Unified communications intrusion protection

Last Updated : Mar 25, 2020 |

Traditional intrusion prevention systems (IPS) monitor network traffic to gather and analyze information from various parts of the network to identify possible security breaches. This information is used for subsequent prevention or mitigation. Unlike traditional IPS, Avaya SBC security products detect any anomalous event, including day zero attacks. Additionally, also prevents virtually any type of intrusion from outside the enterprise and misuse from within the enterprise. This capability is because of the unparalleled flexibility and fine-grain tuning allowed when network security administrators establish Unified Communications rule sets. The Avaya SBC IPS security feature includes:

  • Flood and fuzzing protection: Protection from volume-based Denial-of-Service (DoS) and malformed message or fuzzed attacks. Customized protocol scrubbing rules detect and remove malformed messages that might cause call servers or other critical network components to stop responding. Malformed messages can also make other portions of the communications infrastructure vulnerable because of degraded performance of critical Unified Communications systems components, such as servers and endpoints.

  • Media anomaly prevention: Selectively enables the media traffic and enforces rules on the traffic carried. The traffic flow is based on the negotiated signaling and other configured policies, such as prevent video or prevent modem/FAX.

  • Spoofing prevention: Various validation techniques are applied to detect and prevent spoofing, including the end-point fingerprints for different message fields to trigger other validations and verifications.

  • Stealth attack prevention: Based on the learned call behavior patterns of subscriber endpoints, Avaya SBC can detect any nuisance and annoying calls to a particular destination or user. These products can selectively block the subscribers from whom the calls originate.

  • Reconnaissance prevention: Avaya SBC detects and blocks application layer scan reports and blocks the attackers that originate them.

  • Teardrop attack prevention: Avaya SBC, using built-in Linux and kernel property features, blocks these attacks.

  • IP sweep attacks: Avaya SBC supports prevention of IP sweep attacks for ICMP messages using IP table firewall rules.