Unified Communication (UC) solutions have become critical to the success of organizations large and small due to their ability to integrate next-generation voice, video, data and mobile communications with reduced complexity and cost.

Connecting UC systems to the outside world is most commonly done via Session Initiation Protocol (News - Alert) (SIP) trunks, which are exceedingly popular because they provide more flexibility, greater capacity for advanced features and lower operating costs than legacy alternatives.

However, SIP-based communication from outside the enterprise is forced to traverse firewalls and/or routers that perform Network Address Translation (NAT) because traffic doesn't automatically make its way to the local area network (LAN).This occurs due to the very nature of firewalls, which are aimed at preventing outside sources from communicating with the LAN.

Traversing firewalls and NATs obviously can create security concerns, so how do enterprises take advantage of all the benefits of UC and SIP while maintaining control? This very topic is discussed in detail in a recent white paper from ShoreTel (News - Alert), a leading provider of next-gen UC solutions.

Companies are basically faced with two choices when managing their SIP trunk security. They can solve the traversal issue by either relying on session border controllers at the service provider level or they can deploy SIP-capable firewalls and SIP-enabling edge devices.

The white paper breaks down the former option, which is only sufficient in certain scenarios and often with a specific operator, and the latter, which is predictable and functions reliably with SIP standard compliant equipment.

Session border controllers at the service provider level hand over control of the security infrastructure to a third party, and should only be used if an enterprise has a barebones security policy and doesn't care whether they open up certain ports in their firewall to a service provider.

SIP-capable firewalls and SIP-enabling edge devices, on the other hand, provide secure control over the infrastructure while enabling flexible deployment of next-gen communication tools.

“If you run a business and want to maintain control of your own security infrastructure—with a high security policy, e.g. all ports in your firewall closed from the inside and deep packet inspection of the SIP traffic—then there is really only one choice: a SIP proxy-based, SIP-capable firewall or a SIP proxy-based enterprise SBC,” say the authors.

Check out the white paper to find out why.

Beecher Tuttle is a TMCnet contributor. He has extensive experience writing and editing for print publications and online news websites. He has specialized in a variety of industries, including health care technology, politics and education. To read more of his articles, please visit his columnist page.

Edited by Jennifer Russell