How to industry sign banking alabama form secure
Thursday everyone my name is Todd Mel brand I am the distribution sales manager here at ed sangoma and today we're going to be reviewing voice over IP security specifically ISM relate to using session border controllers and for those of you that are not familiar with Xango much just want to give you a quick overview of who we are we got started about 35 years ago 1984 started off just making boards that would go into servers to allow you to interface the PSTN with specialized software that you can then load on to a server and do different things with we have obviously expanded quite a bit in those 35 years not only from a product standpoint and that we now offer full you see solutions cloud services IP phones as well as network connectivity which is what we'll be talking about today with the SBC's but we've also grown from a financial perspective as well as an employee headcount we're about a hundred and fifty million dollar company publicly traded on the Toronto Stock Exchange we've got 15 plus offices I believe all around the world you know Hong Kong India Germany Spain Italy the UK Ireland Ecuador Colombia Toronto Montreal stuffing Boston Buffalo Alabama lana san diego everywhere probably about 400 employees right now so grown from just a start-up to a very what should say very large but the much larger than we were in 1984 we've got proven financial performance look us up on the toronto stock exchange not only do we keep growing but we remain profitable as well and today we're going to spend some time talking about security specifically how overlaying voice onto your data network opens things up for various different types of attacks the types of attacks we will focus on are voice over IP or telecom related but keep in mind that as you open things up you are opening up your entire data network and we want to make sure you have that as secure as possible so that you can protect not only yourselves and your organization but those that depend on your organization such as your customers and your employees so you know the internet is almost like a utility now right it's completely vital to our day-to-day interactions with each other how we do things with everything that's going on in the world right now you know companies that never ever thought about having folks work from home are now either scrambling to get those folks working from home or they're scrambling to put in plans just in case they need to have them start working from home and all of that is dependent upon an IP address you're going to facebook spotify you're doing your personal or business banking transferring files and all of that all of that is stuff that the cyber criminals want they want access to they want to get onto your facebook to you know either try to steal your identity or get information about you from friends I'm sure you all you all see the but swimming your own Facebook but you all see the post every once in a while hey if you get a friend request for me and that's not really me and what gets forgotten in all of this is not voice over IP now goes over the data network I mean not necessarily forgotten anybody implementing or doing it those that goes over the data network but what does get forgotten is that in order to make voice-over-ip work in various different scenarios you need to open up ports on your firewall and if you open up ports on your firewall we were opening up the entire world to begin port cleaning you and doing various different things to try to gain access to your network so it wasn't much of a threat back when we got started in 1984 right like you had to have someone actually get physical access if they wanted to listen in on your phone calls or do something with your PBX pretty pretty difficult to do right must maybe work there you work for the phone company but with the data network you know when Al Gore invented it which the jokes just in case you had actually thought that is Khalid Al Gore invented the internet well when the internet was invented ARPANET everything was open right you wanted to if you were a university you wanted to be able to connect to other computers everything it was like a utopia for like about five minutes and then somebody realized like oh I can go get information I can go do this I can for fun just shut down somebody's entire cluster you know their entire network and everything so firewalls evolved out of that and a firewall job is just to say hey you meet some rules that somebody programmed into me you can come in or hate I don't I don't see a rule for you you can't come in I'm going to drop this connection and as things have evolved and we're now putting voice over the internet and you've got to open up those ports on your firewall you were leaving yourself exposed to not only the different types of voice over IP attacks we'll talk about today but your workstations cell phones laptops that your employees bring in that they may be connecting to any data that might be on there any of your customers data and different databases and it's becoming a bigger threat everyday right just on the the voice-over-ip side as far as cyberattacks there's about ten billion dollars in toll fraud every year and a lot of organizations a lot of partners that sell our solutions or other people's solutions they tend to think that doesn't really apply to me right I'm a I'm a 30 person company in industry X why would a cyber criminal want to try to come in over my voice over IP lines and do stuff well it turns out there's there's good reason for that I think the last statistic I saw was saw with seventy one seventy two percent of all attacks happened to organizations under one hundred users and the reason for that is pretty simple they expect lack security expect it to be very easy to get in and ideally all they want is to get access to the same types of information that they try to get out of individuals right why would I why would I spend six months trying to hack GE and maybe or maybe not get in when I can go hack the local business right down the street from me of course it's likely it's not going to be right down the street from it and be anyone around the world but I gain access to their customer base and get access hopefully to credit card numbers all sorts of different information as well as information