Product specifications
Dialogic® BorderNet™ 4000 SBC Product Description Document
21
5. Security and Service Assurance
The BorderNet 4000 SBC protects itself and the network infrastructure from malicious
attacks while ensuring that VoIP services are uninterrupted. Resources are always available
for legitimate sessions, even under high-load conditions, attacks, and hardware or network
failures.
The BorderNet 4000 SBC security infrastructure provides protection against attacks at all
layers: IP/Transport, Signaling, and Application.
Layer Security Assurance
6 – 7 Application
(SDP)
• Allows sessions from configured peers only
• Uses dynamic blacklisting of peers for bad behavior
• Provides session constraints
• Enables selective information hiding, including topology
hiding, with B2BUA architecture
5 (SIP/H.323)
• Provides syntax and semantic validation of signaling
messages
•
Provides TLS for SIP signaling and management traffic
3 – 4
(IP/Transport)
• Provides a firewall to protect against TCP/IP attacks
• Employs rate-limiting to protect against DoS attacks
•
Enables topology hiding via media termination/relay
L3/L4 Security Measures
All incoming IP packets are parsed and checked against a set of rules to detect if the
packets are trying to exploit any known vulnerabilities of IP, TCP, UDP and ICMP protocols.
These checks ensure that valid traffic-flows are processed according to service level
agreements (SLAs) while malicious traffic is dynamically blocked.
Packet Consistency Checks
Each packet entering the BorderNet 4000 SBC through an Ethernet interface is checked to
verify that the IP packets are valid. The BorderNet 4000 SBC blocks the following IP
packets:
• packets with a multicast or broadcast source IP
• packets with incorrect IP header length
• packets with mismatched IP header checksum
• packets with the value of the IP header length field not equal to five (5)
• truncated packets