At the North American Network Operators Group (NANOG) (www.nanog.org) meeting in St. Louis, Missouri, a joint collaboration to secure SIP in a scalable fashion was unveiled.

Representatives from the computer science department at Columbia University , Verizon Labs, and Cloudshield were on hand to present how a large-scale SIP-aware application layer firewall (ALG) combine with Denial-of-Service (DoS) detection and mitigation can provide robust protection of SIP-based VoIP infrastructures. The SIP ALG uses a rule-based approach for rate limiting the signal channel traffic and the DoS filtering function discriminates legitimate traffic from attack traffic by enforcing threshold and authentication policies. The firewall device was found to exceed testing capacity with SIP traffic filtering managing call volumes exceeding 30,000 concurrent calls and SIP signal processing of up to 300 calls per second.

The group has concluded that scalable, affordable SIP protection solutions are possible with commercial available hardware platforms and appropriately designed applications software. An Adobe PDF file of the NANGO presentation can be found at http://www.nanog.org/mtg-0610/presenter-pdfs/schulzrinne.pdf.

Doug Mohney is Editor-in-Chief of VON Magazine.