engleski

Real-time Management of Firewalls for Enabling SIP Communication

In the time of growing usage of IP-based technologies, protecting network resources from unauthorized access is of greater and greater importance. To control access to network resources the traffic between intranet and the Internet usually passes through a firewall device. Although very useful in controlling access to network resources, firewalls present a problem for applications that dynamically allocate TCP or UDP ports in their communication. In SIP protocol, during the establishment of a new session, User Agents negotiate ports through which audio and video RTP streams will flow. In order to enable these flows through firewall, the information about used ports must be communicated to the firewall. For this purpose, we have developed a "SIP firewall" and in this paper we present its architecture and implementation. This firewall is capable of dynamically opening and closing ports according to the requirements of SIP sessions. It consists of two parts: the SIP proxy and the firewall device (also called middlebox device). Both of these parts perform their usual duties, with the addition of opening and closing ports in a firewall to enable audio and video RTP streams, according to SIP signalization between end-points. The architecture is based on the MIDCOM architecture specified in [RFC3303] and uses SNMP protocol for communication between SIP proxy and firewall. The implementation is based on GNU/Linux operating system and Java programming language. The middlebox functionality is based on Linux IP tables subsystem.

SIP; VoIP; firewall; MIDCOM

nije evidentirano