Application protocols conventionally use one control flow with one or more media flows between endpoints. A classic example is a file transfer protocol (FTP) transaction where the control flow is created between a single client and a single server and the media flow parameters are negotiated in the control channel. Securing a network in this context usually involves negotiating media flow parameters in the single control flow and narrowing available resources for media flow upon the start of the media flow.
However, recent application protocols, such as packet-based telephony application protocols, deviate from the principle of one control flow to many media flows. Instead, multiple signaling and media flows coexist. For example, a single signaling flow may govern multiple media flows, and the multiple media flows may pertain to one or more communication sessions. Alternatively, multiple signaling flows may govern a single media flow pertaining to one or more communication sessions. Furthermore, these application protocols often deviate from the client-server model in other ways. For example, a single flow may be initiated by or include multiple network nodes, such as gateways, proxy servers, and media endpoints, each of which will have a distinct source address and, perhaps, distinct port addresses. Thus, previous security methods may be unworkable and ineffective to meet the needs of these recent application protocols.