SecSip: a stateful firewall for SIP-based networks

Authors:
Abdelkader Lahmadi;Olivier Festor
Affiliations:
INRIA Nancy, Grand Est Research Center, Villers-Lès-Nancy, France;INRIA Nancy, Grand Est Research Center, Villers-Lès-Nancy, France
Venue:
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Year:
2009

Citing 8
Cited 2

Bro: a system for detecting network intruders in real-time

Computer Networks: The International Journal of Computer and Telecommunications Networking
SCIDIVE: A Stateful and Cross Protocol Intrusion Detection Architecture for Voice-over-IP Environments

DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
VoIP Intrusion Detection Through Interacting Protocol State Machines

DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Billing attacks on SIP-based VoIP systems

WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
VoIP defender: highly scalable SIP-based security architecture

Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
KiF: a stateful SIP fuzzer

Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Survey of security vulnerabilities in session initiation protocol

IEEE Communications Surveys & Tutorials

Enforcing security with behavioral fingerprinting

Proceedings of the 7th International Conference on Network and Services Management
SIPAD: SIP-VoIP Anomaly Detection using a Stateful Rule Tree

Computer Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

SIP-based networks are becoming the de-facto standard for voice, video and instant messaging services. Being exposed to many threats while playing an major role in the operation of essential services, the need for dedicated security management approaches is rapidly increasing. In this paper we present an original security management approach based on a specific vulnerability aware SIP stateful firewall. Through known attack descriptions, we illustrate the power of the configuration language of the firewall which uses the capability to specify stateful objects that track data from multiple SIP elements within their lifetime. We demonstrate through measurements on a real implementation of the firewall its efficiency and performance.