from the users now we've been talking a lot about opening up ports on a firewall so if you want to add voice-over-ip outside of your organization that's someone we're talking about opening up these ports right we have plenty of customers that have put voice-over-ip premise-based phone systems in internally we're still connecting to the PSTN they don't have remote users you have nothing to worry about there unless you're looking to change that especially you're looking to add remote users coming up here in order to ensure that those folks can work from home or if you're just looking to move over to voice over IP because you're sick of 18 to year horizon you're going to have to poke holes here it is unemployed unavoidable unfortunately firewalls not secure enough right it's doing a good job for all of your data needs you program it as you need to it will allow people in it allow people out problem with the firewall is developed 30-plus years ago not with no intent of real-time communications eventually going through it it's a it makes digital decisions yes or no ones and zeros now they're doing a good job you don't want to get rid of them but as you'll see them as we go through this a little more it's part of a security layer and that's going to be the the first layer as things start to go from being a win to a land boy traffic has very very different needs than what you would expect from other types of data transfers or other types of data traversing your network you know I'll hear a lot from people I don't need to look at a I don't need to look at an SP see I've got this setting on my router for a sip alg so it's obviously sip aware and then it's going to protect me not always it's not going to protect you because it doesn't have the intelligence of an SBC but most likely it's going to male form the these sip packets that are coming through you're going to have very bad boys' quality and even worse it can't do natural bursal so you're also going to have problems completing calls or making calls in order to properly inspect data that comes through for voice and video and other real-time communications you need a device that can actually inspect those packets and inspect what's coming through in real time it's more than just yes you meet my rule they do not meet my rule it needs to be I can look in I can look deep into these packets I can look deep into what's coming through and I can make intelligent decisions on whether or not what is coming through belongs here needs to be blocked needs to be dropped or needs to be routed somewhere else so we're going to spend a little bit of the time talking about various different types of voice over IP or telecom fraud I'm just making the assumption everybody's familiar with firewalls everybody is familiar with the other types of fraud keep in mind if they can get onto your network because you have open port because you configured things for remote phones or for sub traffic they can get access to all of your data and do all of those other attacks I'm just going to specifically focus on stuff related to the phone system or to telecom related attacks the first one we talked about is toll fraud so a lot of people wonder why why would anybody want to do toll fraud right voice over IP this that phone calls are basically free now right who would want to hack into my phone system and make phone calls that's ridiculous the reason this exists is there are places in other places around the world where someone may own a telecom company similar to like a small C Lac here in the United States and that person may not have an agreement with various different carriers in other parts of the world and what they want to do is they want to send lots of minutes and lots of traffic from those first world countries in other parts of the world they don't have agreement and then charge them an arm and leg right and they will go to hackers and go like send me a bunch of traffic to me a bunch of minutes whatever those companies send to me I'll give you ten percent twenty percent maybe it's just a flat fee hey I'll just give you a thousand bucks send me traffic and even if the bill that is rang up for say the end users ten thousand dollars usually depending on the carrier don't reduce it because it was fraud and was obviously fraud sometimes they won't and then the carrier that it was actually receiving the call in the other part of the world they'll go to them and go look we know this was fraud we're not giving you X number of dollars that you're charging us but whatever here's a couple thousand so there's a huge market for that right people with time some tools they can easily down off of the internet and a little bit of knowledge can just send torrents of phone calls and minutes to these telcos and make some money off of it so that's where that that's where that stems stems from that's why that happened denial of service so this is related in word to the data piece but keep in mind if you're going to get a denial of service attack happening to you whatever IP that is being sent to it's going to take down those tools and if your phone system is a fan IP it's going to take down not only your ability to make and receive phone calls it's also going to take down your unified communications tools as well with it and a good security plan as far as having various different layers as you can there's various services out there you can get that will intercept that traffic drop it for you and then only send you the clean data you may have partial outages or brownouts in a situation like that but it is a good thing to play around top of all the other security that we've been discussing it would not my daughter's from high school would not surprise me if I just asked one of her one of her guy friends if if they could do an attack on someone for me me at the you know but yeah sure five bucks I'll download Kali Linux and I'll get it figured out I've never done it before it's not hard to do these things but it is easy to take various different the layers of security and add them in there so you can make sure you you are not only up and you are running but you are protecting your data that of your employees and your customers identity theft this is the one that scares me the most it's not huge right now but with the way things have been changing here in the