We live in a digital world. Entertainment, work, information, social relations… today everything is digital. The benefits are obvious. Digital information is much easier to store, transfer and handle than analog and is more powerful. If we think about it we can find many fields where digitalization has had a remarkable impact. In this article, however, we will only consider the impact on telephone networks.
Regardless of whether the telephone was invented by Alexander Graham Bell or Antonio Meucci (or…), it is clear that it started out as analog, and it remained so for many years. Logically, improvements were made over the years but being inherently analog in operation until the mid-60s, deficiencies in the quality of transmitted voice were inevitable. This was especially the case over long distances that required signal regeneration at intermediate stages, leading to information loss and the introduction of noise. The digitalization of the telephone network was a breakthrough in this regard, since the digital signal is transmitted unchanged regardless of the distance and of the intermediate stages required between sender and receiver.
Integrated Services Digital Network (ISDN)
While the move to a digital network paved the way for its use with a range of other services in addition to voice, the final leg, the last mile, also needed to be digital. This step took place many years later with Integrated Services Digital Network, ISDN. As the name suggests, ISDN allows different services to be used over the telephone network on a single line, digital of course.
The advantages of ISDN are clear: firstly, the sound quality (which is why even today they are still widely used by the radio industry), secondly, the extra features (rapid call setup, support for multiple terminals on the same line or direct inward dialing and caller ID), and thirdly, the additional services such as data or video transmission.
ISDN was introduced by CCITT (ITU-T) in 1988 and had its golden moment during the 90s, being deployed with varying success in countries around the world such as Japan, Australia, India and the United States. The biggest impact was in Europe, however, in countries like Norway, Denmark, Switzerland and above all Germany, which had 25 million channels (29% penetration) and one in five lines installed worldwide.
In the late 90s and early twenty-first century two events mark the decline of ISDN; on the one hand, ISDN cannot keep up with market demands for greater speed, and on the other, the cost of Digital Signal Processors (DSP), which allow more advanced line modulations, lowers significantly. It is the beginning of ADSL and the decline of ISDN.
ISDN, the new paradigm in communications
During the first decade of the twenty-first century, ISDN gradually loses ground to ADSL and from 2010 all ISDN service carriers gradually announce its withdrawal. In 2010, for example, NTT announces its intention to migrate all ISDN phone lines in Japan to IP technologies, in 2013 Verizon decides not to install anymore ISDN lines in the USA and in 2015 BT announces its intention to discontinue the network in the UK. Curiously, however, Deutsche Telekom (DT) in Germany adopts the most aggressive stance. By far the world’s largest ISDN provider, it has already begun migration to ADSL/IP technologies having set an aggressive horizon of 2018 for cutting off ISDN completely.
All carriers with active ISDN networks will no doubt be following the transition of the German DT network very closely and it will likely mark the way forward. DT’s commitment is to network modernization and improving customer service while minimizing the impact on the customer. The proposal, therefore, is to offer data services and voice over IP on the same telephone line (ADSL/VDSL) but at the same time giving the customer the opportunity to keep their existing ISDN infrastructure, emulating the ISDN lines from the EDC to their current ISDN PBX.
The use of xDSL and IP services allowing the customer to maintain their internal ISDN infrastructure practically eliminates any impact on the customer, who controls the evolution of the network to an integrated and up-to-date service.
This is an ambitious project and key for Deutsche Telekom. For this reason, following a rigorous selection process, the company has forged close relationships with partners who have proven ability in providing the solvency, experience and agility needed. Within this framework, Teldat has been entrusted by Deutsche Telekom with the task of supplying the access devices.
Some countries switch off their telephone network in the near future. ALL IP is as previously mentioned one of the main buzz words. The shift to VoIP has already started and now is the right time to ask ourselves: “Do we need VoIP security?”
The Firewall is the quintessential element providing network security when you need to interconnect with other networks, allowing outgoing traffic and blocking unsolicited incoming traffic. The Firewall is a necessary element, although it is insufficient for security purposes since some threats are hidden from network firewalls within legitimate-appearing traffic, thus resulting in the need for other specialized protective elements such as antivirus or antispam.
The case of Voice over IP is even more special. Firewalls are generally based on NAT but, unfortunately, VoIP connections are incompatible with NAT. A possible solution would be to open exceptions in the NAT Firewall for Voice over IP. This this is not a good idea, though, because it compromises security and does not protect against Denial of Service and intrusion attacks. Intrusion control deserves special mention, not only at the network layer (which a Firewall could perform) but, primarily, at the application layer, aimed at ensuring legitimate call traffic, avoiding attacks, intrusions and fraud. On top of this and to make matters worse, the VoIP sessions are created randomly as calls are established, further complicating control.
A new element is required to address these risks. This element should monitor and be actively involved in the VoIP sessions established between the internal and external network, ensuring that these connections are properly established and that they are legitimate, secure and reliable. This element is the Session Border Controller (SBC).
