[SIPForum-discussion] Securing SIP Trunks

Tue Jan 25 19:45:28 UTC 2011

When you say a "hole", what kind of traffic are you able to get through that
"hole" ?  Also, I am not very well versed with OpenSBC, my experience is
with ACME.  Have you considered or does OpenSBC support TLS for SIP
signalling or SRTP?

-Tod

On Tue, Jan 25, 2011 at 2:27 AM, Harry West <westie5017 at hotmail.com> wrote:

>  Good Morning All,
>
> I hope you are well.
>
> Please could you offer some assistance on a scenario that I am struggling
> with. Basically, I am trying to identify ways in which I can provide
> additional VoIP security to a SIP Trunk that I have configured in my lab.
> When the SIP Trunk is configured between my Cisco Gateway and OpenSBC, I
> have found that there is a "hole" in the SBC...which I am assuming is the
> open ports/channels for the SIP Trunk users. My concern is that this hole
> presents a significant vulnerability and I am keen to identify ways in which
> I can add further security.
>
> I have an Access Control List (ACL) that only permits traffic between the
> Cisco Gateway and SBC, however, if this ACL is compromised then it leaves it
> wide open. Additionally, there is standard SIP Authentication, Trunk Group
> Authentication, Session Admission Control and a Maximum Call Capacity in
> place. Can you suggest any other areas for consideration?
>
> Many thanks in advance and I look forward to hearing from you.
>
> Kind Regards,
>
>
>
>
> Harry
> *
> *
> *
> *
>
> _______________________________________________
> This is the SIP Forum discussion mailing list
> TO UNSUBSCRIBE, or edit your delivery options, please visit
> http://sipforum.org/mailman/listinfo/discussion
> Post to the list at discussion at sipforum.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20110125/7df2118a/attachment-0002.html>