US I'm anticipating this to become a much bigger threat in the next year or so so we've all experienced the phone call from numbers we don't recognize I know my favorite is one huh a phone number where the first six digits are the same the area code in the exchange and typically that scammers and other types of people trying to get you to pick up the phone where you normally wouldn't because you don't recognize the number and that has gotten a lot better part of that is from the phone manufacturers part of that is from folks that are at the carrier side and new laws are going into effect to essentially eliminate that right those robo calls people just trying to scam you and what that means is there's now going to be a huge need and want to get onto people's networks and make phone calls from their PBX similar to the toll fraud stuff but not because you want to send ten thousand minutes to some country halfway around the world but because you want to make phone calls that look legitimate and if you're poking those holes in your firewall or not doing these various different layers of security as we've been talking about not only are you going to make it easy for them to to this but people are going to be getting phone calls that look like they come from you and not only think they're legitimate but if they get scanned if something happens through that phone call they're going to be calling you wanting to know what's up by you know someone from your organization called me and now there's $10,000 missing from my bank account and then lastly it happens it's probably the smallest concern to the overall general business community but it is a concern depending on what type of industry you're in I know various different manufacturers here in the US and North America they they do not want you've stropping happening right they have competitors that are abroad in countries that are known for stealing intellectual property and they do not want people having access to not only their networks but they don't want them hearing phone calls as well and those phone calls all of that that can happen in real time you can use Wireshark to sniff out packets another thing I've seen once you get access to the phone system you start recording every phone call and then you offload it elsewhere sometimes it becomes so much that it ends up bringing down the network because they're just offloading all of these recordings elsewhere so if you are in manufacturing you're selling a phone system to someone in manufacturing or just any type of industry where this would be a concern you're going to want to look into getting an SPC to protect yourself there as well so we talked about all these various different things that can happen including stuff not related to telephony and obviously with the title of this particular webinar the solution is to put an SBC in place it's a part of the obey ring you're going to do for your security it does not go before your firewall it does not replace your firewall it sits after your firewall and you're going to let it sit after your firewall with those holes poked and you're going to let the session border controller make those decisions that need to be made so that folks cannot gain access to your network for any of the types of voice over IP fraud we've been discussing or all of the other types of nefarious cyber attacks that the you're more familiar with now I also recommend as part of the security layer I know we have it within our phone systems where if you can put in access control list rules free PBX and P be exact have a responsive firewall that does not mean that you should not have a fir
wall you should not have an SBC it means you should still as part of that layer as a last line of defense enable those things and configure those things some of everything else fails hopefully that one will be the one that doesn't know remote workers this is a in the news more than it's ever been probably the last few days remote workers scare me even though I'm a remote worker reason they scare me is the folks will put in all of their rules in the firewall they will give access into the corporate network via VPN or various other different methods but then they forget that the person working from home I'll call her Karen or John John maybe a Greg probably hasn't technical they have a teenage kid at home doing who-knows-what on the internet and at best their security practices I just plugged in whenever the cable company gave me that does not give me warm and fuzzies as far as protecting a corporate network especially if you're the IT guy or whoever's administering the network thinks you were safe because you have implemented other things it is not uncommon or has not been uncommon for me over the years to get phone calls from someone or to get an email you've got somebody working from home and they keep getting phone calls from extensions that don't exist they pick it up and the ones there there's no record on the phone system as far as any logs or anything like that then they start seeing in the corporate network that's because that cable modem this is not the best security device and Karen or John or drag just became a window into your corporate network those phone calls that are coming through that nobody ever nobody can find nobody knows where they're coming from because it's somebody getting in through that cable modem firewall the one that is a produced and masts with little to no I shouldn't say little to no but very little concern for security it's there rarely gets updated personal home doesn't know how to manage it or properly set it up the guy in the call center answering your support calls doesn't know how to unless you get to like a level 3 or level 4 person and you now have another hole in your network now what's approaching this is another primary one we've been talking about with s pcs so uh where you're going to go and open things up it's not it's not as predominant as it once was a lot of successions come from the PBX out so you're not necessarily opening up firewalls but it depends on the carrier it depends on what they're delivering it to you if you are opening those up or you just want to be careful you're definitely going to want to put a SBC in there beyond just putting this in so it can make intelligent decisions and protect your network