In a week where there has been a lot of news relating to VoIP hacking Juniper Networks has announced a system that promises to protect enterprises and service providers from attacks against VoIP systems, such as worms and denial-of-service threats.
Juniper’s Dynamic Threat Mitigation system identifies attacks on specific users or applications and blocks the attack, essentially by using policy enforcement and control. The system ensures the network stays up and is unaffected by the attack, said Dean Sheffield, Juniper voice solutions marketing manager.
“We all know how important our voice services are and how productivity is impacted when the service is out,” he said. “Ask any lawyer who gets paid on billable hours how much it hurts if their VoIP system goes down.”
With IP telephony, VoIP signaling and the voice medium itself needs to be protected so network services aren’t stolen, the network isn’t brought down or unauthorized users can eavesdrop on conversations.
Juniper’s system includes an IDP (Intrusion Detection and Prevention) traffic-processing box that identifies anomalies in traffic, such as in SIP flows, and worms and viruses. The IDP detects anomalies and notifies a SDX software application, which in turn sends policies to network devices based on user information. Predefined policy instructs SDX on what to do and sends that policy to the device.
Juniper recently demonstrated the system sending the user to a captive portal and warning them their VoIP call may be compromised. It also could be configured to drop the call completely, Sheffield said. “The advantage here is the dynamic and instantaneous remedy to the business impact,” he said.
A service provider, using SDX and IDP, could offer the system as a managed service, or an enterprise could deploy it, generally with the help of a systems integrator.
Juniper’s system would compete with various stand alone IDP and service- provisioning offerings on the market. That includes IDP boxes from Check Point and Cisco Systems and provisioning tools from Alcatel, for example.
The benefit of Juniper’s system, according to the Sheffield, is its “dynamic nature” and that it works immediately to mitigate threats and applies policy to VoIP calls in real-time.
The system requires the Juniper M-series or E-series router, IDP and SDX products.
The SDX referred to here is a software package which provides a subscriber interface to the system. It houses a set of Web Services which are used to pass login information, (e.g. the username and password) down to the E-series Router. SDX will also activate services that are configured on the SDX, but activated through commands from the Everyplace Subscription Manager.