For this scenario to work, the UA behind the firewall must have the ALG or
firewall proxy set as the default outbound proxy for all outgoing requests.
The disadvantage of using ALGs is that they break the end-to-end nature of
SIP. As a result, many of the security mechanisms described in Chapter 9, “SIP
Security,” are broken by ALGs. For example, An ALG which is not on the SIP
signaling path will be bypassed by a UA using TLS transport. If S/MIME is
used to secure a message body, an ALG will not be able to parse and modify
the body. If the SIPIdentityheader field is used, an ALG may modify fields,
causing the signature to become invalid. For these reasons, the use of ICE,
STUN, and TURN is preferred over ALGs.
The ALG may also introduce longer media paths, similar to TURN. The ALG
acts as a “media relay” and introduces delay for speech in both directions, thus
reducing the quality of the conversation.
Privacy Considerations
Some aspects of privacy have been previously discussed in this chapter. How-
ever, these privacy aspects relate only to eavesdropping of a third party.
Another issue is caller privacy. In the PSTN today, it is possible to block one’s
calling party number from being displayed to the called party. It is also possi-
ble to place a phone call anonymously by using a pay phone in which only the
location (but not the identity) of the caller can be determined. In establishing a
SIP session, the two parties must exchange significant information that might
be considered private, including IP addresses, which can be traced to a partic-
ular subnet location or have a reverse DNS lookup performed to resolve the
address back to a domain name.
In a session established directly between two UAs, there is no alternative to
this information exchange. However, SIP network elements have been
designed using a back-to-back UA (B2BUA) to implement an “anonymizer”
service in which a caller’s IP address, URL, or other identifying information
can be blocked from the called party. In this application, there are actually two
completely separate sessions established, with the B2BUA proxying signaling
and media information from one call to the other. As a result, each party sends
SIP and RTP packets to the B2BUA and not to each other. Once the call is com-
pleted, the anonymizer service can erase any logs, flush all states, and the
resulting call is essentially untraceable.
The P-Asserted-Identityheader field [11] can be used to assert identity
within a trust.
NAT and Firewall Traversal 183