The transmission of voice signals over a packet network offers economies of scale which make it likely that common carriers will, over time, evolve their circuit switched voice networks into converged services packet switched networks that will transport voice traffic in packets. The full realization of this voice over packet network paradigm, however, will likely be delayed until the security of the voice traffic carried over the packet network is improved to the point at which it rivals that of present day circuit switched networks.
A likely protocol to be employed in a voice over packet network is Internet Protocol, or more conveniently, IP. Accordingly, such networks are oftentimes referred to as voice over Internet Protocol networks (VoIP).
IP has become attractive for such applications, in part, because of its ubiquity. Unfortunately however, IP and networks designed thereon suffer from a lack of security as a legacy of how IP networks were originally designed with little or no security functions built in. Recent attempts to remedy the security deficiencies of IP have focused on protocol enhancements such as those which include the incorporation of IPSecurity (IPSec) at the Network Layer, and other schemes at the Application Layer (e.g., application security protocols).
In VoIP networks, these new security enhancements can be difficult to implement, either because of the distributed nature of VoIP networks (many hops), or because they frequently utilize digital certificate-based key systems which are difficult to manage—especially for large, common carrier size networks. One alternative is to protect crucial network assets, such as server farms of media gateways, signaling gateways, and softswitches by employing network perimeter protection devices that block unwanted and/or potentially nefarious traffic from reaching those assets. Unfortunately however, VoIP networks have specific requirements that make using traditional perimeter protection devices, such as firewalls, not practical as such devices, and in particular firewalls, typically block unwanted traffic on a specific IP port in a static manner, i.e., specific ports are allowed/excluded independent of time.
In a VoIP network, ports used to carry the media part of a call are normally dynamically assigned through signaling, released upon call termination, and reused for subsequent call(s) later. As a result, a scheme was designed that permitted firewalls to open and close ports dynamically, for a specific call, from signaling information obtained from a signaling channel at call setup and call termination. This scheme and related method(s) are sometimes referred to as “dynamic pinhole filtering”, as the firewalls filter traffic dynamically by opening/closing ports (pinholes) depending upon the state and progress of a call. When implemented correctly at the network perimeter, dynamic pinhole filtering advantageously provides protection at a level of granularity not realizable through other current security technologies.
As can be appreciated, strict verification of the correctness of a dynamic pinhole filtering implementation is of paramount importance as a defective implementation could result in “windows of vulnerability” which could be maliciously exploited to invade the very assets being protected. Worse still, a partially correct implementation may contribute to a false sense of security, while leaving network assets exposed to malicious attack or takeover. Such windows of vulnerability can, in turn, be used by a malicious attacker for Denial of Service Attacks in simple cases. In more complex cases, such windows of vulnerability can be used by a malicious attacker to takeover network assets that can be used to control and disrupt other parts of the network.
Accordingly, a continuing need exists for methods that provide or otherwise facilitate the strict verification of security measures employed in VoIP networks, and in particular networks utilizing dynamic pinhole filtering. In particular, there is a need for methods of verifying firewall operation prior to deployment, a need for methods of determining the maximum loading that is possible on a firewall prior to an unacceptable degradation in security and/or service, and there is also a need for methods of monitoring a firewall while deployed in an active system to insure that it is operating properly with port opening and closing delays remaining within preselected limits.