Date Added: Jul 2009
SIP-based networks are becoming the de-facto standard for voice, video and instant messaging services. Being exposed to many threats while playing an major role in the operation of essential services, the need for dedicated security management approaches is rapidly increasing. This paper presents an original security management approach based on a specific vulnerability aware SIP stateful firewall. Through known attack descriptions, the paper illustrates the power of the configuration language of the firewall which uses the capability to specify stateful objects that track data from multiple SIP elements within their lifetime. The paper demonstrates through measurements on a real implementation of the firewall its efficiency and performance.