Architekturen verteilter Firewalls für IP-Telefonie-Plattformen

The history of the Internet has been an impressive success story. The underlying IP protocol suite originally has been designed for non-realtime computer communications. However, practical experience has shown that these protocols are also suitable for the realtime transmission of multimedia sessions in many scenarios. Today, “Voice over IP” (VoIP) is widely used to replace conventional private branch exchanges or for making cheap long-distance calls on the Internet. However, this “open” federation of interconnected networks operated by various parties has also many problems, especially in the area of network security. Therefore, security is a key issue when discussing plans for a future-generation all-IP network capable of offering all types of services, including those currently provided by the conventional PSTN/ISDN networks. Access control on network traffic traversing boundaries between domains with different security properties and requirements plays an important role when securing networks. In IP networks this concept is implemented in so-called firewalls. In the context of IP-based multimedia applications the tasks of a firewall can be classified into two main functions: access control on the signaling protocols and access control on the actual media flows. For the coordination between the two modules implementing these functions, a signaling protocol is needed. Two basic architectural approaches exist for performing this task, the path-decoupled and the path-coupled firewall signaling. Working groups of the Internet Engineering Task Force are currently working on the specifications of two specific signaling architectures and corresponding protocols, each following one of these approaches, respectively (MIDCOM and NSIS). Other standardization organizations work on similar solutions. In scientific literature, this classification is known, too. However, contributions usually itemize only some rather obvious advantages and disadvantages of the architectures. The aim of this thesis is to perform a comprehensive analysis and comparison of both approaches. In addition to the protection goals, functional aspects and operational requirements shall be considered. Furthermore, the impact of firewall control on quality of service and scalability of the network infrastructure is studied. Chapter 2 gives an overview on IP-telephony, the Session Initiation Protocol (SIP), network security, and firewalls. In chapter 3, security threats for IP-telephony are investigated. It is shown that the “usual” approach for securing Internet applications – establishing cryptographic channels on top of an insecure physical infrastructure – cannot defend against all types of attacks. This applies in particular to so-called denial-of-service (DoS) attacks, which aim at disrupting services by flooding parts of the infrastructure with large amounts of messages, thus overwhelming devices and deliberately causing congestion. Firewalls can contribute to the mitigation of