I use a VPN. Do I still need a SBC? 7 Questions from Sangoma Security Webinar

January 18, 2018 by Ying-Hui Chen

We co-hosted a Security webinar Part I with Sangoma this Tuesday and our audience had a lot of questions regarding SBCs, VPN, dynamic IPs, PBX and other security issues. We would like to share the Q&A session with all of you who may have the same questions!

Also, don’t forget the Security Webinar Part II is coming on February 6th! Register early to save your seat!

1. For the session border controller if we have any IPS static do we need one? Then we wouldn’t have ports open to the entire world but only from specific?

Answer: This will protect you as long as your users do not have infected devices at that IP address. Putting a SBC into the equation ensures that only the traffic you want passes onto your network.

2. What if you use a VPN? Do you still need a SBC?

Answer: VPN will secure the device (in this case the IP phone), but you are still opening up ports for your SIP provider. You must also consider the fact that your user may connect an infected PC or Laptop to that phone, which would now have a secure connection directly to your LAN. The same thing applies if your users are using a softphone over VPN using an infected device.

3. If we use remote phones and they are on dynamic IP’s or travel then we should be using an SBC?

Answer: Absolutely.

4. I would imagine VPN from endpoints to PBX, like OpenVPN with the Sysadmin Pro module. So if I have FreePBX, Sysadmin Pro module with Sangoma phones running OpenVPN, what does adding the SBC get me? SIP trunks, like Bandwidth or Flowroute. The PBX is hosted.

Answer: VPN will secure the device (in this case the IP phone), but you are still opening up ports for your SIP provider. You must also consider the fact that your user may connect an infected PC or Laptop to that phone, which would now have a secure connection directly to your LAN. The same thing applies if your users are using a softphone over VPN using an infected device.

5. What if our phone system is cloud hosted. Do we need an SBC?

Answer: Yes. Since you would need to open ports on your firewall to allow SIP traffic thru to your phones.

6. If you are using HA do you need 2 SBCs?

Answer: Since the two PBXs are on the same network, you would only need 1 SBC.

7. What if the SBC fails in the field.  Do you need a hot-swappable or can you run the system without the SBC?

Answer: A system will run without it and hopefully your backup security strategies will protect you until you get another SBC deployed. If security is your number 1 priority you should have a backup if your budget allows for it.

More questions? Utilize the comment box below to ask our VoIP Experts or simply raise your phone to contact Brian Hyrek at [email protected] or 716-531-4318!


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.