E-Mail:
Get our new Windows 7 eBook (PDF) for $7 with 70+ Tips. Download Now!

Proxy/Gateway/Border Controller Security Options

Friday, June 3rd, 2005
by Lockergnome

  • No Related Post

Proxy/Gateway/Session Border Control Inside the Firewall occurs when during VoIP call setup, the ports and addresses require a detailed inspection (sometimes referred to as a Stateful Inspection) as the setup progresses. If the firewall does not support dynamic ACL [Access Control Lists] based on the inspection, Proxy and Gateway Servers can be used just inside the firewall. In regard to SBC, there are arguments on placing SBC Inside (behind) the firewall, outside or at the carrier (service provider).

Proxy in Co-Edge (2-edge) Mode is the situation where local interior IP addresses that must be translated to valid exterior IP addresses. The firewall must be capable of decoding and translating all addresses passed in the various VoIP protocols. If the firewall is not capable of this translation task, a Proxy Server may be placed next to the firewall in a Co-edge Mode. In this configuration, interfaces lead to both inside and outside networks. To avoid exposing a network to unsolicited traffic, configure the Proxy to route only proxied traffic. In other words, the Proxy Server routes only VoIP protocol traffic that is terminated on the inside and then repeated to the outside.

Proxy/Gateway Outside the Firewall is if the firewall does not support VoIP dynamic ACL. The firewall can be configured with static ACL that allow traffic from the Proxy/Gateway Servers through the firewall. This poses a security risk if a hacker can spoof, or simulate the IP addresses of the Proxy/Gateway Servers and use them to attack their own network.

Please see other TECHtionary tutorials on IP Security or SS7. In VoIP security, there are two primary network issues - Signaling Path (in green) and Media Path (in purple). The Signaling Path shown here comes from control of TCP [Transmission Control Protocol] issues explained next. Media Path control comes from protection of the conversation contained in IP [Internet Protocol] packets.

See in-depth tutorials on this topic and more at TECHtionary.com.

Tags
Categories

What Do You Think?

 

Posted Recently

Windows Update In Windows 7 Part I

Solving The 5 Biggest Challenges Of Field Service Delivery

New Apps For November 6th, 2009

Google Is Opening Up Your Info - To You

Windows 7 Gaming - Not As Good As XP?

Confessions Of A Public Speaker

Make Presenting Easier With PowerPoint’s Presenter View

Building The Future Of Collaboration

New Apps For November 5th, 2009

Give Me A Cup Of What Congress Is Drinking

Sahil Malik Fills Us In On SharePoint 2010

20% Gnomie Discount On GoodSync Backup Software

Open Transportation Data in One Hour Webcast

Prevent Reboots After Windows Updates Part II

The High Performance Information Workplace

AT&T Has A Suit For That

Nokia Needs To Drop Cells?

Sage Summit Session To Share Social CRM Trends Via Live Webcast

Prevent Reboots After Windows Updates Part I

Acing The Interview: How To Ask And Answer The Questions That Will Get You The Job

New Apps For November 3rd, 2009

A Glimpse Into The Abyss

Sunbelt Personal Firewall Discount For Gnomies

Getting Started With Google Wave

Should You Take Your Work Home?

Lightwave

New Apps For November 2nd, 2009

Ads Are Not All Bad - Just Watch How They Are Used

QuickBooks 2010: The Missing Manual

Work More Efficiently With Outlook Appointments

Ten Tips For Better Web Meetings

NASA Tech Briefs

New Apps Digest For October 30th, 2009

Supplementing Our TV Or Replacing It

Android From Verizon - Maybe Someday

Change The Default Appointment Interval In Outlook

Driving IT Help Desk Efficiency with Customer-Centric Remote Support

Fiber Country

Protection From Identity Theft

Simon Goldstein On What IT Pros Need To Know About Audits

41 queries / 0.482 seconds.