Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting Yourself in a WebRTC World

Published byเนาวรัตน์ ชินวัตร Modified over 5 years ago

Similar presentations

Presentation on theme: "Protecting Yourself in a WebRTC World"— Presentation transcript:

1

2 Protecting Yourself in a WebRTC World
Lawrence Byrd Technology Evangelist

3 Speakers Mykola Konrad Karl Stahl Sonus
CTO and Chairman, Ingate Systems

4 Merged Intertex Data AB and Ingate Systems AB
Ingate’s SBCs do more than POTSoIP SIP. They were developed for standard compliant end-to-end multimedia SIP connectivity everywhere. WebRTC is just aligned – Ingate adds Q-TURN telepresence quality and the WebRTC & SIP Companion Gateway brings all WebRTC features to the enterprise PBX/UC Solution/call center and to the service provider next generation telephony. Merged Intertex Data AB and Ingate Systems AB Karl Stahl CTO and Chairman Ingate Systems

5 WebRTC “Protection”– More or less challenging?
Is there a “security difference” compared to soft clients and Webex-like screen sharing applications? Not much! But… The big difference is that the browser is “always available”, used and we now have to trust the browser to provide the basic protection. Can my screen be viewed also? Should we be concerned? Cannot even decline video… And HTTPS only asks first time… Firewalls and SBC won’t help. They don’t do (cannot do) these things. – They allow or not!

6 WebRTC & VoIP Security (and SBCs) – Confusing it is…
And it is quite different: WebRTC in itself What is meant by “securing WebRTC”, “managing security” etc.? Says who? User: Privacy, confidentiality would be nice Carrier: Theft of service, DoS/Overload, don’t crash our systems Enterprise data department: Don’t send malicious packets into our LAN, don’t leak our information. Enterprise PBX / UC department: Make it work - always and everywhere, but keep our resources and information to ourselves. and integrated with the “Enterprise PBX / UC social network”

7 WebRTC in Itself has Excellent Privacy
Media is always encrypted between the endpoints. With DTLS-SRTP, only the browsers know the key. Signaling is not standardized and is most often over https (i.e. encrypted) But that will not always be maintained when calls are gatewayed into other worlds VoIP Service Providers seldom use encryption anywhere Enterprise PBX / UC / call centers are hiding behind a firewall or an SBC Encryption is rarely used in the current PSTN and VoIP carrier world

8 WebRTC in Itself is Quite Secure, but Consider…
Turn server needs DoS protection Does not traverse restrictive enterprise firewalls: ICE firewall traversal assumes it is open from the inside. Proposed media tunneling through open TCP 80 (http) or 443 (https) ports destroys quality. Data department may not want to open more. Quality on data-crowded pipes: WebRTC uses the Internet, where the access pipes are crowded with data traffic. No QoS since firewalls are unaware of real-time traffic, which ICE/STUN/TURN assumes. LAN Company Web Server Q-TURN RESOLVES

9 A Novel View on ICE – Q-TURN
Knock-knock; Give my Media a Quality Pipe Regard ICE as a request for real-time traffic through the firewall. Interpret the STUN & TURN signals in the firewall Have the STUN/TURN server functionality IN the firewall and set up the media flows under control Security is back in the right place - The firewall is in charge of what is traversing Enterprise firewall can still be restrictive Q-TURN Q-TURN Enables QoS and More: Prioritization and Traffic Shaping Diffserv or RVSP QoS over the Net Authentication (in STUN and TURN) Accounting: Quality gigabits measured

10 WebRTC-SIP Gateways Will be Used – Are Required
WebRTC-SIP Gateways Will be Used – Are Required! Often Built on Top of SBCs – Do such SBCs Protect? LAN Company Web Server SIP WS media An enterprise wants to have the WebRTC benefits into their PBX / UC / Call Center infrastructure. That is where their Auto attendant, Call Routing, Queues, Conference Bridge etc. are. and an enterprise UC solution of course benefits from browser-based clients, locally and remotely so do the IMS/VoLTE/RCS emerging networks Such WebRTC – SIP Gateways require SBC functions like security, interoperability fix-ups and NAT/firewall traversal

11 Questions (and Answers within parenthesis (Hidden Slide)
If firewalls and SBC can’t do it: Will privacy and security concerns stop WebRTC? (Of course not! All applications invade us these days – We still use them, because we cannot be without them.) If firewalls just stop or allow WebRTC, what do SBCs do? Do SBCs really exist in the WebRTC world? (Not in the way rumored! Some SBC vendors have added WebRTC/SIP Gateways on top of their SBCs (Ingate, Acme/Oracle…). Others have added TURN servers in their SBCs (Ingate, Avaya/Sipera…) Shall we stop talking about SBCs in the WebRTC world? (I would say so. The word is too confusing – It actually is in the SIP world as well. SBCs are said to do many things they don’t do, and SBCs vary a lot from each other – some being just SIP fixup devices, and not providing firewall functions at all – The variation is large.)

