首页 | 本学科首页   官方微博 | 高级检索  
相似文献
 共查询到20条相似文献,搜索用时 0 毫秒
1.
该文分析了基于SIP的VoIP安全问题,阐述了SIP基本网络模型和多层安全认证机制,提出了一种基于SIP的企业级VoIP安全框架,分析表明该框架可以消除VoIP通信存在的安全隐患。  相似文献   

2.
SIP协议提供了一个全新的支持会话的移动性的概念.几个无线技术论坛,比如3GPP2,已经决定采用SIP作为移动因特网会话管理的基础,但其QoS、性能和故障率并没有达到最优.如今已经成熟的GSM/UMTS移动通信已经对终端移动性树立了一个典范.利用这个事实作为依据,本文对SIP的移动性技术做了新的研究,并且分析了性能负担、加密和故障恢复等.这必将是SIP移动性的一个更有效的运作方式.  相似文献   

3.
基于SIP协议的VoIP中的威胁、风险和控制   总被引:2,自引:0,他引:2  
IP语音技术(VoIP)的来临和推动有极大改变电信面貌的潜力。然而,作为一个相对较新的技术,VoIP仍然面临着来自技术和社会的各种安全困扰。在本文中,提出了基于SIP协议的VoIP技术中存在的主要威胁和弱点。此外,将讨论一些应该在企业VoIP系统中实施的安全规定、政策和健全做法。  相似文献   

4.
In the era of IP-based service, people expect a simple, cheap, and competent Voice over IP (VoIP) service as an alternative of the traditional voice over PSTN. The introduction of the SIP protocol realizes the expectation. Following the cost saving spirit of VoIP, we focus on studying inexpensive high availability solutions for the SIP-based VoIP Service. In this paper, Peer-to-Peer (P2P) based and DN-LB based schemes are mainly compared in the paper. A P2P-based scheme enables an inexpensive high availability solution to the VoIP service by the shared computation resources form P2P nodes. Such a P2P-based solution may be appropriate for an individual VoIP user. However, a caller may take a large volume of messages to find out a callee via the proxy nodes in the P2P network. This inherent property of a P2P network may induce the message overhead and long call setup delay. Based on above, another inexpensive scheme, which is a probing-based name resolution solution, is proposed to achieve high availability and load balancing for the VoIP service. We tag the probing mechanism onto the open source project Domain Name Relay Daemon (DNRD) to become a domain name resolution based load balancer (DN-LB). With DN-LB, all request messages from clients can be fairly distributed to all failure-proof proxy servers in the server farm without using any additional costly intermediate network device and changing the standard SIP architecture. Such a DN-LB based solution may be a good choice for a VoIP service provider.  相似文献   

5.
VoIP应用程序可以以相对低廉的价格,为用户提供优质的语音甚至是视频实时通信服务,然而,IETF提供的请求/应答机制在当前充满NAT的网络环境面前,经常无法正常工作.目前的解决方案都是基于STUN协议的,而该协议会周期性地发出心跳消息以维持公网和私网地址的映射关系;这些消息对VoIP服务器来说是一种极大的资源浪费,设计并实现了一种基于SIP的自适应端到端通信系统,支持NAT下的端到端VoIP通信.系统扩展了SDP请.求/应答模型,使其能够令一个会话中的各个端用户交换公网和私网地址/端口号.通过实现一个实际系统证明了该扩展方案的可行性.一系列实验证明了提出的系统相比其它基于超级结点转发机制的VoIP应用在效率和表现上的优越性.  相似文献   

6.
SIP协议是NGN中的重要协议之一,它在Internet环境下建立并管理会话,正以迅猛的速度改变当今企业及各种机构的沟通方式,因此对SIP协议安全性的研究也就显得格外重要.尽管多年来全球无数网络安全专家都在潜心研究DoS攻击的解决办法,但到目前为止收效不大,因为DoS攻击利用了协议本身的弱点.研究了针对VoIP环境下的DoS攻击,在简单介绍SIP协议和DoS攻击的基础上,详细地描述了基于SIP的VoIP网络环境中的DoS攻击的多种攻击类型,并给出针对这些攻击的网络安全维护对策.  相似文献   

