Security professionals for years have professed the importance of a multi-layer security strategy, also known as “defense in depth.” It only makes sense, then, that the concept should be applied to real-time communications (RTC) of the sort that are common in unified communications environments.

That was my first thought when I saw an advertisement for a recent LightReading webinar called “Multi-layer Security for Real-time Communications.” Sponsored by Sonus and featuring Walter Kenrich, Sonus’ Director of Product management, the webinar makes the case that securing RTC environments is best accomplished by using a multi-layer strategy that includes firewalls, session border controllers and software defined network (SDN) components all working in tandem.
The concept is somewhat different from the traditional defense in depth strategy, which basically says if an intruder gets by a perimeter defense mechanism, there should be another deeper inside the network to stop him. The multi-layer approach that Sonus and Kenrich espouse does attempt to push security as far to the perimeter of the network as possible, but it also envisions SBCs, firewalls and SDN policy engines each doing what they do best while sharing information in order to thwart various sorts of attacks.
Detecting Toll Fraud with SBCs, Firewalls and SDN Controllers
One example is how the plan would work in detecting attempted toll fraud using IP address spoofing. Toll fraud, Kenrich noted, is now practiced by cyber criminals looking to steal international call minutes potentially worth hundreds of thousands of dollars and sell them to unwitting service providers or consumers.
+++++++++++++++++
Dig Deeper: Download the Free E-Book Session Border Controllers (SBCs) for Dummies
+++++++++++++++++
The criminals use commonly available scanning tools to find open ports, then spoof a legitimate IP address to try to gain access through the firewall. When there’s an SBC sitting behind the firewall, the attempt would then be routed to the SBC before a call could be initiated. The SBC would ask the policy routing engine where to send the call. Perhaps the business does some amount of business in Africa, so the policy is to let a small number of calls go through to African countries – a common destination for toll fraud perpetrators. So maybe that first call goes through successfully.
Once the intruder finds that opening, he figures the intrusion is on and starts sending lots more calls to Africa. At this point, the policy engine will detect the high number of calls, suspect fraud and tell the SBC not to accept any more calls. “It will just shut down that service,” Kenrich says. Since the goal is always to stop the security threat at the furthest edge of the network, the SBC will then tell the firewall to block any more connections from that IP address, thus subverting any additional attacks.
How Virtual SBCs and SDN Controllers can Thwart DOS Attacks
Another example is using a virtual Session Border Controller (SBC) integrated with an SDN to provide security to cloud-based services, such as thwarting a denial of service (DOS) attack. Inside the cloud provider’s network, the virtual SBC would be able to detect a DOS attack by its registration credentials. To stop the attack at the farthest edge of the network, the SBC communicates with the SDN controller. The controller could then modify its packet forwarding rules at the edge of the network to stop the attack. What’s more, white lists could be used to ensure authorized users get through, Kenrich notes.
The hour-long webinar goes into greater detail on exactly how these concepts play out in practice –it’s worth a look. As an extension of the tried and true defense in depth strategy, I’d say the multi-layered security strategy looks to be an effective way for enterprises and service providers to combat the threats that RTC flows face.