Protecting Yourself in a WebRTC World

Slides:



Advertisements
Similar presentations
The leader in session border control for trusted, first class interactive communications.
Advertisements

1 TURN Server for WebRTC in the Firewall © 2014 Ingate Systems AB Prepared for:Ingates SIP Trunking, UC and WebRTC Seminars ITEXPO January 2014 Miami By:Karl.
Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
1 WebRTC in the Enterprise Presentation, Status, Demo © 2014 Ingate Systems AB Prepared for:WebRTC Pavilion ITEXPO August 2014 Las Vegas By:Karl Erik Ståhl.
1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,
© 2013 Ingate Systems AB 1 Prepared for:ITEXPO Conference, Las-Vegas, August 2013 By: Steven Johnson President Ingate Systems Inc. Also.
1 WebRTC in the Enterprise Presentation, Status, Demo © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking, UC and WebRTC Seminars ITEXPO January.
ICE, Turn, Stun and Security Session: D2-1 Tsahi Levent-Levi Director, Product Management Amdocs
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
© 2012 Intertex Data AB 1 Needs Show Up in Islands Person-to-person, real-time related: + IM, Presence, + SMS (2G, 3G…) (Wireless only!?) + Skype (call.
WebRTC & SIP E-SBC PBX Companion
Steven J. Johnson President Ingate Systems Inc. Enabling SIP to the Enterprise.
The NAT/Firewall Problem! And the benefits of our cure… Prepared for:Summer VON Europe 2003 SIP Forum By: Karl Erik Ståhl President Intertex Data AB Chairman.
Karl Stahl CEO/CTO Ingate Systems Ingate’s SBCs do more than POTSoIP SIP. They were developed.
Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.
Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.
1 Enabling WebRTC in the Enterprise A) How Can WebRTC Enhance the Enterprise PBX/UC Solution? B) Will SIP Trunking E-SBCs Include WebRTC Support? C)Can.
Beyond POTS Replacement Is SIP Trunking a step on that route? © 2009 Intertex Data AB 1 Prepared for:INTERNET TELEPHONY Conference Ingate’s SIP Trunking.
NATs & Firewalls The General SIP Proxy Firewall Prepared for:Spring VON 2003 By: Karl Erik Ståhl President Intertex Data AB Chairman Ingate Systems AB.
1 The Need for Enterprise Session Border Controller The E-SBC allows the enterprise to control its SIP implementation The Ingate SIParator ®
Steven J. Johnson President, Ingate Systems Inc. Enabling Trusted Unified Communications.
Enterprise Infrastructure Solutions for SIP Trunking
WebRTC Demo, Miami, May Ingate’s SBCs do more than POTS-like SIP. They were developed for standards-compliant end-to-end multimedia SIP quality.
Enabling SIP to the Enterprise Steven Johnson, Ingate Systems.
Virtual Private Network
IT Expo SECURITY Scott Beer Director, Product Support Ingate
1 Enabling WebRTC in the Enterprise A) How Can WebRTC Enhance the PBX/UC Solution? B) Will SIP Trunking E-SBCs Include WebRTC Support? C)Can Carriers Provide.
1 Enabling WebRTC in the Enterprise A) How Can WebRTC Enhance the PBX/UC Solution? B) Will SIP Trunking E-SBCs Include WebRTC Support? C)Can Carriers Provide.
WebRTC Demo, Atlanta June Ingate’s SBCs do more than POTSoIP SIP. They were developed for standard compliant end-to-end multimedia SIP connectivity.
Karl Stahl CEO/CTO Ingate Systems Ingate’s SBCs do more than POTSoIP SIP. They were developed.
Polycom Conference Firewall Solutions. 2 The use of Video Conferencing Is Rapidly Growing More and More people are adopting IP conferencing Audio and.
Ingate & Dialogic Technical Presentation SIP Trunking Focused.
SIP? NAT? NOT! Traversing the Firewall for SIP Call Completion Steven Johnson President, Ingate Systems Inc.
PART 2: Product Line. Tenor Switches & Gateways Tenor AX Series Solution For Medium to Large Enterprises  Available in 8, 16, 24 and 48 port Available.
Quintum Confidential and Proprietary 1 Quintum Technologies, Inc. Session Border Controller and VoIP Devices Behind Firewalls Tim Thornton, CTO.
Anders G Eriksson CEO, Ingate Systems Enabling Trusted Unified Communications.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
Dealing with NATs and Firewalls! Prepared for:Fall VON 2003 Boston By: Karl Erik Ståhl President Intertex Data AB Chairman Ingate Systems AB
Steven J. Johnson President Ingate Systems Inc.
1 WebRTC Introduction and Overview © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking, UC and WebRTC Seminars WebRTC Introduction and Overview ITEXPO.
PKE Consulting Some slides from the WebRTC Conference May 2015.
1 WebRTC in the Enterprise © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking, UC and WebRTC Seminars WebRTC in the Enterprise ITEXPO October 2015.
1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,
1 WebRTC in the Call Center and Number Replacement © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking, UC and WebRTC Seminars WebRTC in the.
“End to End VoIP“ The Challenges of VoIP Access to the Enterprise Charles Rutledge VP Marketing Quintum Technologies
Peer-to-Peer Solutions Between Service Providers David A. Bryan CTO, Jasomi Networks October 10, 2002 – Fall VON, Atlanta, GA.
1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.
NAT (Network Address Translation)
NET 536 Network Security Firewalls and VPN
WebRTC enabled multimedia conferencing and collaboration solution
Enabling WebRTC in the Enterprise
9/18/2018.
PKE Consulting 2014.
Trends in Enterprise VoIP
11/12/2018.
11/20/2018.
WebRTC for Bria Khris Kendrick
Virtual Private Network
Enterprise Infrastructure Solutions for SIP Trunking
WebRTC & SIP E-SBC PBX Companion
The Need for Enterprise Session Border Controller
Live Unified Communication Beyond the Borders
Live Unified Communication Beyond the Borders
What WebRTC Does NOT Do:
What’s Next For SIP Trunking? WebRTC in the Enterprise
Helping to Achieve ROI Targets with SIP Trunking
Live Unified Communication Beyond the Borders
Steven J. Johnson President Ingate Systems Inc.
Office 365 – How NOT to do it UKNOF43.
Ingate & Dialogic Technical Presentation
Presentation transcript:

