Author Archives: InfoStructure

Polycom® SoundPoint® IP 650

High-performance IP phone with Polycom HD Voice™ technology

soundpoint_ip650

Polycom IP Phone 650Polycom®
SoundPoint® IP 650

Six-line executive phone
Revolutionary voice quality with Polycom HD Voice technology
Cutting-edge features and applications
Expandable to support three Polycom SoundPoint IP Expansion Modules
Interoperable with leading SIP-based IP PBX and Softswitch platforms

Features and Benefits

Six lines (standalone) / 12 lines (with the SoundPoint IP Expansion Module)
Polycom HD Voice technology, including support of G.722 wideband codec, Acoustic Clarity Technology 2, and systems design optimized for Polycom HD Voice technology
Advanced functionality, including shared lines, busy lamp field, presence, and XHTML applications
Support of up to three SoundPoint IP Expansion Modules
Backlit 320 x 160-pixel grayscale graphical LCD
Integrated IEEE 802.3af Power over Ethernet (PoE) support
USB port for future applications

Polycom® SoundPoint® IP 550

Cutting-edge SIP feature set meets Polycom® HD Voice™ technology

soundpoint_ip550

Polycom IP Phone 550Polycom®
SoundPoint® IP 550

Four-line manager’s phone
Revolutionary voice quality with Polycom HD Voice technology
Cutting-edge SIP features
Backlit, easy-to-read LCD with support of Asian characters
Interoperability with leading SIP-based IP PBX and Softswitch platforms

Features and Benefits

Four lines
Polycom HD Voice technology, including support of G.722 wideband codec, Acoustic Clarity Technology 2, and systems design optimized for Polycom HD Voice technology
Advanced functionality, including shared lines, busy lamp field, presence, and XHTML application
Backlit 320 x 160-pixel grayscale graphical LCD
Integrated IEEE 802.3af Power over Ethernet (PoE) support

Polycom® SoundPoint® IP 450

Mid-Range SIP desktop phone with Polycom HD Voice™ and high-resolution, backlit display

soundpoint_ip_450

Polycom IP Phone 450Polycom®
SoundPoint® IP 450

Revolutionary voice quality with Polycom HD Voice™
High-resolution backlit LCD with support of multiple languages and Asian characters
Built-in XHTML Microbrowser for third party applications
Fully enabled to run the Polycom Productivity Suite
Three lines for a moderate volume of calls

Features and Benefits

Polycom HD Voice™ technology, including support of G.722 wideband codec, Acoustic Clarity Technology 2, and systems design optimized for Polycom HD Voice
Advanced functionality, including shared lines, busy lamp field, presence, and XHTML Microbrowser
Backlit 256 x 116-pixel multi-layer, grayscale graphical LCD
Integrated IEEE 802.3af Power over Ethernet (PoE) support (Class 2)
Two port 10/100 Ethernet Switch

Polycom® SoundPoint® IP 335

Entry level IP phone with Polycom HD Voice™ technology

soundpoint-ip-335-sm-a

Polycom IP Phone 335Polycom®
SoundPoint® IP 335

Revolutionary voice quality delivered through HD Voice technology
High-resolution backlit, graphical display
Two-line entry-level phone
Easy to configure and use
Integrated Power over Ethernet (PoE) support (Class 2)
Interoperability with leading IP PBX and Softswitch platforms

Features and Benefits

Polycom HD Voice technology, including support of G.722 wideband codec, Polycom Acoustic Clarity™ Technology 2, and systems design optimized for Polycom HD Voice technology
Advanced functionality, including shared lines, busy lamp field, three-way conferencing, and XML microbrowser
Backlit 102 x 33-pixel, grayscale graphical LCD
Integrated IEEE 802.3af Power over Ethernet (PoE) support (Class 2)
Two port 10/100 Ethernet Switch
Dedicated RJ-9 headset port

Polycom® SoundPoint® IP 331

Excellent sound quality and an enterprise-grade feature set.

soundpoint_ip330_320

Polycom IP Phone 350Polycom®
SoundPoint® IP 331

Two-line entry-level phones
Superb sound quality and full-duplex speakerphone performance with
Clarity by Polycom™ acoustic technology
Enterprise-grade feature set
Easy to configure and use
Integrated Power over Ethernet (PoE) support
Interoperability with leading IP PBX and Softswitch platforms
SIP features

Features and Benefits

Two lines
Full-duplex IEEE 1329 Type 1-compliant speakerphone with Clarity by Polycom™ acoustic technology
102 x 33-pixel graphical LCD
Integrated 802.3af PoE support
Two-port 10/100 Ethernet –switch – SoundPoint IP 331 (Single 10/100 Ethernet port – SoundPoint IP 321)
Small footprint

TLS & SRTP

The TLS and SRTP Combination

Firewalls offer the ability to encrypt SIP protocol signaling by changing the transport from UDP/TCP to TLS (Transport Layer Security). Some also includes support for SRTP (Secure Real-time Transport Protocol). SRTP provides a high level of security for live data with advanced encryption, confidentiality, message authentication and replay protection.

