Roedig, Utz and Ackermann, Ralf and Steinmetz, Ralf (2000) Evaluating and improving firewalls for ip-telephony environments. In: Proceedings of the 1st IP-Telephony Workshop (IPTel2000), Berlin, Germany :. GMD-Forschungszentrum Informationstechnik GmbH, pp. 161-166.
Abstract
Firewalls are a well established security mechanism for providing access control and auditing at the borders between different administrative network domains. Their basic architecture, techniques and operation modes did not change fundamentally during the last years. On the other side new challenges emerge rapidly when new innovative application domains have to be supported. IP-Telephony applications are considered to have a huge economic potential in the near future. For their widespread acceptance and thereby their economic success they must cope with established security policies. Existing firewalls face immense problems here, if they - as it still happens quite often - try to handle the new challenges in a way they did with "traditional applications". As we will show in this paper, IP-Telephony applications differ from those in many aspects, which makes such an approach quite inadequate. After identifying and characterizing the problems we therefore describe and evaluate a more appropriate approach. The feasibility of our architecture will be shown. It forms the basis of a prototype implementation, that we are currently working on.