The Session Border Controller is an indispensable part of any telephony infrastructure, it is the gatekeeper. Like a security guard, it controls the network entrances. It is important that its capacities are adapted to the type of flow to be managed.
Table of Contents
What is a Session Border Controller?
A Session Border Controller is a device that can be :
– directly embedded in an element of the telephony infrastructure as a “software feature”.
– a standalone device, but still integrated into the company’s telephony network.
This network element acts as a firewall, it ensures that the network security policy is respected. It controls and filters the incoming and outgoing data flows of your telephone network.
The SBC is placed directly at the entrance of your corporate telephone network, between the server of your VoIP provider and your PBX. SBCs are designed to handle SIP packets but can also handle other protocols related to voice or image transport. This ability to handle different protocols, such as H.323 or RTP, facilitates interoperability between the different components of your network. In addition to these network protection and mediation functions, the Session Border Controller will administer requests. The SBC distributes requests in a balanced way to avoid saturating the network or lowering the quality of communications.
Session Border Controllers are multi-function devices. Regarding protection, SBCs follow pre-established rules that evolve only with updates. They are powerless in new attack scenarios.
A Session Border Controller for your entreprise’s phone network: the advantages
Security for your telephony infrastructure
Your SBC allows you to establish an “Access Control List” (ACL) of IP addresses and subnets that are identified and allowed as packet sources. Any subnets and IP addresses not on this list that attempt to communicate with your IPBX will be excluded by your SBC.
Your Sesion Border Controller also allows you to limit your vulnerability to Denial of Service (DDoS) attacks. To protect against DDoS your SBC limits the speed of throughput allowed on your telephony infrastructure. Your SBC hides your network architecture from malicious actors: the addresses of the nodes through which SIP messages pass are no longer visible in the packet headers.
Better call performances
By analyzing the traffic of your VoIP infrastructure, the SBC can arbitrate the flows and optimize their routes. The objective is to reduce the transfer time of call data to improve call quality. In case of network saturation, your SBC can prioritize certain sessions and redirect less urgent ones. This way, your communications are no longer affected by changes in your network load.
The SBC will allow exchanges between the components of your telephone architecture that communicate on different protocols. This functionality is used to link the operator’s architecture to your telephone infrastructure.
How to choose my Session Border Controller (SBC) ?
Several characteristics should influence your choice in the acquisition of an SBC. First, you should carefully study the range of attacks covered by your firewall. SBCs are developed following a deterministic logic. The types of attacks are observed and the SBCs are updated to counter them. SBCs are therefore very effective against the most widespread frauds (TDoS, intrusions, etc.).
Secondly, we must question the possibilities of “personalizing” the SBC:
Will it be able to adapt well to your infrastructure and to your company’s needs?
Following this logic, the processing capacity of the SBC is another element that you should consider:
Is it capable of handling at least a slightly higher volume of calls/queries than your business typically receives?
As mentioned earlier, interoperability of the SBC is a critical function:
Will it optimize your company’s workflow by promoting harmony between communication tools?
This feature will allow, for example, to automatically transfer a communication from the Teams application (web RTP) to a fixed phone (SIP).
The “Mi Voice Border Gateway” from Mitel allows “connections by WebRTC gateway to SIP.
The issue of audio quality is also important. All voice communications will now be routed via the SBC. If this central element of the network degrades the quality of the calls, the quality of the entire telephone communications of your company will be impacted.