Cisco Cisco IPS 4255 Sensor White Paper
All contents are Copyright © 1992–2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 1 of 7
WHITE PAPER
MITIGATING ATTACKS IN VOIP ENVIRONMENTS
Wide-scale voice over IP (VoIP) implementations based on Session Initiation Protocol (SIP) and H.323 are gaining traction and are starting to be
heavily deployed in large enterprises (Figure 1). VoIP is becoming an equivalently pervasive solution in the small office/home office (SOHO)
market.
Service providers are deploying packet telephony technologies as an alternative to traditional circuit-switched telephone networks in order to shift
traditional voice services to packet-based networks and to create new services that combine data, voice, and video information. The lower cost
associated with converged data and voice networks is a prime rationale for deployment of packet telephony.
With the widespread deployments of VoIP helping businesses and individuals manage and accomplish critical day-to-day tasks, the infrastructure
supporting VoIP implementation must remain highly secure and available. A small amount of downtime can result in millions of dollars of lost
revenue and greater customer support costs. The building blocks of a VoIP network—the endpoints, gateways, and the gatekeepers—must have
hardened protocol implementations and be protected against possible denial of service (DoS) attacks, takeovers, or misuses.
Figure 1. SIP and H.323 Wholesale Call Transport
VOIP ARCHITECTURE
The VoIP infrastructure helps connect multiple PSTN and IP-based telephony endpoints. It consists of SIP/H.323 gateways that help the endpoints
establish connections by providing them with conversion of the data format, directory services, and call signaling services. While SIP is growing in
popularity due to its use of (and similarity to) Internet technologies such as HTTP, H.323 is more widely deployed and the standard is more mature.
One of the main advantages of H.323-based networks is the ability to manage available resources for call routing via H.323 gatekeepers. The
gatekeeper is the logical “switch” of the H.323 network, providing several basic services to all endpoints in its zone.
Gatekeeper services include address translation (alias name/number-to-network address), endpoint admission control (based on bandwidth
availability, concurrent call limitations, or registration privileges), bandwidth management, and zone management (the routing of calls originating or
terminating in the gatekeeper zone, including multiple path reroute). Gateways coordinate calls by communicating with gatekeepers using the
Registration, Admission, and Status (RAS) Protocol.