As VoIP deployment are expected to grow, intrusion problems similar to those of which data networks experience will become very critical. In the early stages of deployment, the intrusion and security problems have not been seriously considered, although they could have a negative impact on VoIP deployment. In the paper, SIP Intrusion Detection and Prevention requirements are analyzed and an IDS/IPS architecture is proposed. A prototype of the proposed architecture was implemented using as a basis the very popular open-source software Snort, a Network-based Intrusion Detection and Prevention System. The prototype of the proposed architecture extends the basic functionality of Snort, making use of the preprocessing feature that permits analyzing protocols of layers above the TCP/UDP one. The preprocessors block is a very powerful one since it permits to implement both knowledge and behavior based intrusion detection and prevention techniques in Snort that basically adopts a network based technique. An important requirement of an IPS is that legitimate traffic should be forwarded to the recipient with no apparent disruption or delay of service. Hence, the performance of the proposed architecture has been evaluated in terms of impact that its operation has on the QoS experienced by the VoIP users.

SIP intrusion detection and prevention: Recommendations and prototype implementation

GARROPPO, ROSARIO GIUSEPPE;GIORDANO, STEFANO;
2006-01-01

Abstract

As VoIP deployment are expected to grow, intrusion problems similar to those of which data networks experience will become very critical. In the early stages of deployment, the intrusion and security problems have not been seriously considered, although they could have a negative impact on VoIP deployment. In the paper, SIP Intrusion Detection and Prevention requirements are analyzed and an IDS/IPS architecture is proposed. A prototype of the proposed architecture was implemented using as a basis the very popular open-source software Snort, a Network-based Intrusion Detection and Prevention System. The prototype of the proposed architecture extends the basic functionality of Snort, making use of the preprocessing feature that permits analyzing protocols of layers above the TCP/UDP one. The preprocessors block is a very powerful one since it permits to implement both knowledge and behavior based intrusion detection and prevention techniques in Snort that basically adopts a network based technique. An important requirement of an IPS is that legitimate traffic should be forwarded to the recipient with no apparent disruption or delay of service. Hence, the performance of the proposed architecture has been evaluated in terms of impact that its operation has on the QoS experienced by the VoIP users.
2006
9781424401444
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/187790
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 46
  • ???jsp.display-item.citation.isi??? 15
social impact