August 22nd, 2018 | 11am EDT

Ribbon has partnered with Cordell to enhance the capability and security of your C15 by combining the trove of call control data that the Call History Server provides with analytics provided by the Cordell ISD4000. Coupling these two products will allow a Telco to monitor for toll fraud, voice quality and security attacks, as well as monitoring trunk usage, operational measurements and call detail records. The C15 is the heart of the Telco operation. Cordell analytics allows the Telco to monitor and assess the central office broadly (ex., alarms, trunk usage, generator monitoring) but also in-depth analysis of voice quality of individual calls and fraud or security attacks.

Join Ribbon and Cordell, Wednesday, August 22nd at 11am EDT for this informative webinar where we'll discuss the below topics and more!

The importance of capturing every detail for every call in your C15
SIP Trunk and Alarm analysis
How analytics can help tune your VoIP network for security and voice quality
User-friendly analytics dashboard with easy access and presentation of Wireshark data
Q & A

Lee King
C15 and DMS10 Design and Support
Ribbon Communications

Bill Matthews
President and CEO
Cordell Network Solutions

SIP Softswitch Security and Analytics

I sit right next to our support team and we hear of security issues all the time. It's becoming a much bigger issue than it used to be. I went through, as a just kind of thought exercise, and said, "Well what are all of our interfaces and what is the security risk on a network running a C15 softswitch and what are the things that we're seeing in the real world?" I looked at all of our interfaces: TDM lines and trunks, SS7, OAMP WAN, and SIGTRAN all have a pretty good level of security - we don't see very many problems with those. However, an unmanaged VoIP WAN has problems all the time. There's denial of service attacks, there's number spoofing, and there are registration attacks. If you plug in our lab a SIP phone into just the internet and have it attached to one of our C15 softswitches, within 15 minutes we see that that phone has been hacked. So the question is what can you do about that?

Well, one of the things that we're very interested in as we've been talking with Cordell and we believe that you can use is analytics to provide some additional security for your VoIP network. The way you can do that is (and this is still under development) you can determine what are the IP addresses of the bad actors that are attacking your network or the good actors for that matter. Then with that information, you can go in and configure either the internal SBC within the C15 to whitelist or blacklist certain IP addresses. You can also take an external SBC, that Ribbon can provide, and configure that. Or if you've got a VoIP firewall, you can configure that to take out some of those IP addresses. So these measures can go a long ways toward helping to prevent your network from having security issues.

A few other things that we've discovered when people have security issues, a lot of times when we're working with them we ask them to get a Wireshark trace so we can see what's going on ahead of time. It's helpful if you've got ports identified so that you can quickly get to the point of capturing a Wireshark trace for us. We also have a feature, and this has been around since release 10, called international fraud prevention. This is a feature that if you've got an office that doesn't have many international calls and you get a spike in calls, you can determine whether it is toll fraud or not. A good way to prevent that is you configure your system such that it will not allow more than say 10 or 20 international calls per hour. A couple of other things that we have seen recently is a number of sites that are getting an extraordinary number of invalid SIP registrations, to the point where it was causing a problem. To prevent this, we have vastly improved our recovery time, added messages to indicate that there's something wrong, and provided a support team that you can call to look into it. We've also started throttling some subscriptions and are constantly working to make the system more robust in light of the threats that we discover. I mentioned release 15, that is under development and it will be generally available on October 19th. Just yesterday I made it where it can be ordered. So if you're interested in upgrading to release 15 then you should contact your salesperson or inside sales and get an upgrade scheduled for after October 19th.

I mentioned earlier the session border controller, we've interoperated with the Ribbon SWe, which is the software only version of the former Sonus SBC. The SBC 5400 is an appliance-based session border controller and both of these have been deployed in the field and we've interoperated with them. Those are good devices to have as a to help secure your network.

So as I get ready to transition to Cordell, about a year ago I started talking to the folks at Cordell about analytics. Analytics is basically the analysis of data and our call history server basically caches all the data associated with every call that goes into your switch. TDM, VoIP, MGCP, NCS, and SIP call all provide a substantial amount of data. It's very useless for debugging, but we weren't really doing much with it beyond that. Cordell has analytics capabilities they can go in and look at that data, parse it, determine trends, and look for things that are interesting and generate reports or messages on what's going on. So we've been working with Cordell and we've been testing this for the last year or so. They've got their system running in one of our labs and also on a C15 that's in the field. They've been collecting data and then analyzing it, looking for voice quality and for any number of different anomalies. To us, this is a really exciting advance in what the C15 is capable of and it gives you a lot of insight into what's going on in your network.

So here are some of the things that we have worked with Cordell on some of these are ideas.