Clavister Protects IP telephony from Wire-Tapping and Manipulation

Clavister, a provider of IP based security and Unified Threat Management (UTM) solutions, has expanded its Clavister Security Gateway, a family of integrated UTM-platforms which solve many IT security problems, including support for the Voice over IP protocol SIP.

SIP has become a de facto standard within IP telephony. In large parts of Europe half of the largest companies have already deployed the technology and every sixth smaller company has plans to do so.

”Unfortunately the SIP protocol was developed without security in mind. Most IP telephony systems are consequently wide open to attacks which can cause expensive operational disturbances as a result,” said Ralf Labeda, Vice President Sales & Marketing at Clavister.

IP telephony uses the same networks as the Internet traffic and is therefore exposed to the same kind of threats. The traffic can be wire-tapped, manipulated and distorted, conference telephones can be remotely controlled and hacked IP-telephony systems can allow access to other network components.

Disturbance of ongoing calls also occurs, as well as the stealing of connections for the reconnection of calls to waiting identity thieves. In addition to wire-tapping and spamming, voice mail could be a target for manipulation.

”The complexity of the SIP-protocol is a nightmare from a security point of view. Firewalls must be able to interpret SIP in order to determine which ports are to be opened, which precludes encryption. We have however, found an elegant solution to the problem with what we call Dynamic Pinhole Creation,” said Ralf Labeda.

Clavister has implemented the SIP-protocol as an application layer gateway which does its job without degrading the performance of the network. The solution is also distinguished by the most flexible administration conceivable.

Clavister’s family of security products covers the entire range, from security for smaller remote offices to powerful clustered systems in the multi-gigabyte class for network operators. The products require a minimum of maintenance; they have central administration, and exceptionally flexible configuration possibilities.