As VoIP deployment are expected to grow, intrusion problems similar to those of which data networks experience will become very critical. In the early stages of deployment, the intrusion and security problems have not been seriously considered, although they could have a negative impact on VoIP deployment. In the paper, SIP intrusion detection and prevention requirements are analyzed and an IDS/IPS architecture is proposed. A prototype of the proposed architecture was implemented using as a basis the very popular open-source software Snort, a network-based intrusion detection and prevention system. The prototype of the proposed architecture extends the basic functionality of Snort, making use of the preprocessing feature that permits analyzing protocols of layers above the TCP/UDP one. The preprocessors block is a very powerful one since it permits to implement both knowledge and behavior based intrusion detection and prevention techniques in Snort that basically adopts a network based technique. An important requirement of an IPS is that legitimate traffic should be forwarded to the recipient with no apparent disruption or delay of service. Hence, the performance of the proposed architecture has been evaluated in terms of impact that its operation has on the QoS experienced by the VoIP users.
[1]
Saurabh Bagchi,et al.
SCIDIVE: a stateful and cross protocol intrusion detection architecture for voice-over-IP environments
,
2004,
International Conference on Dependable Systems and Networks, 2004.
[2]
A.M.P. Brookes.
CHAPTER 4 – Measurement of Time
,
1968
.
[3]
Henning Schulzrinne,et al.
RTP: A Transport Protocol for Real-Time Applications
,
1996,
RFC.
[4]
Giordano Stefano,et al.
BRUTE: A High Performance and Extensibile Traffic Generator
,
2005
.
[5]
Jay Beale,et al.
Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications
,
2005
.