Protecting Yourself in a WebRTC World Lawrence Byrd Technology Evangelist

Speakers Mykola Konrad Karl Stahl Sonus CTO and Chairman, Ingate Systems

Merged Intertex Data AB and Ingate Systems AB Ingate’s SBCs do more than POTSoIP SIP. They were developed for standard compliant end-to-end multimedia SIP connectivity everywhere. WebRTC is just aligned – Ingate adds Q-TURN telepresence quality and the WebRTC & SIP Companion Gateway brings all WebRTC features to the enterprise PBX/UC Solution/call center and to the service provider next generation telephony. Merged Intertex Data AB and Ingate Systems AB Karl Stahl CTO and Chairman Ingate Systems info@ingate.com karl.stahl@intertex.se

WebRTC “Protection”– More or less challenging? Is there a “security difference” compared to soft clients and Webex-like screen sharing applications? Not much! But… The big difference is that the browser is “always available”, used and we now have to trust the browser to provide the basic protection. Can my screen be viewed also? Should we be concerned? Cannot even decline video… And HTTPS only asks first time… Firewalls and SBC won’t help. They don’t do (cannot do) these things. – They allow or not!

WebRTC & VoIP Security (and SBCs) – Confusing it is… And it is quite different: WebRTC in itself What is meant by “securing WebRTC”, “managing security” etc.? Says who? User: Privacy, confidentiality would be nice Carrier: Theft of service, DoS/Overload, don’t crash our systems Enterprise data department: Don’t send malicious packets into our LAN, don’t leak our information. Enterprise PBX / UC department: Make it work - always and everywhere, but keep our resources and information to ourselves. and integrated with the “Enterprise PBX / UC social network”

WebRTC in Itself has Excellent Privacy Media is always encrypted between the endpoints. With DTLS-SRTP, only the browsers know the key. Signaling is not standardized and is most often over https (i.e. encrypted) But that will not always be maintained when calls are gatewayed into other worlds VoIP Service Providers seldom use encryption anywhere Enterprise PBX / UC / call centers are hiding behind a firewall or an SBC Encryption is rarely used in the current PSTN and VoIP carrier world

WebRTC in Itself is Quite Secure, but Consider… Turn server needs DoS protection Does not traverse restrictive enterprise firewalls: ICE firewall traversal assumes it is open from the inside. Proposed media tunneling through open TCP 80 (http) or 443 (https) ports destroys quality. Data department may not want to open more. Quality on data-crowded pipes: WebRTC uses the Internet, where the access pipes are crowded with data traffic. No QoS since firewalls are unaware of real-time traffic, which ICE/STUN/TURN assumes. LAN Company Web Server Q-TURN RESOLVES

A Novel View on ICE – Q-TURN Knock-knock; Give my Media a Quality Pipe Regard ICE as a request for real-time traffic through the firewall. Interpret the STUN & TURN signals in the firewall Have the STUN/TURN server functionality IN the firewall and set up the media flows under control Security is back in the right place - The firewall is in charge of what is traversing Enterprise firewall can still be restrictive Q-TURN Q-TURN Enables QoS and More: Prioritization and Traffic Shaping Diffserv or RVSP QoS over the Net Authentication (in STUN and TURN) Accounting: Quality gigabits measured

WebRTC-SIP Gateways Will be Used – Are Required WebRTC-SIP Gateways Will be Used – Are Required! Often Built on Top of SBCs – Do such SBCs Protect? LAN Company Web Server SIP WS media An enterprise wants to have the WebRTC benefits into their PBX / UC / Call Center infrastructure. That is where their Auto attendant, Call Routing, Queues, Conference Bridge etc. are. and an enterprise UC solution of course benefits from browser-based clients, locally and remotely so do the IMS/VoLTE/RCS emerging networks Such WebRTC – SIP Gateways require SBC functions like security, interoperability fix-ups and NAT/firewall traversal

Questions (and Answers within parenthesis (Hidden Slide) If firewalls and SBC can’t do it: Will privacy and security concerns stop WebRTC? (Of course not! All applications invade us these days – We still use them, because we cannot be without them.) If firewalls just stop or allow WebRTC, what do SBCs do? Do SBCs really exist in the WebRTC world? (Not in the way rumored! Some SBC vendors have added WebRTC/SIP Gateways on top of their SBCs (Ingate, Acme/Oracle…). Others have added TURN servers in their SBCs (Ingate, Avaya/Sipera…) Shall we stop talking about SBCs in the WebRTC world? (I would say so. The word is too confusing – It actually is in the SIP world as well. SBCs are said to do many things they don’t do, and SBCs vary a lot from each other – some being just SIP fixup devices, and not providing firewall functions at all – The variation is large.)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.