7.
8.
Security of session initiation protocol (SIP) servers is a serious concern of Voice over Internet (VoIP) vendors. The important contribution of our paper is an accurate and real-time attack classification system that detects: (1) application layer SIP flood attacks that result in denial of service (DoS) and distributed DoS attacks, and (2) Spam over Internet Telephony (SPIT). The major advantage of our framework over existing schemes is that it performs packet-based analysis using a set of spatial and temporal features. As a result, we do not need to transform network packet streams into traffic flows and thus save significant processing and memory overheads associated with the flow-based analysis. We evaluate our framework on a real-world SIP traffic—collected from the SIP server of a VoIP vendor—by injecting a number of application layer anomalies in it. The results of our experiments show that our proposed framework achieves significantly greater detection accuracy compared with existing state-of-the-art flooding and SPIT detection schemes.  相似文献   

9.
《Computer》2001,34(11):32-38
Most organizations recognize the importance of cyber security and are implementing various forms of protection. However, many are failing to find and fix known security problems in the software packages they use as the building blocks of their networks and systems, a vulnerability that a hacker can exploit to bypass all other efforts to secure the enterprise. The Common Vulnerabilities and Exposures (CVE) initiative seeks to avoid such disasters and transform this area from a liability to a key asset in the fight to build and maintain secure systems. Coordinating international, community-based efforts from industry, government and academia, CVE strives to find and fix software product vulnerabilities more rapidly, predictably, and efficiently. The initiative seeks the adoption of a common naming practice for describing software vulnerabilities. Once adopted, these names will be included within security tools and services and on the fix sites of commercial and open source software package providers. As vendors respond to more users requests for CVE-compatible fix sites, securing the enterprise will gradually include the complete cycle of finding, analyzing, and fixing vulnerabilities  相似文献   

10.
Many law enforcement wiretap systems are vulnerable to simple, unilateral countermeasures that exploit the unprotected in-band signals passed between the telephone network and the collection system. This article describes the problem as well as some remedies and workarounds.  相似文献   

11.
12.
SIP协议(Session Initiation Protocol)作为一种应用层的信令控制协议具有灵活、方便、易扩展的特性。文章针对目前远程教学系统灵活度不够的问题,综合SIP协义的特性,提出了一种基于SIP协议的远程教学系统。  相似文献   

13.
本文讨论了在Firewall和NAT环境下,部署大范围基于SIP的语音和多媒体业务的过程中引发的问题,并就如何在保证用户安全性不受影响的前提下为位于防火墙(Firewall)和网络地址转换(NAT,Network Address Translation)设备之后的终端用户提供业务接入问题进行了研究.然后引出并详细介绍基于会话边界控制(Session Border Control)的SIP多媒体网络安全互通的解决方案,具有较高的实用价值.  相似文献   

14.
15.
在分析网络家电现有安全问题的基础上,提出一种新的滑动窗口算法,深入分析算法的工作原理.在与公私钥安全方案对比的基础上,用实验论证此算法作为网络家电安全访问方案的高效性.  相似文献   

16.
周建龙  赵保华  周颢 《计算机工程》2006,32(11):156-158
SOAP协议提供一种新的RPC手段,有助于实现事件通知,在一定范围内能改善CORBA/DCOM技术的不足。文章分析了CORBA/DCOM的局限性,在该基础上提出了一个新的事件通知模型,并结合实例深入分析了如何运用SIP和SOAP构造事件通知系统。  相似文献   

17.
Since 2002, over 10% of total cyber vulnerabilities were SQL injection vulnerabilities (SQLIVs). This paper presents an algorithm of prepared statement replacement for removing SQLIVs by replacing SQL statements with prepared statements. Prepared statements have a static structure, which prevents SQL injection attacks from changing the logical structure of a prepared statement. We created a prepared statement replacement algorithm and a corresponding tool for automated fix generation. We conducted four case studies of open source projects to evaluate the capability of the algorithm and its automation. The empirical results show that prepared statement code correctly replaced 94% of the SQLIVs in these projects.  相似文献   

18.
19.
VoIP作为一种新兴的网络应用技术,同样具有网络上所存在的普遍安全隐患.通过分析VoIP工作原理和安全问题,探讨VoIP安全问题的解决方法.  相似文献   

20.
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号