depending on what you're using it for you can get additional functionality with the big thing here being media transcoding so if you were a hosted provider that's not protecting your data center you can actually offload a lot of the transcoding that may happen between the end points and different carriers etc allows you to increase what the PBX itself can handle if you're not familiar with what transcoding is just go back about ten years and think about somebody sending you say a quicktime video that wouldn't play on your Windows PC and you had to convert it to a different format it's similar to that except that happens in real time and it's for voice it's just a different format with a different bandwidth requirements and different audio outputs another thing is SIP conversion so if you've got sip equipment from one of the proprietary guys out there a ShoreTel was now owned by my tile was notorious for this for years they quote unquote offered sip but it was so distant for lack of a better word from the SIP standard that's uh you know getting sip devices or registering SIP trunks did not happen easily some SBC not only can give you protection there but it can also make everything work like it should when you're talking about those proprietary big boys now we have SB cs4 everything from the small SMB actually this SMD SBC the five session scales all the way up to 30 sessions or 30 calls if you're a larger organization you may start with the enterprise all of these are field upgradeable as well so if I start at the 5 I can upgrade in 5 call increments up to 30 but started 25 same thing and then if I start to get into what we call the net border SBC which was meant for enterprises and small carriers I can get that up to 4,000 sessions and if this is something I want to virtualize which I would say the virtualized SBC is probably our top seller at this point I can get that actually up to 4,000 sessions I need to get these slides updated but we can take the eat zero and tie that to the software licensing and you can go away and run that in your data center or you can even put it on your your own Hardware if you really want it to and if you just so happen to have one of those proprietary systems where you're talking about the ones that don't do so well like oh via Cisco might sell feel free to reach out to us about upgrading your phone system to switch box we do have all features included we don't provide or our partners don't provide any type of quotes where you're left scratching your head because there's about 70 different part numbers for ade 20 user system and with that out of the way I'm going to begin the QA process you guys are also going to see a poll here in a moment and start to take a look at the questions that came through while we were doing this whoever corrected me that Brian Williams invented the Internet that is funny next question is there a software-based SVC so you don't need additional hardware in place yes so we just covered that I probably came in before I brought that up another thing I want to mention here is if you go to our website for SBC's you can download a two user license so that you can demo the SPC yourself play around with it I like to combine that with sangoma University so if you go to our training portal not only can you get trained up on all of our other solutions you're going to join tens of thousands of other people that have you can go through the SPC one and if you want to join up to one of our in-person ones you can do that as well so here we got the SBC essentials and this is free you can if you have a portal tango matcom account you can use that same login to get here and you can go through this and use that software and use that license to take what you were learning in these little bites right let's look at this one six minutes since three minutes so you can either watch and plug everything in as you go along or watch and then go plug in everything in afterwards let's take a look at the remaining questions and get those answered my PBX is off-site and a virtual server and a server cluster firewall to my IP phones connect via VPN to the PBX do I need an SBC I guess my question there to you would be that server cluster I'm assuming you're doing SIP trunking to the server cluster which means that you probably have some ports open there so I'm less worried about the anything that's going to be opened up on your at your main site and more that people can get through to that if you have holes poked in your firewall for the subtract from your carrier SPC on a hosted system is there in need yes if you're the carrier so if you're providing hosted services like we do with Switchvox cloud you're going to want an SBC to not only manage the traffic of the various upstream providers you may be using for dial tone but also to protect that as we discuss you'll get media transcoding and other features that would make that go a lot better for you now if you're an end-user so you're getting the hosted PBX service you're going to want to have an SBC on site because you're opening up traffic you're opening up those ports so that the traffic from the provider can get through over you're going to be using either sip gateways or sip phones at your place of business in that scenario which means you were going to have things opened up Oh somebody said Don Cherry invented the internet so we obviously have some Canadians on the call thank you guys for joining us and a whole bunch of questions have come in so I'm at this point just going to see if anything is similar as far as questions you and what I'm going to do leak ow a lot of questions about pricing I think you would be very very surprised at the pricing let's look through that but what I'm going to do because there are so many questions here I'd like to keep these short is a I'm going to end this for you guys I'm going to answer whatever questions I can via email anything that is good I was marketing to send out with the slides for you and anything I possibly can't answer I'll have a sales engineer and then if you do want to find out about pricing when you go to our website got chat and call in to us you can email us you can fill out forms and we can be share with you the MSRP pricing with that other way I want to thank all of you guys for joining us and have a nice rest of your Thursday