Internet Communications Using SIP : Delivering VoIP and Multimedia Services With Session Initiation Protocol {2Nd Ed.}

(Steven Felgate) #1

While the approach in Figure 2.5 avoids sudden disruptions to the enter-
prise voice services, voice-only users cannot benefit from presence, IM, and
multimedia. The challenge in such mixed environments is to integrate pres-
ence, IM, and multimedia on desktop PCs and on laptops (not shown in the
diagram) with the legacy voice services. SIP-based systems can support this
integration.


SIP Security


The advantages of Internet communications with the world can also have
unfortunately similar security vulnerabilities as found in e-mail and on the
web, unless security is built into SIP implementations right from the beginning.
Spam, or the unsolicited transmission of bulk messages in e-mail, can also
happen for VoIP and IM in various ways as described in reference [27]. There
is, however, an ample solution space to protect from SPAM in SIP.
There is an arsenal available to implement SIP security that includes many
facets, such as the protection of the REGISTER method, denial-of-service
(DOS) prevention, and Transport Level Security (TLS). There is no single secu-
rity mechanism that can address all security threats for SIP, but a minimal
approach has been documented in reference [28].
An interesting debate with regard to SIP security is how much effort should
be put into perimeter security only, such as firewalls, versus security in the
endpoints, or in a mix of the two. This debate is illustrated in new security
approaches that do not depend on the security of the perimeter [29].
Nothing can be more dangerous than the expectation that SIP and commu-
nication security can be purchased in a box, though regrettably, there are many
such products that promote this idea marketed at present. Other common
security pitfalls come from assuming that there is safety in any specific closed
IP network, without considering the wide variety of vulnerabilities from
inside the closed networks or from infected applications that may be imported
in various ways.
Similar to security in general, good SIP security is based on the quality of the
software and on security procedures and practices. Useful directions can be
found in white papers from the security community involved in SIP, such as
reference [30].


SIP Accessibility to Communications


for the Hearing and Speech Disabled


Hearing- and speech-disabled people use text such as Text over IP (ToIP) or IM
and video to communicate with other users or among themselves. The selec-
tion of the media types in SIP enable the automatic insertion of relay services


Internet Communications Enabled by SIP 31
Free download pdf