6,615 research outputs found
SecSip: A Stateful Firewall for SIP-based Networks
SIP-based networks are becoming the de-facto standard for voice, video and
instant messaging services. Being exposed to many threats while playing an
major role in the operation of essential services, the need for dedicated
security management approaches is rapidly increasing. In this paper we present
an original security management approach based on a specific vulnerability
aware SIP stateful firewall. Through known attack descriptions, we illustrate
the power of the configuration language of the firewall which uses the
capability to specify stateful objects that track data from multiple SIP
elements within their lifetime. We demonstrate through measurements on a real
implementation of the firewall its efficiency and performance
Intrusion detection mechanisms for VoIP applications
VoIP applications are emerging today as an important component in business
and communication industry. In this paper, we address the intrusion detection
and prevention in VoIP networks and describe how a conceptual solution based on
the Bayes inference approach can be used to reinforce the existent security
mechanisms. Our approach is based on network monitoring and analyzing of the
VoIP-specific traffic. We give a detailed example on attack detection using the
SIP signaling protocol
Recommended from our members
A Comprehensive Survey of Voice over IP Security Research
We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems
Preventing Distributed Denial-of-Service Attacks on the IMS Emergency Services Support through Adaptive Firewall Pinholing
Emergency services are vital services that Next Generation Networks (NGNs)
have to provide. As the IP Multimedia Subsystem (IMS) is in the heart of NGNs,
3GPP has carried the burden of specifying a standardized IMS-based emergency
services framework. Unfortunately, like any other IP-based standards, the
IMS-based emergency service framework is prone to Distributed Denial of Service
(DDoS) attacks. We propose in this work, a simple but efficient solution that
can prevent certain types of such attacks by creating firewall pinholes that
regular clients will surely be able to pass in contrast to the attackers
clients. Our solution was implemented, tested in an appropriate testbed, and
its efficiency was proven.Comment: 17 Pages, IJNGN Journa
VoIP security - attacks and solutions
Voice over IP (VoIP) technology is being extensively and rapidly deployed. Flexibility and cost efficiency are the key factors luring enterprises to transition to VoIP. Some security problems may surface with the widespread deployment of VoIP. This article presents an overview of VoIP systems and its security issues. First, we briefly describe basic VoIP architecture and its fundamental differences compared to PSTN. Next, basic VoIP protocols used for signaling and media transport, as well as defense mechanisms are described. Finally, current and potential VoIP attacks along with the approaches that have been adopted to counter the attacks are discussed
- …