From the SIP Trunking Experts

January 11, 2012

Deep Packet Inspection: A Critical Security Measure

By Steven Johnson President, Ingate Systems, Inc.

This article originally appeared in the Dec. 2011 issue of INTERNET TELEPHONY.

Deep packet inspection is a powerful way to protect not just SIP traffic, but also the network. Deep packet inspection is a form of computer network packet filtering that examines the data (or datagram) and UDP/TCP header part of a packet as it passes through an enterprise session border controller.

When SIP traffic reaches the E-SBC, the E-SBC searches it for non-protocol compliance, viruses, spam, intrusions or other criteria that’s been predefined to decide if the packet can pass through, or if it needs to be routed to a different destination. Also, the E-SBC can examine the packet for the purpose of collecting statistical information. 

This is in contrast to shallow packet inspection (usually called just packet inspection), which only checks the UDP/TCP header portion of a packet. Shallow packet inspection is the kind of inspection commonly found in most NAT firewall devices.

An E-SBC with deep packet inspection capability can look at layers 2 through 7 of the OSI model. Since SIP is an application layer (layer 7) in the OSI model, these products have a unique ability to:

  • Look at the SIP packets to provide non-protocol compliance rules, routing rules and statistical information, and
  • Provide intrusion detection/intrusion prevention security features for an effective defense against buffer overflow attacks, denial of service attacks, sophisticated intrusions and a small percentage of worms that fit within a single packet. This includes attacks targeting headers and SIP structures as well as the actual payload of the message.

IDS/IPS also enables the E-SBC to block malicious SIP signaling packets designed to attack certain SIP phones, servers or other devices on the enterprise LAN. This secures the enterprise network, as the E-SBC handles the attacks while the servers and other SIP devices in the network can still be used.

Deep packet inspection will identify and classify the SIP traffic based on a signature database that includes information extracted from the data part of a UDP/TCP packet, providing extremely precise of control of any SIP traffic – finer than any classification based on header information only.

To find out more about Ingate, visit the company at ITEXPO East 2012 as they partner with TMC, thought-leaders and vendors in the space, to present Ingate's SIP Trunk UC Summit February 1-3, 2012 at the Miami Beach Convention Center in Miami, Fla.  ITEXPO is the world’s premier IP communications event.

Stay in touch with everything happening at ITEXPO… Follow us on Twitter.

Steven Johnson is President of Ingate Systems, Inc. To read more of Steven’s articles, please visit his columnist page.

Edited by Stefania Viscusi
Comments powered by Disqus