Đang chuẩn bị liên kết để tải về tài liệu:
Ebook Securing VOIP networks: Threats, vulnerabilities, and countermeasures – Part 2
Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Ebook Securing VOIP networks: Threats, vulnerabilities, and countermeasures – Part 1 includes content: Chapter 6: Media Protection Mechanisms; Chapter 7: Key Management Mechanisms; Chapter 8: VoIP and Network Security Controls; Chapter 9: A Security Framework for Enterprise VoIP Networks; Chapter 10: Provider Architectures and Security; Chapter 11: Enterprise Architectures and Security. | C H A P T E R 6 MEDIA PROTECTION MECHANISMS Any multimedia application such as video voice or gaming uses a dis- tinct set of protocols to set up sessions between end points for example SIP H.323 and a distinct protocol to transmit the media streams. The standard protocol used to exchange media streams is RTP1 Real Time Protocol which is defined in RFC 3550. As discussed in Chapter 3 Threats and Attacks RTP streams can be intercepted and manipulated in order totperform various attacks. Although IPSec can be used to protect o RTP its limitations require a more scalable and versatile solution that alle- viates the NAT traversal issue dynamic allocation of sessions 2 and the need for a PKI. This has led to the development of SRTP 3 Secure Real Time Protocol . The use of SRTP requires a mechanism to exchange cryp- tographic keys before sending any media. Therefore key management protocols such as MIKEY and SDescriptions4 have been proposed to pro- vide the necessary keying material and management mechanisms to main- tain the security of multimedia sessions. Currently there is not a single key-exchange mechanism considered to be the industry standard because each has strengths and weaknesses. The most logical approach to combine SRTP with the appropriate key-exchange mechanism is to identify the requirements that need to be supported by the environment and evaluate the applicability of each of the existing key management mechanisms. Alternatives to using SRTP include DTLS Datagram Transport Layer Security and IPSec which were discussed in Chapter 5 Signaling Protection Mechanisms. The following sections describe SRTP and dis- cuss its strengths and limitations. 1. H. Schulzrinne et al. RTP A Transport Protocol for Real-Time Applications IETF RFC 3550 July 2003. 2. P. Thermos T. Bowen J. Haluska and Steve Ungar. Using IPSec and Intrusion Detection to pro- tect SIP implanted IP telephony. IEEE GlobeCom 2004. 3. M. Baugher D. McGrew M. Naslund E. Carrara and K. Norrman. .