BorderWare Firewall Fights VOIP ThreatsBy Wayne Rash | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
The new SIPassure-400 firewall is designed to protect SIP-based PBX hardware in the enterprise.
BorderWare Technologies Inc. has joined Ingate Systems AB and others in providing an edge solution to the external threat problem in voice-over-IP PBXes.
The Toronto-based company said Tuesday that it is shipping its new SIPassure-400 firewall, which is designed to keep out traditional threats to the enterprise and also threats unique to VOIP. The firewall is designed to support up to 1000 SIP (Session Initiation Protocol) users.
A specialized firewall is required because traditional firewalls normally are unable to pass SIP signaling information, effectively preventing voice calls outside the enterprise. SIP firewalls are VOIP-aware and, in addition to passing SIP packets, look for threats such as malformed messages, voicemail attacks, spoofing, session hijacking and, of course, SIP spam (a problem that has yet to surface).
BorderWare officials said that the firewall will work with PBX equipment from industry leaders Cisco Systems Inc. and Avaya Inc., but it should also work with most PBX gear that complies with the SIP standard. The firewall also works with F5 Networks Inc.'s Big IP network traffic manager, according to BorderWare.
In addition to its SIP features, the SIPassure-400 supports a wide variety of traditional firewall features and applies those features to SIP. As a result, if the enterprise uses network address translation, for example, it can allow calls to reach endpoints with translated addresses. The firewall will protect against intrusions, denial-of-service attacks and policy-based packet filtering, and it supports SNMP to allow integration into management frameworks, BorderWare officials said.
The SIPassure does add some security features that its rivals lack, such as a means of preventing VOIP spam. However, it is currently less scalable than Ingate's solution, which can handle up to 8,000 enterprise users. VOIP spam is still a theoretical risk, although it's likely to appear when SIP-based telephony gets sufficiently popular.
In addition to fighting VOIP spam, the SIPassure is designed to support policy enforcement and to perform traffic shaping using the F5 Big IP.
According to a BorderWare spokesperson, the company is still working with partners to deliver a version of the SIPassure firewall for carriers. The SIPassure-400 will sell for approximately $30,000.