Download ppt "Protecting Yourself in a WebRTC World"

Similar presentations

The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
1 TURN Server for WebRTC in the Firewall © 2014 Ingate Systems AB Prepared for:Ingates SIP Trunking, UC and WebRTC Seminars ITEXPO January 2014 Miami By:Karl.

1 TURN Server for WebRTC in the Firewall © 2014 Ingate Systems AB Prepared for:Ingates SIP Trunking, UC and WebRTC Seminars ITEXPO January 2014 Miami By:Karl.
Addressing Security Issues IT Expo East 2011. Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
1 WebRTC in the Enterprise Presentation, Status, Demo © 2014 Ingate Systems AB Prepared for:WebRTC Pavilion ITEXPO August 2014 Las Vegas By:Karl Erik Ståhl.

1 WebRTC in the Enterprise Presentation, Status, Demo © 2014 Ingate Systems AB Prepared for:WebRTC Pavilion ITEXPO August 2014 Las Vegas By:Karl Erik Ståhl.
1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,

1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,
© 2013 Ingate Systems AB 1 Prepared for:ITEXPO Conference, Las-Vegas, August 2013 By: Steven Johnson President Ingate Systems Inc. Also.

© 2013 Ingate Systems AB 1 Prepared for:ITEXPO Conference, Las-Vegas, August 2013 By: Steven Johnson President Ingate Systems Inc. Also.
1 WebRTC in the Enterprise Presentation, Status, Demo © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking, UC and WebRTC Seminars ITEXPO January.

1 WebRTC in the Enterprise Presentation, Status, Demo © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking, UC and WebRTC Seminars ITEXPO January.
ICE, Turn, Stun and Security Session: D2-1 Tsahi Levent-Levi Director, Product Management Amdocs

ICE, Turn, Stun and Security Session: D2-1 Tsahi Levent-Levi Director, Product Management Amdocs
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
© 2012 Intertex Data AB 1 Needs Show Up in Islands Person-to-person, real-time related: + IM, Presence, + SMS (2G, 3G…) (Wireless only!?) + Skype (call.

© 2012 Intertex Data AB 1 Needs Show Up in Islands Person-to-person, real-time related: + IM, Presence, + SMS (2G, 3G…) (Wireless only!?) + Skype (call.
WebRTC & SIP E-SBC PBX Companion

WebRTC & SIP E-SBC PBX Companion
Steven J. Johnson President Ingate Systems Inc. Enabling SIP to the Enterprise.

Steven J. Johnson President Ingate Systems Inc. Enabling SIP to the Enterprise.
The NAT/Firewall Problem! And the benefits of our cure… Prepared for:Summer VON Europe 2003 SIP Forum By: Karl Erik Ståhl President Intertex Data AB Chairman.

The NAT/Firewall Problem! And the benefits of our cure… Prepared for:Summer VON Europe 2003 SIP Forum By: Karl Erik Ståhl President Intertex Data AB Chairman.
Karl Stahl CEO/CTO Ingate Systems Ingate’s SBCs do more than POTSoIP SIP. They were developed.

Karl Stahl CEO/CTO Ingate Systems Ingate’s SBCs do more than POTSoIP SIP. They were developed.
Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.

Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.
Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.

Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.
1 Enabling WebRTC in the Enterprise A) How Can WebRTC Enhance the Enterprise PBX/UC Solution? B) Will SIP Trunking E-SBCs Include WebRTC Support? C)Can.

1 Enabling WebRTC in the Enterprise A) How Can WebRTC Enhance the Enterprise PBX/UC Solution? B) Will SIP Trunking E-SBCs Include WebRTC Support? C)Can.
Beyond POTS Replacement Is SIP Trunking a step on that route? © 2009 Intertex Data AB 1 Prepared for:INTERNET TELEPHONY Conference Ingate’s SIP Trunking.

Beyond POTS Replacement Is SIP Trunking a step on that route? © 2009 Intertex Data AB 1 Prepared for:INTERNET TELEPHONY Conference Ingate’s SIP Trunking.
NATs & Firewalls The General SIP Proxy Firewall Prepared for:Spring VON 2003 By: Karl Erik Ståhl President Intertex Data AB Chairman Ingate Systems AB.

NATs & Firewalls The General SIP Proxy Firewall Prepared for:Spring VON 2003 By: Karl Erik Ståhl President Intertex Data AB Chairman Ingate Systems AB.
1 The Need for Enterprise Session Border Controller The E-SBC allows the enterprise to control its SIP implementation The Ingate SIParator ®

1 The Need for Enterprise Session Border Controller The E-SBC allows the enterprise to control its SIP implementation The Ingate SIParator ®

Similar presentations

Ads by Google