Borderware has announced a product to help protect VoIP from hackers... If I am reading this release correctly, they claim to be the first "SIP-aware" firewall. There are many H.323 -aware firewalls out there for sure, but I could have sworn there already existed at least a few SIP-aware firewalls, i.e. have the ability to inspect the packets coming into the firewall and distinguish SIP voice traffic from regular data. A SIP-aware firewall would have the ability to allow SIP traffic to pass through without having to open ports, which open the door to security issues. I'll have to look into this claim to be "first" further - could just be marketing-speak (aka exaggerated press relese claims). Could have sworn Jasomi's firewalls for example were "SIP-aware".
Anyway. here's the BorderWare release:
BorderWare Makes VoIP Safe
Company Unveils First Firewall to Safeguard
Businesses, Consumers Against VoIP Security Exploits
Businesses, Consumers Against VoIP Security Exploits
SCOTTSDALE, AZ – February 14, 2005 – BorderWare Technologies Inc., the
benchmark provider of messaging security solutions, will showcase the industry's
first SIP-based technology designed to protect Voice over Internet Protocol
(VoIP) communications from hackers, spoofers and malicious threats. BorderWare
has been invited to demonstrate SIPassure™, its application-level firewall, on
stage at DEMO@15!, one of the industry's
premiere events focused on emerging technologies and new products.
benchmark provider of messaging security solutions, will showcase the industry's
first SIP-based technology designed to protect Voice over Internet Protocol
(VoIP) communications from hackers, spoofers and malicious threats. BorderWare
has been invited to demonstrate SIPassure™, its application-level firewall, on
stage at DEMO@15!, one of the industry's
premiere events focused on emerging technologies and new products.
VoIP On A Global Growth Path
By all accounts,
the VoIP industry is on a global growth path. Nearly one out of five U.S.
Internet users says they will likely upgrade their traditional phone service by
subscribing to VoIP. In a recent survey of more than 300 mid-size businesses and
large-enterprises, market researcher In-Stat, found that 23% of decision-maker
respondents said they had already deployed wireless VoIP in some manner, and
another 30% said that they were planning or evaluating the implementation of the
technology within the next six to twelve months.
By all accounts,
the VoIP industry is on a global growth path. Nearly one out of five U.S.
Internet users says they will likely upgrade their traditional phone service by
subscribing to VoIP. In a recent survey of more than 300 mid-size businesses and
large-enterprises, market researcher In-Stat, found that 23% of decision-maker
respondents said they had already deployed wireless VoIP in some manner, and
another 30% said that they were planning or evaluating the implementation of the
technology within the next six to twelve months.
Only recently, however, have industry vendors and
researchers begun to sound the alarm that VoIP is vulnerable to a number of
exploits, forming the VoIP Security Alliance (VOIPSA) to raise awareness, offer
research and product security testing.
researchers begun to sound the alarm that VoIP is vulnerable to a number of
exploits, forming the VoIP Security Alliance (VOIPSA) to raise awareness, offer
research and product security testing.
"As the VoIP revolution unfolds, users need to be
aware of the many exploits that could compromise their next Internet call," said
Chris Shipley, DEMO executive producer. "BorderWare's VoIP security technology
guards against many of the pitfalls associated with the adoption and deployment
of this new communications technology. BorderWare's SIPassure has the potential
to make VoIP a safe option for everyone."
aware of the many exploits that could compromise their next Internet call," said
Chris Shipley, DEMO executive producer. "BorderWare's VoIP security technology
guards against many of the pitfalls associated with the adoption and deployment
of this new communications technology. BorderWare's SIPassure has the potential
to make VoIP a safe option for everyone."
BorderWare will demonstrate how VoIP
communications facilitated through the industry standard Session Initiation
Protocol (SIP) are vulnerable to a series of application-level exploits
including:
communications facilitated through the industry standard Session Initiation
Protocol (SIP) are vulnerable to a series of application-level exploits
including:
• Denial-of-Service (DoS) and Distributed
Denial-of-Service (DDoS) attacks that can consume large amounts of bandwidth in
a VoIP network, grinding it to a halt.
• Eavesdropping and
"man-in-the-middle" attacks that allow hackers to become part of a VoIP call
without the communicating parties ever knowing someone is listening
in.
• Call Redirection, which enables a hacker to automatically call-forward
a connection to their system.
• Malicious Calling, VBombing and VoIP Spam,
which are nefarious attacks that flood the receiver with hundreds of false voice
mails within seconds.
• Spoofing, Phishing or Fake Caller ID, in which a
hacker can masquerade as a trusted person making legitimate voice calls to an
unsuspecting patron.
Denial-of-Service (DDoS) attacks that can consume large amounts of bandwidth in
a VoIP network, grinding it to a halt.
