FIPS 140-2 Non-Proprietary Security Policy, Version 0.8
March 17, 2016
Sonus SBC 7000 Session Border Controller
©2016 Sonus Networks, Inc.
This document may be freely reproduced and distributed whole and intact including this copyright notice.
Page 6 of 32
Figure 2 Rear View of SBC 7000
The SBC is designed to fully address the next-generation need of SIP communications by delivering embedded
media transcoding, robust security and advanced call routing in a high-performance, medium form-factor device.
The SBC 7000 is designed to accommodate upto 150,000 call sessions. Some of the network and security
features provided by the module include:
Session-aware firewall, split DMZ5, bandwidth & QoS6 theft protection, topology hiding, DoS7/DDoS8
detection/blocking, rogue RTP9 protection, IPsec10 and TLS11 encryption
Embedded media transcoding hardware
H.323 and SIP-I/T interworking
Stateful call-handling even during overload/attack/outages
Embedded localized or centralized call-routing options
Far-end NAT12 traversal
TLS, IPsec (IKEv113) for signaling encryption
Secure RTP/RTCP14 for media encryption
Support for large number of protocols including IPv4, IPv6, IPv4/IPv6 interworking, SSH15, SFTP16, SNMP17,
HTTPS18, RTP/RTCP, UDP19, TCP20, DNS21, and ENUM22
Exceptional scalability even under heavy workloads
Device management using encrypted and authenticated device management messages
5 DMZ Demilitarized Zone
6 QoS Quality of Service
7 DoS Denial of Service
8 DoS/DDoS Denial-of-Service/Distributed Denial-of-Service
9 RTP Real-time Transport Protocol
10 IPsec Internet Protocol Secuirty
11 TLS Transport Layer Secuirty
12 NAT Network Address Translation
13 IKEv1 Internet Key Exchange version 1
14 RTCP RTP Control Protocol
15 SSH Secure Shell
16 SFTP SSH File Transport Protocol
17 SNMP Simple Network Management Protocol
18 HTTPS Hypertext Transfer Protocol Secure
19 UDP User Datagram Protocol
20 TCP Transmission Control Protocol
21 DNS Domain Name System
22 ENUM E.164 NUmber Mapping