place. Layer 4 is the transport layer. Layer is sessions layer that handles establishing, coordinating and terminating connections. Layer 6 is the presentation layer that translates encryption and ensures compatibility. Layer 7 is application layer used for authentication and quality of service. Firewalls can control only layer 2 to layer 4. Session border controller handles the vital layers 2 through 7.
Firewalls can only switch on or switch off interfaces to layers 2 to 4 but cannot manage quality of traffic with the result that there are lags, lack of audio quality and dropped packets. SBC solutions handle this seamlessly for palpable increase in audio clarity, especially where there are hundreds of simultaneous calls in progress.
Protocol handling is another area where firewalls prove insufficient. H.323, SIP and MGCP protocols work above OSI layer 4 that is above the network firewall capability. This may result in incompatible IP address or even result in call blocks. SBCs allow NAT and firewall traversals, easy recognition and protocol handshake and let signals pass through.
The SIP stack
This is where even a SIP layered firewall can fall flat on its face. The configuration in firewalls is static and allows traffic flows through defined ports but it can leave ports open. It also leaves the internal topology open and hackers can easily tunnel through. The right session border controller, on the other hand has ingrained awareness about SIP stack and real time transport protocols with capability monitor and manage traffic for jitter free video and clear audio along with ability to recognize malformed packets and tag them as threats. Further, SBCs hide internal topology making it difficult for hackers to tunnel through.
Encryption is another factor where firewalls are inadequate whereas SBC solutions typically encrypt packets with higher levels of security, making it difficult for eavesdroppers to snag and listen to packets. Confidentiality and security of business communications are assured.
Denial of service, spoofing, theft
Firewalls cannot address security when a hacker launches a DOS or DdoS attack. The network can come to a standstill. SBC, especially AI powered SBCs of today are powerful enough to identify attempts of all kinds that can pose a threat and snuff them out or raise an alert. That alone makes an SBC worth the cost. One simply cannot afford spoofing, DOS or theft that can cause huge losses in terms of money and reputation.
Media transcoding
Traffic over VoIP these days comprises of signals that use various protocols for audio and video. Firewalls simply do not have that capability or capacity to cope with media transcoding. SBCs, on the other hand, can take on any protocol or codec and connect seamlessly. The difference can be seen when one tries transborder audio-video communication without SBC in the link. There will be huge issues. SBC integrates, handshakes and connects leading to seamless communication. This is icing on the cake.