Hands on VoIP Security Labs

Frafos security labs present a a collection of fully functional hands-on examples that demonstrate how to implement Internet telephony securely using a Session Border Controller. We show how to set up browser telephony using secured WebRTC protocol stack, how to interconnect with SIP and PSTN, and how to systematically protect against external threats. Use AWS Cloud Formation links to launch complete scenarios that require no additional equipment.

VoIP Security @ Frafos

Due to the privacy violation and fraud risks, security is a critical aspect of VoIP service operation for both  enterprises and service providers. Services running on the public Internet are exposed to increasing cyberattack sophistication. For example, the sality-botnet SIP attack observed in 2011 was using 3 millions bots for its SIP scanning activity and each of them remained covert by sending very few scanning packets. Our key security principle in frafos is rapid adaptation. The SIP enforcement entity, Session Border Controller (SBC), inspects in detail VoIP traffic and enforces security policies. At the same time it reports extensive operational details to a Monitor component that analyzes the traffic patterns and provides  hints for adjusting the policies back at the SBC. This security adaption is taking place in real-time — the speed and force of today’s attack is requiring immediate automated response.

The VoIP Security Use-Cases

This site provides you with VoIP security hands-on experience — in few minutes you can set up various use-cases and observe how VoIP security works. The scenarios illustrate using web telephony and securing it using a Session Border Controller (SBC). An SBC is a specialized firewall that understands complicated details of VoIP application layer protocols, SIP for signaling and RTP for media. In nutshell, what Amazon WAF does for web, our frafos SBC does for VoIP — actually thanks to its close integration with the monitoring component a bit more.

The use-cases here are using specifics of Frafos software, ABC SBC, and mainly its security automation features. The automation of threat detection and blocking is today indispensable because attacks are also automated and human response to them doesn’t come at adequate speed to prevent a harm. The accompanying Monitor is showing graphically how the security situations emerged and were dealt with.

The scenarios are often using browser telephony based on the W3C’s WebRTC standard. This gives you the possibility to run your use-case without need for connecting and configuring SIP equipment.  It is worthwhile mentioning, that this is the first time in telephony’s history when encryption is massively available to end-users at no cost. The WebRTC standard is leaning on encryption standards proven in the web world.

Use of Amazon Web Services and Cloud Formation

The starting point for each case above is prepared using AWS Cloud Formation. That means you only need an AWS account to start your fully operational stack in few minutes.  Cloud Formation is based on “prescription” called “template” which completely defines the fully configured network including virtual machines, firewall rules, monitoring facilities, and more.  The collection of the resources created using a template is called Cloud Formation stack. Without Cloud Formation, you would have to set up all these elements manually which is a lengthy and error-prone process. When you click the “Launch Stack” link stack creation will be launched. You will be prompted for a required SSH key, consent to creation IAM resources and in some cases also for some case-specific parameters. The cloud formation process typically takes several minutes and results in creation of all needed resources.  The references to the resources is found in CloudFormation’s Output Window. These typically include links to the Monitor for traffic/security analysis, browser telephony applications, or CloudWatch links. All use-cases are created multiple nested stacks — the Outputs you are interested in are part of your root stack.

Note well that the cloud formation stacks will incur cost for the AWS infrastructure. Once you are finished with your experiments, delete the cloud formation stack, otherwise charges for AWS infrastructure will continue. 

There is no additional Frafos cost, the Frafos AMIs come with a Preview demo license.  The demo version differs from the GA version in that it typically includes more new features and is limited to a low number of parallel calls. The GA version of Frafos SBC and the accompanying Monitor is available on AWS Marketplace.

Warnings and Disclaimers

AWS charged are incurred. Web applications use self-signed certificates that need to be accepted before use. The configuration HOWTOs focus on specific examples and by no way represent a fully secured SIP service configuration. Software version present in the lab cases is the latest and may include features unavailable in the version offered through AWS Marketplace. The software available in the demo cases comes with restrictions such as maximum number of parallel calls.