Thanks guys, I will indeed consider the suggestions and revert back with the chosen technology when the project kicks off. Regards, Moses On Tue, Jul 19, 2011 at 4:33 PM, Kigunda Mbogo <kigunda.mbogo@gmail.com>wrote:
Dear Moses,
I understand that you have contacted CISCO and Juniper and you not impressed. Looking for something better? I recommend *Phion (now Barracuda Networks AG) firewalls*.
You may contact www.geda.co.ke, they are Official Distributor in East Africa!
Regards,
On Mon, Jul 18, 2011 at 7:15 PM, Moses Mungai <mosesnm@gmail.com> wrote:
Hallo Listers,
*(First of all, apologies for a long email)*
This is mainly meant for the Network or Security Engineers in Telco/ISP environments out there.
I work in a Telco (mainly VoIP) and we are looking to buy Big Fat Firewalls with IDS/IPS features with throughput greater than 40Gbps
Reason for this high perfomance requirement is that we want to move VoIP traffic (SIP/RTP) behind the Firewalls to be able to do IDS/IPS inspection of this traffic which is very latency sensitive.
I have done a lot of research around and even contacted the 2 most popular Firewall vendors Cisco/Juniper but am NOT too impressed so far...
The highest demands that we have are on the following IDS/IPS functionalities:
1. Block SIP brute force registrations (Easy to Implement) 2. Ability to detect and block SIP fraud calls (toll fraud) by performing the following deep packet inspection tasks: - Setting a threshold of calls per calling number to destination number and blocking calls that exceed this threshold. - Alternatively the VoIP IPS should be able to do the above automatically e.g. learn calling patterns of Numbers automatically and be able to blacklist offending SRC IP/SIP URI when certain thresholds are reached (and removing this ban after some time) 3. Ability to detect and mitigate IP Telephony SPAM (SPIT)
That said, I have 2 ideas of how to implement the above:
1. *Put everything behind the new Firewalls (but then the FW in question has to have proper IDS/IPS features to automatically detect the above VoIP attacks and block them)* 2. *Install normal Enterprise class Firewalls (without IDS/IPS) and have a 3rd party tool e.g. SNORT doing this in real time and interacting directly with the FWs to block ongoing attacks on the fly.*
My question is to anyone out there who might have input on how best to implement this and which path you would take and why?
Your input is highly appreciated !
-- Kind Regards,
*Moses Mungai*
Oslo, Norway
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Kind Regards, *Moses Mungai* Oslo, Norway Mobile: +47 4626 4320