https://ucstrategies.com/community/f/35/p/1566/1618.aspx#1618This forum is about this article by Russell Bennett: SIP Trunking: How the NET UX2000 Helps Balance Risk and Reward, https://ucstrategies.com/unified-communications-expert-views/sip-trunking-how-the-net-ux2000-helps-balance-risk-and-reward.aspxen-USTelligent Community (Build: 5.5.134.9926)https://ucstrategies.com/community/thread/1619.aspxWed, 01 Jun 2011 03:21:01 GMT88e7d8e9-7e6a-42e2-9bb4-ac2d4ec93cef:1619rbennett<p>I think that the paper already makes a good case for deploying a network edge element to facilitate secure traversal of UC signaling and media. &nbsp;So I guess this question is related to the differentiation of a UC vendor-provided element (such as those provided by Siemens, Microsoft and Cisco) vs. a 3rd party provided element (e.g. NET, Acme Packet, Ingate, Edgewater Networks, AudioCodes, etc.) </p> <p>(If I have misinterpreted this question, please let me know).</p> <p>The UC vendor elements are typically focused on the specific needs of those applications. &nbsp;So while they will do a great job of providing DMZ traversal of their own UC traffic at scale, they won&#39;t handle generic traffic, such as arbitrary data streams from application servers. &nbsp;On the upside, they are a lot cheaper (i.e. tending towards $0 excluding hardware) than a 3rd party element. &nbsp;Some of these elements (specifically those from Microsoft and Cisco) support inter-enterprise federation between same-vendor solutions, significantly reducing collaboration costs and increasing the utility of UC deployments and this is not (yet) a feature of the 3rd party E-SBCs.</p> <p>The 3rd party E-SBC elements are designed to handle all kinds of IP traffic, including UC traffic from multiple vendors as well as web/app server transactions and data streams. &nbsp;The multiple UC vendor scenario will soon become an issue just as enterprises found themselves owning 2 or more brands of PBX. &nbsp;So, viewed across the range of requirements, you may need to deploy an E-SBC in any case, thus invalidating the element-cost argument of the vendor specific solution. &nbsp; </p> <p>There is a case to be made that the 3rd party products are more secure than the UC vendor elements because they are provided by vendors who &#39;do security for a living&#39;. &nbsp;This argument has some merit, but I am not sure that I completely buy it: the UC vendors greatly reduce their attack surface by focusing purely on their own traffic. &nbsp;I have yet to hear of a UC vendor solution that has been compromised or shut down by malicious attack (I may live to regret that statement); however we read almost daily of data theft from and compromises of more general commercial and government systems.</p> <p>The bottom line is the need for some form of robust network edge security. &nbsp;Each enterprise has a range of requirements and all factors must be weighed by the UC/network administrators in defining their solution.</p><div style="clear:both;"></div>https://ucstrategies.com/community/thread/1618.aspxTue, 31 May 2011 14:34:00 GMT88e7d8e9-7e6a-42e2-9bb4-ac2d4ec93cef:1618alan.pattersonThis forum is about this article by Russell Bennett: SIP Trunking: How the NET UX2000 Helps Balance Risk and Reward, https://ucstrategies.com/unified-communications-expert-views/sip-trunking-how-the-net-ux2000-helps-balance-risk-and-reward.aspx<div style="clear:both;"></div>