BorderWare Firewall Fights VOIP Threats

By Wayne Rash  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

The new SIPassure-400 firewall is designed to protect SIP-based PBX hardware in the enterprise.

BorderWare Technologies Inc. has joined Ingate Systems AB and others in providing an edge solution to the external threat problem in voice-over-IP PBXes.

The Toronto-based company said Tuesday that it is shipping its new SIPassure-400 firewall, which is designed to keep out traditional threats to the enterprise and also threats unique to VOIP. The firewall is designed to support up to 1000 SIP (Session Initiation Protocol) users.

A specialized firewall is required because traditional firewalls normally are unable to pass SIP signaling information, effectively preventing voice calls outside the enterprise. SIP firewalls are VOIP-aware and, in addition to passing SIP packets, look for threats such as malformed messages, voicemail attacks, spoofing, session hijacking and, of course, SIP spam (a problem that has yet to surface).

BorderWare officials said that the firewall will work with PBX equipment from industry leaders Cisco Systems Inc. and Avaya Inc., but it should also work with most PBX gear that complies with the SIP standard. The firewall also works with F5 Networks Inc.'s Big IP network traffic manager, according to BorderWare.

In addition to its SIP features, the SIPassure-400 supports a wide variety of traditional firewall features and applies those features to SIP. As a result, if the enterprise uses network address translation, for example, it can allow calls to reach endpoints with translated addresses. The firewall will protect against intrusions, denial-of-service attacks and policy-based packet filtering, and it supports SNMP to allow integration into management frameworks, BorderWare officials said.

The SIPassure does add some security features that its rivals lack, such as a means of preventing VOIP spam. However, it is currently less scalable than Ingate's solution, which can handle up to 8,000 enterprise users. VOIP spam is still a theoretical risk, although it's likely to appear when SIP-based telephony gets sufficiently popular.

Click here to read an interview with the co-author of the SIP standard.

In addition to fighting VOIP spam, the SIPassure is designed to support policy enforcement and to perform traffic shaping using the F5 Big IP.

According to a BorderWare spokesperson, the company is still working with partners to deliver a version of the SIPassure firewall for carriers. The SIPassure-400 will sell for approximately $30,000.

Check out eWEEK.com's VOIP & Telephony Center at http://voip.eweek.com for the latest news, views and analysis on voice over IP and telephony.

Wayne Rash Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazine's Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.

He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.

Submit a Comment

Loading Comments...