Balancing security and performance tradeoffs for secure Internet videoconferencing

As the use of videoconferencing technologies swells, network planners must make important decisions to balance performance with security.

For years, experts have predicted that ubiquitous videoconferencing was just ahead. Now, several videoconferencing trends — including improved quality, reduced cost and the economy — have fueled demand. However, university network planners with H.323 and SIP videoconferencing equipment commonly deployed behind firewalls/NATs must balance trade-offs between network security for data and performance of voice and video.

“The primary challenge is in configuring firewalls to allow voice and video traffic in and out of the internal network’s ports, while limiting malicious access of internalnetwork data,” said Prasad Calyam, Ph.D., a senior system developer/engineer at the Ohio Supercomputer Center. “Improper policy decisions and misconfigurations in firewalls could result in vulnerable networks and slow data transfers, as well as voice and video performance problems.” 

Recently, several new standards (e.g., ITU-T H.460.18, H.460.19) and vendor (Polycom, GNU Gatekeeper, Cisco) solutions have emerged. The Ohio Board of Regents directed OSC to extensively evaluate these developments and to identify the limitations and caveats that exist in their deployment in campus and enterprise networks. The study analyzed interoperability, load tolerance and robustness-againstvulnerabilities, as well as the complex signaling-and-multimedia flow architectures that result from heterogeneous systems.

Based on these studies, OSC developed a list of best practices for deploying small- to large-scale secure videoconferencing.

“OSC’s experiment results clearly identify the deployment limitations and tradeoffs involved in balancing security of data and performance of video in today’s networks,” said Kurt Peterson, a regional director at Polycom. “The best-practices for secure videoconferencing proposed by OSC also provide sound advice to network engineers.” 

--

Project leads: Prasad Calyam, Ph.D., & Steve Gordon, Ph.D., OSC

Research title: Balancing security & performance tradeoffs in Internet videoconferencing

Funding source: Ohio Board of Regents