Together, this powerful SRTP-TLS combination protects media from being overheard by unauthorized persons, providing an extremely high level of security for live data. Using TLS and SRTP to encrypt signaling and media traversing the Internet effectively stops eavesdroppers, hackers and spoofers. The firewalls decrypts the signaling and media and deliver them “in the clear” to devices on the Local Area Network (LAN), or pass the encrypted packets on to the server or phone fully encrypted all the way to the user. This flexibility permits the network administrator to tailor the use of encryption to the needs of the organization and the capabilities of the other SIP equipment in the network. The integrity of the call is much stronger than ever possible on PSTN. Used in conjunction with Ingate’s full SIP proxy technology, Ingate’s TLS-SRTP combination delivers maximum protection for enterprises using SIP communications.

More SIP Protocol Security & Compliancy

Providing all important layers of SIP security.

Solid firewalls have deep packet inspection (DPI) capability, which gives Ingate the ability to look at Layer 2 through Layer 7 of the OSI model. As the SIP protocol is an application layer (Layer 7) in the OSI model, some products have a unique ability to evaluate the SIP protocol packets and provide non-protocol compliance rules, routing rules and policies. Deep packet inspection also provides an important layer of security.

How else does a proper plan ensure security for SIP applications?

Products which strictly adhere to the SIP protocol, look specifically for SIP compliancy. If there is a failure of SIP protocol compliance, the Ingate will use SIP components such as its full SIP proxy and SIP B2BUA to correct or discard SIP traffic to resolve compliancy issues.

Such products can also apply policies to correct SIP non-conformances in various applications such as:

Removal of VIA Headers
SIP Method Processing Rules
MIME Content Filtering
SIP Offer / Answer Call Flow
Escaped Whitespace Rules
SIP Method Authentication
URI Encoding
Session Timers
180 Response Removal
Username Checks
Limitation of Media Streams
Better Reliability
UDP Packet Size
Limitation of RTP Codecs
and so much more!

Depending on the nature of the failure to adhere to the protocol, the Ingate can also invoke a denial of service.

SIP Deep Packet Inspection

Deep Packet Inspection (DPI) will identify and classify the SIP traffic based on a signature database

Deep packet inspection (or DPI) is a powerful way to protect not just SIP traffic, but also the network. DPI is a form of computer network packet filtering that examines the data (or datagram) and UDP/TCP header part of a packet as it passes through an Ingate SIParator or Firewall.

Managed devices are searching for non-protocol compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can pass or if it needs to be routed to a different destination, or for the purpose of collecting statistical information. This is in contrast to shallow packet inspection (usually called just packet inspection) which only checks the UDP/TCP header portion of a packet.

Shallow packet inspection is the kind of inspection commonly found in most NAT firewall devices.

Firewalls with Deep Packet Inspection capability, Ingate has the ability to look at Layers 2 through 7 of the OSI model. Since the SIP protocol is an Application Layer (Layer 7) in the OSI Model, Ingate products have a unique ability to:

Look at the SIP protocol packets, to provide non-protocol compliance rules, routing rules and statistical information, and
Provide IDS/IPS security features for an effective defense against overflow attacks, denial of service (DoS) attacks, and sophisticated intrusions.This includes headers and SIP protocol structures as well as the actual payload of the message.

DPI will identify and classify the SIP traffic based on a signature database that includes information extracted from the data part of a UDP/TCP packet, providing extremely precise of control of any SIP traffic — finer than any classification based only on header information only.

SIP Security

With the proper protections in place, SIP applications are very secure.

Like any application over Voice-over-IP and all similar applications should be implemented in a way that ensures the continued security and integrity of the enterprise network. With the proper protections in place, SIP applications are very secure. In fact, VoIP calls can be more secure than those made on the PSTN. That’s just an example of how, with the right measures, any SIP application can be secure enough for enterprise use.

The SIP protocol resides in the Application Layer; it is written in clear text within the datagram of a UDP or TCP transport. Because it is in clear text, it is readily readable to any malicious efforts to compromise your VoIP or data traffic. Sensitive IP address information, port address information, contact addresses, usernames, SIP compliance capabilities, media stream attributes and more are all contained in the SIP protocol.

In addition, the VoIP media stream is also unencrypted. Common media streams such as G711, G723, and G729 are open for malevolent efforts to record conversations over the Internet. Given that SIP is a relatively new protocol for VoIP deployment, there have been very few malicious SIP attacks to date. But as popularity grows and SIP becomes more widespread, the possibility for these kinds of events increases. But since the SIP protocol has been developed by the IETF it has built in capabilities to ensure that the security and control of the enterprise network is maintained, and that measures can be taken to protect the integrity of all Internet-based communications, even for the most sensitive conversations.

The IP-PBX should be deemed a “Mission Critical” server. The IP-PBX is the controller for all of the VoIP phones and SIP applications. Any service outage or degradation would result in the loss of communication and ultimately the loss of business revenue. The IP-PBX must be protected from the Internet and foreign or unknown networks just as any other mission-critical server on the network.

That means that the PBX should never be assigned a publicly routable IP address. The Network Address Translation to the private address space provides a layer of security that must be maintained for the IP-PBX. Measures such as deep packet inspection, encryption and support for TLS and SRTP, authentication, intrusion detection and prevention (IDS/IPS) functionality, DoS attack detection and even SIP (and SIPconnect) compliance are all necessary ways to protect not just the SIP traffic, but also the network.

Solid plans employ all of these and more, including filtering capabilities to ensure that only authorized users are permitted access. With an E-SBC in place, like the SIParator from Ingate Systems, SIP communications can be successfully and securely introduced to the network and the enterprise remains in full control of their network.