With the convergence of communication networks and the All-VoIP trend, more and more enterprises began to use IP-PBX, soft switching, MCU and other products and technologies to build internal IP communication systems for hosting data, voice, video, messaging and other services to reduce communication costs, achieve flexible deployment, provide new business functions, improve the efficiency and core competitiveness of internal and external communication.

While the IP communication system brings many conveniences to the users, it also causes some other troubles. Among them, the IP multimedia service NAT transfer in the complex network situation, the security access of end users are bothering many enterprises when building and managing IP communication system. In the construction of its IP communications system, Shanghai Pudong Development Bank experienced the similar challenges.

Technical requirements of Bank:

• First, security requirements: IP communication system scales up to 2000 sessions, and at the same time requires high security, and so can resist malicious attacks from the network. With NAT penetration capability, it ensures the security of communications as well as high voice quality.
  

• Second, demand a variety of flexible access mode: requires SBC's WAN port must support virtual local area network (VLAN) technology, and can be configured at least 10 different network segments of the IP address. It can also realize the multiple access modes of multiple operators, to backup among multiple operators to ensure the 7*24*365 operation of the communication system.
  

Synway's SBC Typical Functions in the field:

•   Safeguard internal networks from attach
  

Synway's SBC series can be used as a proxy between user terminals and other core communications devices such as IP-PBX and soft switching, providing security for real-time sessions. While external terminals access the core network (IMS) via SBC, and the topology of the core network is not visible to these external terminals. In this way, the topology of the core network and the internal network is effectively "hidden", preventing them from being attacked and improving security of the entire network architecture.

•  Integrate firewall functionalities into system

SBC provides the blacklist function. According to the source IP address of the message, Synway's SBC would implement rapid filtering, so as to prevent any message or data from any IP address in the blacklist table and eradicate illegal intrusion, by a range of firewall functionalities like DDOS, IDS, IPTABLES, etc.

•  Efficient encrypt SIP signaling and media

SIP message is text structure and transparent, and its transmission on the network is easy to intercept in the unsecured network transmission. Synway's SBC helps encrypt SIP messages, using TLS encryption, and effectively ensures the security of communication. For the media on the network is also easy to be intercepted in public network, Synway's SBC processes RTP by using SRTP encryption, so effectively prevents RTP data from being intercepted, which maximizes the security of communication system.

• Transcoding and SIP normalization

Synway's SBC series also can work as transcoding gateway. With hardware-based transcoding capability, it can fulfill the voice coding format conversion needs, and can achieve a variety of transcoding functions in the IMS network, besides doing Codecs conversions in calling and PSTN terminals. The transcoding function helps minimize bandwidth consumption, ensures efficient voice quality, and supports specific encoding formats, even though some devices do not support these formats.

• NAT transversal

VOIP's media and signaling are separated from each other. When the terminals stay behind NAT, it will lead the media not to cross the firewall. For that, the users in call process won't hear each other or only one users in conversation can be heard. In this scenario, Synway's will be able to deal with NAT problems. Based on SBC's powerful security features, and with embedded firewalls, VPN, DHCP, IDS, DDOS and other generic security features, the security of IP communication systems can be effectively guaranteed.