Session Border Controller: why your enterprise need it (SBC)

The Session Border Controller is an indispensable part of any telephony infrastructure, it is the gatekeeper. Like a security guard, it controls the network entrances. It is important that its capacities are adapted to the type of flow to be managed. 

What is a Session Border Controller?

A Session Border Controller is a device that can be :

– directly embedded in an element of the telephony infrastructure as a “software feature”.

– a standalone device, but still integrated into the company’s telephony network.

This network element acts as a firewall, it ensures that the network security policy is respected. It controls and filters the incoming and outgoing data flows of your telephone network.

The SBC is placed directly at the entrance of your corporate telephone network, between the server of your VoIP provider and your PBX. SBCs are designed to handle SIP packets but can also handle other protocols related to voice or image transport. This ability to handle different protocols, such as H.323 or RTP, facilitates interoperability between the different components of your network. In addition to these network protection and mediation functions, the Session Border Controller will administer requests. The SBC distributes requests in a balanced way to avoid saturating the network or lowering the quality of communications.

Session Border Controllers are multi-function devices. Regarding protection, SBCs follow pre-established rules that evolve only with updates. They are powerless in new attack scenarios.

A Session Border Controller for your entreprise’s phone network: the advantages

Security for your telephony infrastructure

Your SBC allows you to establish an “Access Control List” (ACL) of IP addresses and subnets that are identified and allowed as packet sources. Any subnets and IP addresses not on this list that attempt to communicate with your IPBX will be excluded by your SBC.

Your Sesion Border Controller also allows you to limit your vulnerability to Denial of Service (DDoS) attacks. To protect against DDoS your SBC limits the speed of throughput allowed on your telephony infrastructure. Your SBC hides your network architecture from malicious actors: the addresses of the nodes through which SIP messages pass are no longer visible in the packet headers.

Better call performances

By analyzing the traffic of your VoIP infrastructure, the SBC can arbitrate the flows and optimize their routes. The objective is to reduce the transfer time of call data to improve call quality. In case of network saturation, your SBC can prioritize certain sessions and redirect less urgent ones. This way, your communications are no longer affected by changes in your network load.

Smooth exchanges

The SBC will allow exchanges between the components of your telephone architecture that communicate on different protocols. This functionality is used to link the operator’s architecture to your telephone infrastructure.

How to choose my Session Border Controller (SBC) ?

Several characteristics should influence your choice in the acquisition of an SBC. First, you should carefully study the range of attacks covered by your firewall. SBCs are developed following a deterministic logic. The types of attacks are observed and the SBCs are updated to counter them. SBCs are therefore very effective against the most widespread frauds (TDoS, intrusions, etc.).

Secondly, we must question the possibilities of “personalizing” the SBC:

Will it be able to adapt well to your infrastructure and to your company’s needs?

Following this logic, the processing capacity of the SBC is another element that you should consider:

Is it capable of handling at least a slightly higher volume of calls/queries than your business typically receives?

As mentioned earlier, interoperability of the SBC is a critical function:

Will it optimize your company’s workflow by promoting harmony between communication tools?

This feature will allow, for example, to automatically transfer a communication from the Teams application (web RTP) to a fixed phone (SIP).

The “Mi Voice Border Gateway” from Mitel allows “connections by WebRTC gateway to SIP.

The issue of audio quality is also important. All voice communications will now be routed via the SBC. If this central element of the network degrades the quality of the calls, the quality of the entire telephone communications of your company will be impacted.

homme au téléphone

Protect your communications

Diskyver is a telephone anomaly detection system, it monitors your telephone infrastructure for malicious activities.

Learn more button

Discover our last articles

What is SIPVicious ? The ultimate VoIP pentest tool

In cybersecurity the border between ethical hacking and regular hacking is often thin. SIPVicious is a perfect example of this phenomenon : made for security professionals, it is also widely used by criminals to identify and exploit SIP networks vulnerabilities. Let's...

Asterisk installation : guide and purchase tips

Which asterisk installation alternative for your virtual IPBX ? Before starting your search for an IPBX solution, you need to define your company's needs. Take your current configuration as a reference and establish requirements: in a numerical way (number of lines,...

4 tips to set up a user friendly IVR

"At the end of your message, if you want to change it, type pound ... " Beep!  If you hear these words and feel a mixture of frustration and anxiety, you are a normal human being. However, this is the most famous interactive voice server in the world: the...

What is Wireshark and how to use it

What is Wireshark ? Wireshark is a network packet analyzer. It capture network packets and display this data through a graphical user interface. It is a free and open-source tool. Cybersecurity professionals are using Wireshark to troubleshoot networks. With this tool...

STIR/SHAKEN: everything you need to know

The name "STIR/SHAKEN" refers to a set of protocols and procedures designed to fight caller ID spooffing. On March 31st, the Federal Communications Commission(FCC) of the United States voted in favor of the implementation of these rules. What is spoofing? Spoofing...

TDoS attack : How to protect yourself

Companies are targeted by a wide variety of cyber threats, including TDoS attack. This type of attack consists of flooding the targeted company's telephone servers with requests and then demanding a ransom in exchange for restoring the servers back to service. The...
WordPress Cookie Plugin by Real Cookie Banner