|
Friends, Explain Firewall controlled protocol security? justinxavier 17-July-2008 01:33:01 PMComments Who may act as controller? 1. Anyone with valid permissions 2. Protocol specification does not dictate if it is end-devices, SIP proxy, human being, whatever 3. From deployment perspective, the scenario most likely with long-lasting relation between a few of controllers such as SIP proxies and network devices all of them trusted and belonging to the same administrative domain. 4. Application-layer security applies as well: a proxy never opens pinholes until both parties agree to set up a call, proxy approves it; proxy’s approval may require at least one party to authenticate 5. Mutual authentication and message integrity desperately needed; can be accomplished at transport/IP layer 6. Permissions defined by ACLs Posted by yogendra It is hard to impossible for Internet telephony to traverse firwalls and NATs. This inhibits a considerable number of Internet users from using Internet telephony services. Firewall Communication Protocol (FCP) is being designed to attack this problem. It connects signaling servers such as SIP Proxies or H.323 gatekeepers with firewalls, NATs and possibly other intermediate network devices ("middleboxes"). This construct enables to introduce application patchwork dealing with problems caused by firewalls and NATs in a scalable, easy-to-maintain and efficient manner. Posted by sagitraz |
Posted: 17-July-2008 02:04:55 PM By: sagitraz It is hard to impossible for Internet telephony to traverse firwalls and NATs. This inhibits a considerable number of Internet users from using Internet telephony services. Firewall Communication Protocol (FCP) is being designed to attack this problem. It connects signaling servers such as SIP Proxies or H.323 gatekeepers with firewalls, NATs and possibly other intermediate network devices ("middleboxes"). This construct enables to introduce application patchwork dealing with problems caused by firewalls and NATs in a scalable, easy-to-maintain and efficient manner. | |
Posted: 18-July-2008 11:36:59 AM By: yogendra Who may act as controller? 1. Anyone with valid permissions 2. Protocol specification does not dictate if it is end-devices, SIP proxy, human being, whatever 3. From deployment perspective, the scenario most likely with long-lasting relation between a few of controllers such as SIP proxies and network devices all of them trusted and belonging to the same administrative domain. 4. Application-layer security applies as well: a proxy never opens pinholes until both parties agree to set up a call, proxy approves it; proxy’s approval may require at least one party to authenticate 5. Mutual authentication and message integrity desperately needed; can be accomplished at transport/IP layer 6. Permissions defined by ACLs |