VoIP: Making Secure Calls and Maintaining High Call Quality

Modern multimedia communication tools must have high security, high availability and high quality of service (QoS). Any security implementation will directly impact on QoS. This paper will investigate how end-to-end security impacts on QoS in Voice over Internet Protocol (VoIP). The QoS is measured in terms of lost packet ratio, latency and jitter using different encryption algorithms, no security and just the use of IP firewalls in Local and Wide Area Networks (LAN and WAN). The results of laboratory tests indicate that the impact on the overall performance of VoIP depends upon the bandwidth availability and encryption algorithm used. The implementation of any encryption algorithm in low bandwidth environments degrades the voice quality due to increased loss packets and packet latency, but as bandwidth increases encrypted VoIP calls provided better service compared to an unsecured environment.Les eines modernes de comunicació multimèdia han de tenir alta seguretat, alta disponibilitat i alta qualitat de servei (QoS). Cap tipus d¿implementació de seguretat tindrà un impacte directe en la qualitat de servei. En aquest article s¿investiga com la seguretat d'extrem a extrem impacta en la qualitat de servei de veu sobre el Protocol d'Internet (VoIP). La qualitat de servei es mesura en termes de pèrdua de proporció de paquets, latència i jitter utilitzant diferents algoritmes d¿encriptació, sense seguretat i només amb l'ús de tallafocs IP en local i en xarxes d'àrea àmplia (LAN i WAN). Els resultats de les proves de laboratori indiquen que l'impacte general sobre el rendiment de VoIP depèn de la disponibilitat d'ample de banda i l'algorisme de xifrat que s'utilitza. La implementació de qualsevol algorisme de xifrat en entorns de baix ample de banda degrada la veu a causa de l'augment de la pèrdua de paquets i latència dels paquets de qualitat, però quan l'ample de banda augmenta les trucades de VoIP xifrades proporcionen un millor servei en comparació amb un entorn sense seguretat.Las herramientas modernas de comunicación multimedia deben tener alta seguridad, alta disponibilidad y alta calidad de servicio (QoS). Ningún tipo de implementación de seguridad tendrá un impacto directo en la calidad de servicio. En este artículo se investiga como la seguridad de extremo a extremo impacta en la calidad de servicio de voz sobre el Protocolo de Internet (VoIP). La calidad de servicio se mide en términos de pérdida de proporción de paquetes, latencia y jitter utilizando diferentes algoritmos de encriptación, sin seguridad y sólo con el uso de cortafuegos IP en local y en redes de área amplia (LAN y WAN). Los resultados de las pruebas de laboratorio indican que el impacto general sobre el rendimiento de VoIP depende de la disponibilidad de ancho de banda y el algoritmo de cifrado que se utiliza. La implementación de cualquier algoritmo de cifrado en entornos de bajo ancho de banda degrada la voz debido al aumento de la pérdida de paquetes y latencia de los paquetes de calidad, pero cuando el ancho de banda aumenta las llamadas de VoIP cifradas proporcionan un mejor servicio en comparación con un entorno sin seguridad

Secure Remote Access IPSEC Virtual Private Network to University Network System

With the popularity of the Internet and improvement of information technology, digital information sharing increasingly becomes the trend. More and More universities pay attention to the digital campus, and the construction of digital library has become the focus of digital campus. A set of manageable, authenticated and secure solutions are needed for remote access to make the campus network be a transit point for the outside users. Remote Access IPSEC Virtual Private Network gives the solution of remote access to e-library resources, networks resources and so on very safely through a public network. It establishes a safe and stable tunnel which encrypts the data passing through it with robust secured algorithms. It is to establish a virtual private network in Internet, so that the two long-distance network users can transmit data to each other in a dedicated network channel. Using this technology, multi-network campus can communicate securely in the unreliable public internet

Simultaneous Implementation Of Ssl And Ipsec Protocols For Remote Vpn Connection

A Virtual Private Network is a wide spread technology for connecting remote users and locations to the main core network. It has number of benefits such as cost-efficiency and security. SSL and IPSec are the most popular VPN protocols employed by large number of organizations. Each protocol has its benefits and disadvantages. Simultaneous SSL and IPSec implementation delivers efficient and flexible solution for companies’ with heterogeneous remote connection needs. On the other hand, employing two different VPN technologies opens questions about compatibility, performance, and drawbacks especially if they are utilized by one network device. The study examines the behavior of the two VPN protocols implemented in one edge network device, ASA 5510 security appliance. It follows the configuration process as well as the effect of the VPN protocols on the ASA performance including routing functions, firewall access lists, and network address translation abilities. The paper also presents the cost effect and the maintenance requirements for utilizing SSL and IPSec in one edge network security devic

Implementation and Provisioning of Federated Networks in Hybrid Clouds (pre-print)

Federated cloud networking is needed to allow the seamless and efficient interconnection of resources distributed among different clouds. This work introduces a new cloud network federation framework for the automatic provision of Layer 2 (L2) and layer 3 (L3) virtual networks to interconnect geographically distributed cloud infrastructures in a hybrid cloud scenario. After a revision of existing encapsulation technologies to implement L2 and L3 overlay networks, the paper analyzes the main topologies that can be used to construct federated network overlays within hybrid clouds. In order to demonstrate the proposed solution and compare the different topologies, the article shows a proof-of-concept of a real federated network deployment in a hybrid cloud, which spans a local private cloud, managed with OpenNebula, and two public clouds, two different regions of mazon EC2. Results show that L2 and L3 overlay connectivity can be achieved with a minimal bandwidth overhead, lower than 10%

Dynamic deployment of context-aware access control policies for constrained security devices

Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identi ed based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., con guring, those security components and mechanisms so that the system behavior be nally the one speci ed by the policy. The deployment issue becomes more di cult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modi cations introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action speci cation languages

Simple-VPN: Simple IPsec Configuration

The IPsec protocol promised easy, ubiquitous encryption. That has never happened. For the most part, IPsec usage is confined to VPNs for road warriors, largely due to needless configuration complexity and incompatible implementations. We have designed a simple VPN configuration language that hides the unwanted complexities. Virtually no options are necessary or possible. The administrator specifies the absolute minimum of information: the authorized hosts, their operating systems, and a little about the network topology; everything else, including certificate generation, is automatic. Our implementation includes a multitarget compiler, which generates implementation-specific configuration files for three different platforms; others are easy to add