Presentation is loading. Please wait.

Presentation is loading. Please wait.

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.

Published byColleen Matthews Modified over 9 years ago

Similar presentations

Presentation on theme: "H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken."— Presentation transcript:

1 H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken

2 About this document It’s an IETF Draft Not an official standard Expired July 2000. It describes the problems with trying to use H.323 through firewalls and NAT devices

3 What is H.323? Carries (video) phone over TCP/UDP/IP A telecommunications standard Rather complex protocol (compared with HTTP) Uses multiple TCP / UDP connections per call to carry the data

4 What is a firewall? Protects internal network from external threats by filtering traffic Can perform Network Address Translation (NAT) Internal Network External Network (Internet) FIRE WALL 10.0.0.*10.0.0.2 130.216.191.46 *.*.*.*

5 The Combined Problem H.323 embeds connection addresses in signalling connection mismatch NAT causes a mismatch between IP header and H.323 stream End-to-end encryption prevents H.323 aware NAT rewriting the traffic Breaks IP address based authentication But we want encryption and NAT!

6 Further problems RFC 2663: “NAT devices operate on the assumption that each session is independent.” gateways Applications like H.323 that use control and follow-on sessions require gateways to interpret and translate the payload. Simple packet filtering will not work more We need something more than just NAT or simple firewalls.

7 Possible solutions Stateful Inspection Application Proxy Virtual Private Network Circuit Proxies RSIP Firewall control protocol

8 User B Virtual User D Application Proxy Have a go-between that: Is “an instance of the application (H.323)” Runs on a trusted host Like two phones taped together No end-to-end encryption Efficiency Considerations Application Proxy User A Virtual User C

9 Circuit Proxy / Firewall Control End clients open pinholes in firewall and communicate through them For example, the SOCKS protocol End system must be aware of the circuit proxy—it’s not transparent. Works at the connection level (Circuit Proxy) or packet level (Firewall Control Protocol)

10 Session Initiation Protocol IETF Competitor to H323 Uses SIP proxy and RTP proxy The same RTP that carries H323 data SIP proxy uses MCGP to open/close/control RTP proxy In effect circuit level This slide is hidden and will not be presented.

11 Conclusion Firewalls and NATs are often difficult for some complex protocols H.323 alone can’t handle this problem. I think networks will end up having call servers for H.323 and similar protocols.

12 Questions? What applications (if any) need end-to- end encrypted signalling?

13 Another Question What to do about incoming connections? The author has not dealt with them

Download ppt "H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken."

Similar presentations

SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
www.dynamicsoft.com Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.
Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Voice over IP Fundamentals

Voice over IP Fundamentals
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
STUN Date: 2011-05-25 Speaker: Hui-Hsiung Chung 1.

STUN Date: Speaker: Hui-Hsiung Chung 1.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.

Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.
SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Similar presentations

Ads by Google