Securing Voice Over IP

Introduction to Check Point Secure VoIP

Check Point's R80.40 secures your VoIP environment. Check Point Security Gateways secure VoIP traffic in SIP, H.323, MGCP, and SCCP environments. VoIP calls involve complex protocols, each of which can carry potentially threatening information through many ports.

The Check Point Security Gateways confirm that the caller and receiver addresses are located where they are supposed to be, and that the caller and receiver are allowed to make and receive VoIP calls. The Security Gateways examine the contents of the packets and confirm that they carry only allowed information. Full stateful inspection on SIP, H.323, MGCP, and SCCP commands ensure that all VoIP packets are structurally valid, and that they arrive in a valid sequence.

This guide explains how to configure the Check Point Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. when VoIP passes through it.

You can deploy VoIP over these protocols:

• SIP (see Session Initiation Protocol (SIP))

• MGCP (see MGCP-Based VoIP)

• H.323 (see H.323-Based VoIP)

• SCCP (see SCCP-Based VoIP)

VoIP and the Security Gateway

The Security Gateway secures VoIP traffic in SIP, MGCP, H.323, and SCCP environments.

VoIP calls use a series of complex protocols, each of which can transmit potentially malicious data through many ports.

The Security Gateway makes sure that:

• Caller and recipient addresses are where they claim to be

• Caller and recipient are allowed to make and receive VoIP calls

In addition, the Security Gateway examines the contents of the packets passing through all allowed ports to make sure the packets contain the correct information.

Full stateful inspection on all protocols makes sure that:

• All VoIP packets are structurally valid

• The packets arrive in a valid sequence