Ingate launches enhanced security for VoIP and SIP 24 March, 2008 By Vanessa Ho

PromoPipeline Exclusive Channel Promotions Find Out How You Can Make Money Today! ENROLL FREE! >> Factory Direct Should Not be Cheaper William Vanderbilt - Innovative Learning Channels Cloud Ecosystem II: A Candid Conversation with Oracle Beth Vanni - Amazon Consulting Cloud Ecosystem: A Candid Conversation with Rackspace Hosting Beth Vanni - Amazon Consulting Channel Manager Compensation William Vanderbilt - Innovative Learning Channels Financial Expertise William Vanderbilt - Innovative Learning Channels

"The implementation of SIP and VoIP in the industry is expanding rapidly," said Steven Johnson, president of Ingate Systems. "To date we haven't seen a lot of these attacks [against SIP networks] but the [Ingate Enhanced Security Module] is a proactive release in anticipation of customer requirement and the possibilities of these kinds of attack being launched on real production-type networks."

The reason why the product is optional, said Johnson is not everyone needs or wants these features and not everyone is using VoIP for business. "We want to give people a choice and make it available to people who feel they can benefit by it."

The Ingate Enhanced Security Module has been designed for stronger levels of security than what was otherwise available for VoIP, said Johnson. Some of the new features include encryption, denial of service attack prevention and intrusion detection and prevention.

Johnson explained that the encryption appliance allows the customer to encrypt both the signaling path as well as the media stream so they can get ultimate privacy in communication over the Internet.

"Not everybody requires or even desires that but for those industries especially legal, health care and finance, they are very sensitive to maintaining the privacy of their clients and this is an essential component because it allows them to fully encrypt and not expose anything to the outside world," he added.

The encryption process requires an exchange of keys that is needed in order for communications to be unencrypted and therefore understandable. Johnson said that the exchange of keys needs to be done before the first encrypted packet shows up. On the signaling side, Ingate uses transfer layer security and a shared key is also needed to unlock the signaling stream.

The denial of service attack prevention piece can limit the total amount of calls from certain or all domains and IP addresses and is completely configurable by the customer.

"We are using the Internet as a communications vehicle and sometimes it is the primary communication for a company. So the risk that people could try and flood a network with lots and lots of call requests or initiations that never get responded to can basically tie up the network. If you were a business that relied on telephony and somebody [successfully] launched one of those attacks, [companies] wouldn't be able to do any business during that period of time," said Johnson.

With intrusion prevention, it is rules based where any intrusions identified by Ingate will have a rule created to look for particular patterns in packets that could be construed as being valid SIP packets but when delivered through a PBX could generate problems for a network.

"We will be constantly looking for these kinds of intrusion attempts and as those attempts are made and identified we will write rules and provide those rules out to our customers so they can enable the rule on their box to prevent that attack from happening and getting into their network," explained Johnson.

On the intrusion detection side, if an attack is launched prior to the rule getting to the customer or being implemented, the Ingate module will look for that attack on any outbound traffic and alert management that there may have been an attack attempted and take the appropriate action to prevent it from actually going out to somebody else.

Johnson added that Ingate is focusing the Ingate Enhanced Security Module for PBX partners and service providers to offer a complete solution and services for their customers.

The Ingate Enhanced Security Module is available now as optional software for all Ingate Firewall and Ingate SIParator products. Pricing is based on a per box basis and varies with the low-end module priced at $700 US with the high-end priced at $2800.