VoIP

Check Point and Alcatel

Alcatel and Check Point are working together to ensure that customers deploying a combined solution of Check Point's VPN-1 product family and the Alcatel OmniPCX Enterprise integrated communications solution enjoy full defense against the various threats in voice communications. The products are currently undergoing interoperability testing to ensure that VPN-1 protection covers the full range of capabilities of the Alcatel solution.

Alcatel Enterprise Communication Solutions
Alcatel delivers applications, networks, and solutions to large enterprises, SMBs (small and medium business) and public sector institutions. Together, with 1,500 business and application partners, Alcatel provides user-centric IP Communications solutions, based on IP Telephony and VoIP as well as IP Networking, that increase your competitive edge - by improving employee productivity, optimizing IT operations, and increasing customer satisfaction.

Alcatel is a world leader in secure and open enterprise communication solutions. In today's competitive world, every expenditure is evaluated as an investment and expected to generate real returns. Alcatel's uniquely open architecture is both completely flexible and modular, allowing you to migrate to full IP telephony at your own pace. Alcatel's award-winning solutions are standards-based, provide a high level of security and integrate seamlessly with your legacy systems.

Excellence and experience
Alcatel is number one in IP-PBX in Europe and is present in 130 countries all over the world and currently supports 500,000 enterprise customers.

Technology pioneer
Alcatel's Omni product family is the most highly-awarded set of IP communications solutions in the industry. It continues to be widely acclaimed by the most prestigious industry analysts for its vision, its innovation and its implementation of open standards.

IP Telephony
The Alcatel OmniPCX Enterprise is an integrated communications solution for mid-sized businesses and large corporations. Alcatel's solution takes the best of both worlds, combining traditional voice technology with a state-of-the-art IP platform, providing an effective and complete communications solution for cost-conscious companies on the cutting edge.

IP Networking
Alcatel's IP Networking offering provides the industry's best value in highly available, secure, easy-to-manage network solutions, including the latest features, such as Gigabit Ethernet, WLAN, multicast, AVLAN and PoE.

Check Point Security for VoIP
Check Point offers distinct advantages for securing VoIP. VPN-1 Pro is a tightly integrated software solution that combines the market-leading FireWall-1 security suite with sophisticated VPN technologies to connect corporate networks, remote and mobile users, branch offices, and business partners for secure data, voice, and multimedia communications. FloodGate-1, integrated with VPN-1 Pro, guarantees or prioritizes bandwidth for real-time voice communications.

Security for complex mixed-protocol environments
SIP and H.323 protocols may be used together with appropriate gateways, and VPN-1 Pro supports both equally. Check Point is also working to ensure that VPN-1 supports vendor-proprietary protocols. VPN-1 Pro inspects VoIP control signals passing through the enforcement point to prevent call hijacking, fooled billing, and DoS attacks. Using information derived from the control signals, VPN-1 Pro provides this protection through:

• Dynamic management of RTP (media) sessions
• Analysis and enforcement of message states
• Verification of the existence and correctness
  of call parameters
• Maintenance of the call state for each call
• Enforcement of handover domains

VPN-1 Pro overcomes a significant limitation of other firewalls in a VoIP environment. It is the only firewall solution that accepts and allows inbound calls to the local network for both dynamic and nonroutable IP addresses, handling both signaling and media traffic in real time.

As VoIP control signals always pass through the enforcement point, VPN-1 Pro secures the call by opening ports only for those endpoints negotiated during the signaling. It closes the ports as soon as the call ends, without waiting for a timeout. VPN-1 Pro also enforces the order and direction. If both endpoints are on the same side of the VPN-1 Pro enforcement point but the signal routing device is on the other side, VPN-1 Pro is aware of this fact, and will not open any ports for the call.

Application Intelligence for SIP
Network and application level protection is accomplished through Check Point Application Intelligence. Using INSPECT, the most adaptive and intelligent inspection technology, VPN-1 Pro integrates both network-level and application-level protection and provides the highest level of security, with access control, attack protection, content security, authentication, and integrated Network Address Translation (NAT).

Leveraging SMART Management, VPN-1 Pro enables you to intelligently manage security infrastructure with maximum efficiency. VPN-1 Pro restricts signal routing locations and controls signaling and data connections. VPN-1 Pro Application Intelligence™ ensures packets conform to RFC 3261 for SIP over UDP/IP and inspects SIP-based Instant Messaging protocols.

It protects against Denial of Service (DoS) attacks and against penetration attempts such as connection hijacking and connection manipulation. VPN-1 Pro validates the expected usage of the SIP protocol. For example, if an end-of-call message comes immediately after the start of the call, the call will be denied because this behavior is characteristic of a DoS attacks.

Guaranteed or prioritized bandwidth for VoIP protocols
Integrated with VPN-1 Pro, FloodGate-1 improves the VoIP experience by providing guaranteed or prioritized bandwidth for VoIP protocols. The quality of service can be managed for both encrypted and unencrypted VoIP traffic. FloodGate-1 supports the Integrated Differentiated Services (DiffServ). If QoS is managed by VoIP gateways behind VPN-1/FireWall-1, FloodGate-1 uses the DiffServ settings.