Security is often a number one concern when it comes to networking for most businesses, especially any enterprise. Even when deploying a PBX or SIP network to handle your communications, security is of a high concern – since your voice is being transferred as data, it can be intercepted and heard by unauthorized ears.

When looking to protect your VoIP calls, hardware or software network firewalls can be deployed on your end to act as a gatekeeper for that network. On top of that, a Session Border Controller can truly help lock down any and all information passing through your phone calls.

Understanding Session Border Controllers

Thankfully, when deploying a VoIP solution an SBC is something you will never have to worry about. Especially with hosted deployments, since everything is handled on the provider’s back end, your business won’t have any real contact with the network, data centers, or any sort of SBC hardware or software. However, for an on-premise solution, best practice is to place an SBC at both ends on the Enterprise network and the service provider’s end as well.

Sangoma RouterRegardless, for both the security conscious business or just the informed shopper – it would be beneficial to understand what a Session Border Controller is and how it might secure your VoIP calls to make the best decision when looking to adopt a new or different solution.

So, what exactly is a Session Border Controller?

A session border controller is a network hardware device, or sometimes a software application, with the one dedicated purpose of protecting all phone calls on that network.

Essentially, the SBC on your network will control how calls are started, conducted, and terminated – and all the necessary media streams and data transfer to allow calls to occur. A Session Border Controller will act much as a firewall for you VoIP network, ensuring every call occurs properly and is protected all the way until the end. SBC’s are generally deployed with all SIP networks.

To put it simply – a Session Border Controller will act as the gatekeeper of your VoIP network, by keeping the proper IP packets of information flowing while weeding out any possible security threats.

What does an SBC do for the network, and in the end your VoIP calls?

SBC Diagram

An SBC will act just as a router, or firewall, would, setup in between the business’ network, and the provider’s service network. In practice, an SBC can be configured for a vast number of uses, and will differ for almost every business depending on what is considered more crucial. Some of the common configurations for an SBC include:

1. Security for Your VoIP Calls

However, at the most basic level every SBC will act in a similar fashion. Just as a firewall or router, the SBC will act as the gatekeeper for your network. Sitting at the “border of the network,” an SBC will monitor all phone calls, also known as sessions. Along with monitoring each connection, an SBC will determine and allow only authorized sessions to occur. Sessions can also include any other media data like video conferencing. With an SBC, only authorized information can connect and transfer through your network to help keep out any unwanted traffic.

2. Prioritization and Quality of Service Management

An SBC can also monitor the quality of service status for every session in order to ensure that calls are lag or jitter free, data passes through and transfers without any interruptions or packet loss, as well as prioritizing different services and calls – for example any emergency calls placed on the network will receive a higher priority than other standard calls to ensure they are completed with the highest quality of service. An SBC can also help with resource allocation on your network, as well as rate limit to prevent bandwidth hogging.

3. Protocol Translation

In a more of a technical use for a business with in-house IT, an SBC can help bridge the gap between multiple VoIP connections on different networks. If your business is not utilizing only a SIP trunking solution, but also general SIP-based or even legacy based voice-system an SBC can provide protocol translation. In fact, SBCs can even act as a SIP to WebRTC gateway.

A Solution to NAT Troubles

Often times, a business will run into troubles with Network Address Translation, or NAT. Without getting too complicated, NAT is a method of reusing IP addresses for multiple connections. Since there are a limited number of IP addresses with our current IPv4, NAT is necessary to allow a single device to act as a gatekeeper between the local network and the internet.

With NAT, only one IP addresses is required for the entire network of computers. Of course, this is just one use of NAT, as it can in effect also help improve the security of a network. In practice, NAT settings can often confuse networks and make it impossible for connections from the public internet to reach the end user. However, an SBC is often utilized to solve any NAT traversal issues.

With the SBC acting as the public connection of the user on that network, connections will always have a path to flow through the SBC to the user. This would then replace the act of searching for a specific user with a generic IP address for the entire network.

Virtual Session Border Controllers

Another option besides the hardware device is the cloud hosted and optimized Virtual SBC. Just like a software firewall is to a hardware firewall, the Virtual SBC is installed on a network machine and delivers the same functions as a hardware counterpart would.

The benefits of a Virtual SBC over an on-premise hardware deployment echo the benefits general benefits of a cloud deployed solution. Simply put, because everything is hosted, and therefore handled on the back end of the cloud all the way on the provider’s premise, there is no need for any hardware devices, therefore provisioning of hardware. And since it’s all in the cloud, the protection can be scaled quickly, easily and even set as an automated function.

Should Your Network Employ an SBC?

Whether or not your business will find it necessary to incorporate an SBC into their VoIP solution will depend on a number of factors. Not only that, but how the SBC is even utilized and configured will ultimately be decided by the highest priority your business has.

If your provider is already utilizing an SBC it can be a good idea to compliment with an SBC on your network’s end as well, and even a Virtual SBC can suffice. If security is considered to be of a high concern for your business, then a Session Border Controller will be a crucial step in ensuring the highest level of security for your network.