Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SIP and Security

Status
Not open for further replies.
malibu1979

malibu1979

Programmer
Sep 7, 2011
52
US
I'm new to the sip world and could use a little advise on the best way securely run sip trunks. I'm not a big fan of opening ports on the router/firewall but I had to do so to get my test system up and running with a sip trunk. Should all my local ip traffic be set up on lan 1 and sip on lan 2? Should the sip be on a different vlan all together? How secure is the lan 2 firewall? I know I can make a sip trunk work, but would like it to be as secure as possible. Any advise would be great.

Thanks Jason
 
Sort by date Sort by votes
If you want it as secure as possible then buy a Session Border Controller
Info Avaya SBC

A simple mind delivers great solutions
 
Upvote 0 Downvote
Ive been reading on here about keeping voice and data on different networks for qos. How does this work when your using one-x or say a pc softphone?
 
Upvote 0 Downvote
ve been reading on here about keeping voice and data on different networks for qos. How does this work when your using one-x or say a pc softphone?
Click to expand...
Off topic! Please start a different thread for different questions


The answer - you can't separate voice and data lans if you are using a softphone.

Take Care

Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
 
Upvote 0 Downvote
if you don't use a SBC like intigrant says you can impose strict rules on the sip provider, ip office and customer firewall. basically restrict all traffic to the static ips for signalling. port 5060 is probed across ip ranges by sending sip packets and checking responses. responses are a weakness in sip protocol and how a sip device wil respond to different call setups, registration, packet size, invites, you name it. if the probing server gets a response from a host ip on udp5060 the hackers can then try many different methods of comprimising the device. Best rule of practice is lock down registration on the sip provider to IP whitelists, if not possible use a IP authenticated sip account. Block all traffic on the customer firewall to only allow authorised sip traffic through and limit your IP routes on the IPO to only the subnets required, not default 255.255.255.255/255.255.255.255. all 3 of these are advisdable, they protect the sip account on the provider side and excess traffic ont the IPO.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

somewacko2
  • Question
SIP Trunking and hunt groups
Replies
2
Views
220
Menniss
Menniss
joestar
  • Locked
  • Question
Skype for Business (Lync) and IP Office SIP Integration
Replies
0
Views
234
joestar
joestar
Diya Freahat
  • Locked
  • Question
SIP trunk - no audio
Replies
9
Views
617
derfloh
derfloh
Imran555
  • Locked
  • Question
Incoming caller ID with SIP server IP over SIP Trunks
Replies
1
Views
517
ipohead
ipohead
RedTech443
  • Question
Outbound SIP calling adding a "L"
Replies
3
Views
157
derfloh
derfloh

Part and Inventory Search

Sponsor

Back
Top