Introduction
From basic phone calls to instant messaging, digital methods of communication have surged in recent years, propelled by both technology (Voice over IP, the proliferation of smartphones and mobile devices) and the convenience of near-instant contact from anywhere with an internet connection.
But before such communications can occur, the devices involved must first establish a connection, trading the information they’ll need to support the interaction. This is often accomplished using SIP—Session Initiation Protocol—a signaling protocol used to enable communication services, like VoIP.
OpenSIPS is an open-source server platform supporting SIP. While it offers some key advantages for developers, OpenSIPS also has plenty of opportunities to enhance the platform.
That’s worrisome, especially for businesses trying to provision fast, functional real-time communications in this era of remote and hybrid work amid a heightened cybersecurity risk landscape. Across countries and industries, the cost of cyberattacks increased by 72% over the last five years, according to Accenture’s Annual Cost of Cybercrime study, and an overwhelming number of business leaders worry that a growing reliance on new technologies is increasing their vulnerability.
The good news? You don’t have to sacrifice performance to protect communications from common cyber threats.
What is OpenSIPS?
Ideally, communication happens so quickly that a user is never aware there are two distinct phases to establishing a voice call. But the reality is that before devices can share information, they first need to exchange details about how to handle the call.
For VoIP, a signaling protocol called SIP is used for the exchange. SIP is an application layer protocol that defines the messages sent between user devices, or endpoints, and rules for establishing and terminating a VoIP session. SIP can be used for voice calls, video calls, instant messaging, and other interactive applications.
OpenSIPS is an open-source server platform that is often employed to support SIP. Released under the GNU General Public License, OpenSIPS software is free to developers. Like previous versions, the latest release—version 3.2.0, deployed in July—can be freely used, shared, and modified.
The benefits of using OpenSIPS
Just like other open-source software, OpenSIPS is available free of cost—and because it’s so widely used, it benefits from ongoing collaboration and improvements from developers worldwide. Some recent enhancements in the new release include greater cloud integration and monitoring capabilities, better cluster control and management, security improvements such as reworked TLS/SSL authentication, and the full ability to support Diameter applications.
There are additional reasons why OpenSIPS has become a prolific option used by telecom companies, enterprises, and a host of others over the last 10+ years:
Performance
Ultimately, performance is king—and there are comprehensive assessments of OpenSIPS that conclude it delivers on high levels of speed, throughput, and additional performance metrics compared to other SIP servers and proxies.
Ease of use
OpenSIPS is easy to deploy and requires only basic Linux and programming logic knowledge. OpenSIPS’ custom language is quite similar to C code, although there are some advanced scenarios where a basic grasp of SIP is also helpful.
There is also extensive how-to documentation available for deploying OpenSIPS. From basic installation and setup to advanced topics such as SIP routing, the sizable community of developers who use OpenSIPS has given rise to a robust library of webinars, tutorials, and other resources.
Flexibility
OpenSIPS’ scripting language and modular architecture make it simple to plug in various functionalities as needed.
OpenSIPS’ main challenge
Some security features—such as Message Digest Authentication, which verifies a users’ credentials—are available in OpenSIPS. But even with those deployed, the SIP managed communications network remains an attractive target for hackers and is still highly vulnerable to certain types of attacks:
DDoS attacks
A DDoS, or distributed denial of service attack, occurs when hackers maliciously flood a network with traffic, bringing data flow to a halt. Unlike a regular denial-of-service attack, DDoS attacks are coordinated attacks from large-scale networks of devices (often individual machines infected with malware), making them difficult to shut down.
When a DDoS attack hits a VoIP carrier, the result is outages and disruptions to inbound and outbound calls, SMS, and other services. Such an attack can essentially bring call centers and other business operations to a halt for its duration.
As if such disruptions aren’t bad enough: after being plagued by such attacks, two U.K. VoIP providers were recently hit with a “colossal ransom demand” to make the denial of service attacks stop and restore service as usual.
Living off the land attacks
In living off the land attacks, hackers take control of legitimate hardware and software that already exist on a user’s machine or network. Such attacks can be tough to detect because they repurpose existing tools that would not generally arouse suspicion. Thus, they require a closer look at activity and performance data to identify.
Paradoxically, the very tools that are used to secure business networks can make real-time communications more vulnerable. Firewalls, which are used to protect the devices on a network from hackers, create challenges for any application that requires peer-to-peer communication.
The need to work around firewall restrictions can give rise to its own problems, such as latency. This is a reason why many real-time apps simply don’t work if a firewall is in place. In other words, performance and security are frequently mutually exclusive.
WebRTC sidesteps the obstacles firewalls create by using TURN, making it the most secure voice and video technology. But because TURN is a relay, it can slow performance. Meanwhile, SIP (including OpenSIPS), and VoIP apps that use SIP, remain among the most vulnerable to attacks.
Faster, more secure SIP transport
There are lots of examples in life where you have to take the pros with the cons. But cybersecurity probably isn’t an area where you want to accept anything less than optimal.
The good news is that you have options.
You may already be familiar with Subspace’s proprietary network, which allows apps to bypass the public internet for a high-performance network that’s built for real-time. When it comes to VoIP applications, you can add inherent protection from threats such as DDoS attacks to the list of Subspace advantages.
SIPTeleport is a stateful SIP proxy that acts as a gateway to Subspace. SIPTeleport sits between a company’s telecom infrastructure and the user, allowing for the secure flow of RTP/RTCP/SRTP/SRTCP traffic. With SIPTeleport, data is delivered via Subspace instead of the public internet, reducing exposure to threats. DDoS mitigation for SIPTeleport is coming soon.
Performance gets a boost, too: because Subspace uses AI-driven weather mapping to direct packets, and leverages the fastest available path. Real-time apps see as much as 80% lower latency and 99% less jitter on the network.
Advantages of using SIPTeleport
*Improved network visibility: Because Subspace owns the network, SIPTeleport provides end-to-end visibility into how SIP traffic moves. This allows for more efficient detection of issues that might slow down performance.
*Inline protection: The Subspace network provides a built-in, always-on layer of security that protects the network from DDoS attacks—without the risk of added latency.
*Built, configured, and managed by Subspace: Because the network is fully built, configured, and maintained by specialists, companies that use SIPTeleport don’t need to dedicate the same internal resources to manage their networks. This frees internal resources to focus on other critical tasks, from security training for employees to updating and upgrading outdated technology that might be vulnerable to attacks.
How to set up SIPTeleport with OpenSIPS
SipTeleport is a point-and-go solution that requires no installation. If you’re already using OpenSIPS, it’s pretty simple:
- Create an account on Subspace here).
- Log in and provide your existing SIP domain/URI of your OpenSIPS instance.
- SIPTeleport will then return a proxy IP address and port options to add to SIP registration.
- If you’re using Zoiper, add the SIPTeleport proxy URI to the “SIP_outbound_proxy” setting.
You can find a quickstart guide here.
Conclusion
In this era of connectivity from anywhere, we’re more reliant than ever before on communication apps. But amid the ever-growing threat of cyberattacks, businesses also can’t afford to let their guard down—even in the name of fast, efficient real-time communication performance.
But there’s no need to make tradeoffs.
Together, Subspace’s AI-driven network and SIPTeleport marry the need for speed with the imperative to protect real-time communications from cyber threats.
See how Subspace can help you optimize and protect your real-time communication.