• Eavesdropping and
"man-in-the-middle" attacks that allow hackers to become part of a VoIP call
without the communicating parties ever knowing someone is listening
in.
• Call Redirection, which enables a hacker to automatically call-forward
a connection to their system.
• Malicious Calling, VBombing and VoIP Spam,
which are nefarious attacks that flood the receiver with hundreds of false voice
mails within seconds.
• Spoofing, Phishing or Fake Caller ID, in which a
hacker can masquerade as a trusted person making legitimate voice calls to an
unsuspecting patron.
"While the industry works to secure voice
communications at the transport layer with VPN-type encryption, hackers are
developing tools that attack Internet calls at the application layer, gaining
unauthorized access to a VoIP connection," said John Alsop, Chairman,
BorderWare. "To protect VoIP communications at the application layer you need a
SIP firewall that is able to authenticate the user attempting to make a
connection and to provide systems administrators with the ability to easily set
and enforce their VoIP security policies."
communications at the transport layer with VPN-type encryption, hackers are
developing tools that attack Internet calls at the application layer, gaining
unauthorized access to a VoIP connection," said John Alsop, Chairman,
BorderWare. "To protect VoIP communications at the application layer you need a
SIP firewall that is able to authenticate the user attempting to make a
connection and to provide systems administrators with the ability to easily set
and enforce their VoIP security policies."
About Session Initiation Protocol (SIP)
Like
HTTP and SMTP, SIP has been endorsed by the Internet Engineering Task Force
(IETF) and is emerging as the dominant session protocol for real-time Internet
(IP) communications applications including instant messaging (IM), VoIP, video
conferencing, etc. Industry players from carriers to equipment makers are all
moving to SIP because it provides the convenience and benefit of ensuring that
hardware equipment and applications from different vendors will work in tandem.
SIP, however, is also susceptible to similar types of threats and exploits that
plague the Web and email. BorderWare's SIPassure is designed guard against such
threats.
Like
HTTP and SMTP, SIP has been endorsed by the Internet Engineering Task Force
(IETF) and is emerging as the dominant session protocol for real-time Internet
(IP) communications applications including instant messaging (IM), VoIP, video
conferencing, etc. Industry players from carriers to equipment makers are all
moving to SIP because it provides the convenience and benefit of ensuring that
hardware equipment and applications from different vendors will work in tandem.
SIP, however, is also susceptible to similar types of threats and exploits that
plague the Web and email. BorderWare's SIPassure is designed guard against such
threats.
About BorderWare
Founded in 1994, BorderWare
Technologies Inc. is the benchmark provider of messaging security solutions for
carriers, enterprises, government and small businesses. The company's
comprehensive firewall and market-leading "application-specific" appliances for
email and VoIP security are deployed at more than 7000 customers worldwide.
BorderWare has developed affiliations and partnerships with some of the
industry's most prominent companies in Internet infrastructure, security and
messaging including 3Com Corp., F5 Networks, Sun Microsystems, RSA Security,
Research In Motion (RIM), Symantec and Kaspersky Labs. BorderWare is a private
company headquartered in Toronto, Canada with offices in London, Frankfurt,
Stockholm, Dubai, Ottawa, Dallas, San Jose, New York, and Washington DC. For
more information visit http://www.borderware.com or call
1-877-814-7900.
Founded in 1994, BorderWare
Technologies Inc. is the benchmark provider of messaging security solutions for
carriers, enterprises, government and small businesses. The company's
comprehensive firewall and market-leading "application-specific" appliances for
email and VoIP security are deployed at more than 7000 customers worldwide.
BorderWare has developed affiliations and partnerships with some of the
industry's most prominent companies in Internet infrastructure, security and
messaging including 3Com Corp., F5 Networks, Sun Microsystems, RSA Security,
Research In Motion (RIM), Symantec and Kaspersky Labs. BorderWare is a private
company headquartered in Toronto, Canada with offices in London, Frankfurt,
Stockholm, Dubai, Ottawa, Dallas, San Jose, New York, and Washington DC. For
more information visit http://www.borderware.com or call
1-877-814-7900.
Technorati
Del.icio.us
Slashdot
Digg
twitter
The long departed Minneapolis firm, AraVox had the first SIP firewall that I knew of...
Check Point VPN-1/FireWall-1 has been SIP-aware for a while now. Oh wait, they've supported SIP for over 2 years! Maybe it's not a SIP-specific firewall, but it definately support SIP (and H.323, and a whole mess of other protocols).
http://www.checkpoint.com/press/2002/voip061102.html
I didn't think that it was just a SIP aware firewall, I thought it offered a lot of application layer functionality coupled with the firewall. They published some info on VOIPSA and IETF on edge proxies. Is there product not based on that ? That's how I read it