Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

VoIP

Check Point and PingtelPingtel

Pingtel and Check Point are working together to provide secure VoIP networks, protecting against compromises by Trojan horses, viruses, denial-of-service (DoS) and other malware meant to hijack or disrupt communications.

Pingtel-cost-effective VoIP in multivendor networks
The Pingtel VoIP solution includes a SIP-based softphone and IP-PBX. The Pingtel softphone allow users to make calls with their computers, eliminating the need for a separate telephone unit and enabling them to access the corporate VoIP network remotely.

The Pingtel softphone provides

  • Secure (encrypted and authenticated) VoIP connectivity for remote users accessing corporate SIP IP telephony solution
  • Endpoint protection to ensure computer is not compromised by Trojan horse, virus, malware meant to hijack, disrupt, disable remote connection.

The IP-PBX system manages voice services over a data network and provides interoperability with the Public Switched Telephone Network. Check Point provides the end-to-end security for both voice and data communications.

Based entirely on the SIP standard and operating on commodity Linux servers, PSTN/IP gateways, and end points, the Pingtel Enterprise SIPxchange PBX provides very low-cost IP PBX, home-worker, key-system, and call-center solutions that integrate with legacy TDM and IP networks, meet requirements for TDM PBX replacement, and improve user services.

Pingtel's SIP-based solutions allow you to implement true multi-vendor networks, end points, and applications as needed. You can choose the VoIP hardware (IP phones, signaling gateways, media gateways, and firewalls) and applications (LDAP, unified messaging, IM) that best suit your price and performance needs, while driving down hardware costs and easily developing or integrating applications that create strategic value.

SIPxchange consists of three key components

  • SIPxchange Comm Server provides the core PBX call control and routing functions for the Pingtel IP voice system. It utilizes a thorough implementation of the IETF Session Initiation Protocol (SIP) standard for end-to-end signaling.
  • SIPxchange Media Server is a software-based, interactive voice response (IVR) solution providing capabilities for auto attendant, automatic call routing, and voicemail as well as an open architecture for customization and advanced functionality.
  • SIPxchange Configuration Server simplifies enterprise voice system management with an intuitive browser interface and back-end systems for centralized configuration and operation of system components including all connected phones and users.

Check Point Security for VoIP
Check Point provides the security that allows enterprises to deploy the Pingtel SIPxchange IP telephony solution with confidence. Check Point offers distinct advantages for securing VoIP. VPN-1 Pro is a tightly integrated software solution that combines the market-leading FireWall-1 security suite with sophisticated VPN technologies to connect corporate networks, remote and mobile users, branch offices, and business partners for secure data, voice, and multimedia communications. FloodGate-1, integrated with VPN-1 Pro, guarantees or prioritizes bandwidth for real-time voice communications.

Security for complex mixed-protocol environments
SIP and H.323 protocols may be used together with appropriate gateways, and VPN-1 Pro supports both equally. VPN-1 Pro inspects VoIP control signals passing through the enforcement point to prevent call hijacking, fooled billing, and DoS attacks. Using information derived from the control signals, VPN-1 Pro provides this protection through:

  • Dynamic management of RTP (media) sessions
  • Analysis and enforcement of message states
  • Verification of the existence and correctness of call parameters
  • Maintenance of the call state for each call
  • Enforcement of handover domains

VPN-1 Pro overcomes a significant limitation of other firewalls in a VoIP environment. It is the only firewall solution that accepts and allows inbound calls to the local network for both dynamic and nonroutable IP addresses, handling both signaling and media traffic in real time.

As VoIP control signals always pass through the enforcement point, VPN-1 Pro secures the call by opening ports only for those endpoints negotiated during the signaling. It closes the ports as soon as the call ends, without waiting for a timeout. VPN-1 Pro also enforces the order and direction. If both endpoints are on the same side of the VPN-1 Pro enforcement point but the signal routing device is on the other side, VPN-1 Pro is aware of this fact, and will not open any ports for the call.

Application Intelligence for SIP
Network and application level protection is accomplished through Check Point Application Intelligence. Using INSPECT, the most adaptive and intelligent inspection technology, VPN-1 Pro integrates both network-level and application-level protection and provides the highest level of security, with access control, attack protection, content security, authentication, and integrated Network Address Translation (NAT).

Leveraging SMART Management, VPN-1 Pro enables you to intelligently manage security infrastructure with maximum efficiency. VPN-1 Pro restricts signal routing locations and controls signaling and data connections. VPN-1 Pro Application Intelligence™ ensures packets conform to RFC 3261 for SIP over UDP/IP and inspects SIP-based Instant Messaging protocols.

It protects against Denial of Service (DoS) attacks and against penetration attempts such as connection hijacking and connection manipulation. VPN-1 Pro validates the expected usage of the SIP protocol. For example, if an end-of-call message comes immediately after the start of the call, the call will be denied because this behavior is characteristic of a DoS attacks.

Guaranteed or prioritized bandwidth for VoIP protocols
Integrated with VPN-1 Pro, FloodGate-1 improves the VoIP experience by providing guaranteed or prioritized bandwidth for VoIP protocols. The quality of service can be managed for both encrypted and unencrypted VoIP traffic. FloodGate-1 supports the Integrated Differentiated Services (DiffServ). If QoS is managed by VoIP gateways behind VPN-1/FireWall-1, FloodGate-1 uses the DiffServ settings.

ArrowMore on Pingtel