What is SBC?
An SBC is basically a Firewall for voice traffic and its job is to ensure that the sessions are legitimate, detecting and blocking potential attacks and intrusions. Another important safety feature (similar to what a Firewall does for data services) is concealing voice services on the internal network from the outside. To perform all of these functions, the SBC sits, like the Firewall, on the border between the internal and external network (hence the name “Border Session Controller”), but at a more internal layer than the Firewall (usually in an intermediate network between the Firewall and the internal network, or DMZ -“Demilitarized Zone” -).
The SBC doesn’t just monitor and control sessions between the internal and external network, it reconstructs them in order to have complete control. That is, when a session is established between the internal and external network, two sessions are actually established, one from the internal element to the SBC, and the other from the SBC to the external element; with the SBC negotiating the call parameters to both ends separately. Not only does this allow for full control of the sessions (who can connect, to where, when, how, detection of attacks and intrusions…) but it also conceals the internal network from the outside. This is a basic SBC behavior that is known as Back to Back User Agent (B2BUA).
Characteristics and advantages
While the SBC’s main feature is usually security, it is by no means the only one. The SBC is usually responsible for the following functions, among others:
- Interoperability: Establishing sessions even with internal and external network elements that have different signaling (due to the use of different SIP versions or signaling protocols or because of additional security requirements on one side)
- Numbering plan management: Allowing legitimate connections and blocking attacks and intrusions
- Transcoding: Converting incompatible codecs
- Admission Control: Limiting the number of sessions established to avoid exceeding the WAN line capacity
- Remote user connectivity: For example, using VPNs
- Quality of Service Management
SBCs arose out of need, catching standards bodies off balance, which created some ambiguity about their roles and limits. Initially SBCs were dedicated devices located at the border between provider networks and their customers or the Internet, evolving towards virtualized networks at times integrated with Firewall and routers. Today it is common to deploy SBC functions even in remote areas to protect the central office’s internal network, especially where there is a direct connection to the internet.
SBCs in Teldat
Teldat routers implement an advanced, comprehensive SBC using various functions included in the software, such as the B2BUA functionality that allows complete control of Voice over IP sessions established between the internal and external network, ensuring interoperability and security, together with other security features like IPSec and securitization of RTSP, TLS and SRTP voice sessions, plus complete control of the IP Quality of Service, Admission Control for VoIP calls based on various parameters, routing table/call screening or codec selection.
The concept of bring your own device BYOD is a growing trend for business IT. There are a variety of benefits allowing users to supply their own PC and mobile devices.
Employees can easily check e-mails, manage appointments via social networks and search the web. Many companies offer their own apps to allow access to corporate data, enterprise applications and enterprise infrastructure.
All IP trend
At the same time the All IP technology trend with its increasing convergence of voice and data allows VoIP Service Providers to support telephony with standard LAN devices as long as it supports the Session Initiation Protocol (SIP). In this case BYOD, or bring your own device, is a service that providers offer, allowing users to configure any SIP based device.
There are also free mobile apps and with costs for iOS and Android that enable calls via Wi-Fi and 3G/4G using your VoIP provider.
So what could be more obvious than using a smart phone also as a mobile phone over the wireless LAN in the office. This way some business apps offer convenient telephony with a variety of service functions such as hold, toggling, call transfer and conference calls. Wi-Fi suitable infrastructures allow a high quality of telephony with seamless handover, over the entire wireless LAN. As a further benefit many users have realized that it is possible to have incoming and outgoing business calls at any location within a building offering a good and stable Internet connection.
Where there is light there is also shadow
Many, especially larger companies, have noticed security issues caused by BYOD. However, up to a certain point, they have found a solution thanks to security strategies, using so-called mobile device management (MDM), as well as using a comprehensive data-protection.
SMEs are less experienced in dealing with private IT. Many of the small and medium-sized enterprises don’t know yet how to handle this issue.
The use of VoIP causes particularly in the business sector further serious security problems by opening up the local network for all computers on the Internet. The result is that firewalls for SIP calls have to be opened and thus the use of Internet providers throws the door wide open to attacks from the Internet.
This is where the experience of Teldat will come into complete effect. The solutions which Teldat offer the SME segment contain not only the infrastructure to integrate BYOD devices but allow also a secure integration of telephony. The hybird systems act as local SIP proxies. Hence, SIP apps can connect locally to the hybird systems without any risk. The hybird systems act as a session border controller and connect to the VoIP provider. BYOD devices can make phone calls using their SIP provider without being accessible for the provider or from the Internet .
If you use for example a smart phone outside the company, the key issue for mobile freedom is VoVPN, Voice over Virtual Private Network. The BYOD device establishes via an online Internet connection a secure connection to the office. In our example, the smart phone with VPN and all safety standards carries out all functions as if it were registered on the wireless LAN of the office. Furthermore, the telephone app acts as a normal extension. Outgoing calls display the central phone number of the office.