Delivering a secure WebRTC gateway solution
Despite the huge appeal of WebRTC technology, it can potentially lead to unwanted consequences. By bringing voice, video, and unified communications (UC) traffic directly from a web browser via the public internet, WebRTC exposes the contact center to security threats such as denial of service (DoS) and distributed denial of service (DDoS) attacks, fraud or eavesdropping.
In the previous blog WebRTC - Integrating the Contact Center with the Enterprise Website in this series, we described the role played by the WebRTC gateway in making the SIP world of the call center interoperable with the WebRTC world, integrating the call center with the enterprise website.
Despite the huge appeal of WebRTC technology, it can potentially lead to unwanted consequences. By bringing voice, video, and unified communications (UC) traffic directly from a web browser via the public internet, WebRTC exposes the contact center to security threats such as denial of service (DoS) and distributed denial of service (DDoS) attacks, fraud or eavesdropping. Any contact center that wants to deploy WebRTC must ensure that it has eliminated any vulnerabilities to mitigate the threat.
In the VoIP world, session border controllers (SBC) are typically responsible for providing enhanced security to communication solutions such as unified communications and contact centers. SBCs form an effective demarcation point between non-trusted VoIP networks, such as the public internet, and the trusted communication network that is being protected. They perform SIP mediation and media handling (interoperability).
ENHANCE YOUR CX
SECURE WEBRTC FOR CONTACT CENTERS
Should the WebRTC gateway be deployed in tandem with the SBC, it might be taken down and crash during a DoS/DDoS attack, unless appropriate security mechanisms have been incorporated into the WebRTC gateway design and code. Using the WebRTC gateway for signaling-only communication directly with the contact center’s SIP application server makes things even worse: in this case, if the WebRTC gateway survives a DoS/DDoS attack, it will allow the attack to pass through and overwhelm the application server. Clearly neither of these options commonly used in WebRTC deployments meets the security requirements, and an alternative solution needs to be applied.
Figure 1 - Vulnerable WebRTC Gateway Deployment Configurations
AudioCodes’ unique WebRTC offering provides comprehensive VoIP security by virtue of the AudioCodes WebRTC gateway being integrated within the SBC. Competing solutions typically include a dedicated WebRTC gateway that is separate from the SBC and is thus vulnerable to VoIP attacks. Such an external gateway cannot be protected by placing an SBC in front of it since a standard SBC is itself vulnerable to VoIP attacks and is unable to handle WebRTC streams. By integrating the WebRTC gateway within the SBC, AudioCodes provides a solution that is attack-proof, giving IT managers the peace of mind that their contact center and enterprise voice network are fully secured.
Figure 2 - Secure and DDoS-Proof WebRTC Gateway Deployment Configuration
Need Additional Information About our WebRTC Solution? Contact Us.