VolP vulnerability requires different security methods: a high-performance firewall and dynamic NAT system - Internet/IP Technologies

Communications News, Nov, 2001 by Craig Warren

Voice-over-Internet protocol (VolP) networks are IP-based and, as such, are vulnerable to the same hackers and denial-of-service (DOS) attacks that have disabled the public Internet: A rash of distributed DoS attacks affecting businesses like E*Trade and Amazon.com during the past year demonstrates just how easy gaining access to Internet-connected servers is.

The best time for businesses to protect their VolP networks, and subsequently their revenues and reputations, is before attacks occur. Most businesses, however, do not have the bandwidth to implement security policies to prevent attacks. Enterprises that have experimented with VolP have learned that it presents a challenge to current security solutions.

Enterprise networks should include a firewall that can handle the traffic demands of VolP and multimedia applications. The firewall must perform two tasks: it must have the ability to support one host to send voice packets to another host, from one port to another; and it must support signaling elements to control the firewall.

Whether an enterprise selects a managed service or takes charge of its own infrastructure, an important decision must be made about the technology. Data firewalls were not built to fit these requirements, and are unable to provide the high-speed and dynamic control functions that are necessary to support the deployment of VolP.

A decomposed model for providing firewall and network address translation (NAT) functions under application control is described in an Internet Engineering Task Force (IETF) Internet draft. The IETF affirms that such a device needs to encompass high-speed, stateless, packet-filtering technology, allowing policy provisioning and signaling elements to have control over the firewall.

In a VolP network, signaling elements control the call. They are responsible for locating the called party, and facilitating the call setup and tear-down messages-signaling the initiation and completion of a voice transmission. As endorsed by the IETF's model, these signaling elements control the firewall through a firewall control protocol.

When an authorized call is set up between two end points, the signaling element gleans the relevant IP addresses and port numbers to create policy for the firewall, or for multiple firewalls. The same (or another) signaling element can remove the policy from the firewall, when the call is torn down. As a result, the firewall remains opaque, letting no traffic through, until a telephone call is set up.

As new calls are initiated, policy is set up to match, and as calls conclude, policy is removed to match. At all times, the firewall allows only the media for existing, authorized calls to pass through it, free of any additional traffic. The enterprise is protected against attacks that could disrupt business operations.

Static policy is enforced to allow signaling traffic to pass through the firewall and allow other potentially essential network traffic through. The system needs to be able to support this sort of site-specific policy.

To achieve a level of high performance and low latency, the system must perform the firewall and NAT functions needed to prevent hacker attacks and maintain the privacy of enterprise network addresses. The ideal firewall system would consist of specialized hardware and software.

The hardware elements would include network interface cards to separate a protected (secure) network from an unprotected (open) one. An organization would connect the secure interface to the network to be protected, and the open interface to the network against which the secure network is being protected.

In this case, each interface card provides firewalling and NAT services to the path connecting the open and secure networks. The management card's ethernet interface provides the only management and control path from the processing cards. Because of this, the processing cards are invisible to the networks to which they are attached. This property makes the interface nonaddressable and enhances the security of the device.

A control interface to the signaling element is provided through the management card. Through application programming interfaces, the signaling element provisions the firewall by opening and closing media ports. All voice packets traversing the network interface undergo dynamic NAT to translate nonroutable private IP addresses/port numbers to public ones. This must be accomplished in real time to ensure that no address collisions occur.

An enterprise firewall system capable of handling VolP traffic must work in existing environments where routers, switches and data firewalls are already in use. Network designers and administrators must consider their needs and gauge the strengths and weaknesses of each network element to ensure reliability and availability of their networks.

The ideal VolP security solution is a high-performance firewall and dynamic NAT system, with performance characteristics designed specifically for the real-time requirements of IP telephony applications. Its firewall control protocol gives the call-signaling elements control of the firewall and its policies. It works alongside existing network infrastructure to provide the special IP network services needed to protect voice and video communications.