Implementation of Security for a Video-conferencing System Management Module

Video conferencing services are dependent on many other underlying devices, network servicesand infrastructure and TCP/IP services before they can provide seamless, reliable and good qualityvideo meeting services to end users. Providing fully automated video conferencing services atSkiptrip AB requi...

Full description

Bibliographic Details
Main Author: Neshat, Reza
Format: Others
Language:English
Published: KTH, Kommunikationsnät 2015
Online Access:http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-160270
id ndltd-UPSALLA1-oai-DiVA.org-kth-160270
record_format oai_dc
spelling ndltd-UPSALLA1-oai-DiVA.org-kth-1602702015-03-04T04:55:05ZImplementation of Security for a Video-conferencing System Management ModuleengNeshat, RezaKTH, Kommunikationsnät2015Video conferencing services are dependent on many other underlying devices, network servicesand infrastructure and TCP/IP services before they can provide seamless, reliable and good qualityvideo meeting services to end users. Providing fully automated video conferencing services atSkiptrip AB requires engagement of even more variant and complex set of TCP/IP services anddevices that has made its network a heterogeneous one consisting of hundreds of modern andlegacy systems along with the high definition and bandwidth sensitive video conferencingsystems. In this thesis the process of designing and implementing a secure network module forseparating and transferring non-production (management) network traffic flow of all networkequipment via establishing and fine-tuning virtual IP-sec tunnels among edge routers or firewallsof each video station in this enterprise-scale network has been conducted in order to make surethat the network traffic flow belonging to the management module is treated separately andsecurely thanks to the encryption mechanisms of IPsec protocol on the header and payload of IPpackets.After getting inspired by studying some well-known network design and architecturemethodologies and industry best practices like Cisco SAFE, characterizing the existing network isdone in the early stages of this thesis with a focus on security measures such as the utilization ofAccess Control Lists on different router interfaces which were utilized to provide perimeternetwork security to some extent. Afterwards, a new network design is proposed where themanagement flow is separated from the production traffic flow and is transferred through thesecure IPsec tunnels in a semi-mesh topology which form a virtual network module for themanagement traffic of the whole internetwork. The new network module is then given a new IPaddressing scheme based on the private range of IPv4 addresses and, after relevant discussions, acertain way of implementation of static routing in combination with classless interdomain routingand variable length subnetmasking is introduced to provide, implemented and tested in order toprovide route-redundancy in IP connectivity level of management network module in a similar-todynamicrouting protocol manner.Innate sensitivity of high definition video conferencing protocols like H.323 and SIP to quality ofthe underlying network infrastructure which is usually defined in terms of packet loss and jitter aswell as the bandwidth limitation of costly Internet links in each video station and theheterogeneity of the internetwork were amongst the main technical challenges of this thesis andshaped the outcome of proposed design and also the evaluation mechanisms which are done atthe end of this project. Student thesisinfo:eu-repo/semantics/bachelorThesistexthttp://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-160270EES Examensarbete / Master Thesis ; XR-EE-LCN 2014:011application/pdfinfo:eu-repo/semantics/openAccess
collection NDLTD
language English
format Others
sources NDLTD
description Video conferencing services are dependent on many other underlying devices, network servicesand infrastructure and TCP/IP services before they can provide seamless, reliable and good qualityvideo meeting services to end users. Providing fully automated video conferencing services atSkiptrip AB requires engagement of even more variant and complex set of TCP/IP services anddevices that has made its network a heterogeneous one consisting of hundreds of modern andlegacy systems along with the high definition and bandwidth sensitive video conferencingsystems. In this thesis the process of designing and implementing a secure network module forseparating and transferring non-production (management) network traffic flow of all networkequipment via establishing and fine-tuning virtual IP-sec tunnels among edge routers or firewallsof each video station in this enterprise-scale network has been conducted in order to make surethat the network traffic flow belonging to the management module is treated separately andsecurely thanks to the encryption mechanisms of IPsec protocol on the header and payload of IPpackets.After getting inspired by studying some well-known network design and architecturemethodologies and industry best practices like Cisco SAFE, characterizing the existing network isdone in the early stages of this thesis with a focus on security measures such as the utilization ofAccess Control Lists on different router interfaces which were utilized to provide perimeternetwork security to some extent. Afterwards, a new network design is proposed where themanagement flow is separated from the production traffic flow and is transferred through thesecure IPsec tunnels in a semi-mesh topology which form a virtual network module for themanagement traffic of the whole internetwork. The new network module is then given a new IPaddressing scheme based on the private range of IPv4 addresses and, after relevant discussions, acertain way of implementation of static routing in combination with classless interdomain routingand variable length subnetmasking is introduced to provide, implemented and tested in order toprovide route-redundancy in IP connectivity level of management network module in a similar-todynamicrouting protocol manner.Innate sensitivity of high definition video conferencing protocols like H.323 and SIP to quality ofthe underlying network infrastructure which is usually defined in terms of packet loss and jitter aswell as the bandwidth limitation of costly Internet links in each video station and theheterogeneity of the internetwork were amongst the main technical challenges of this thesis andshaped the outcome of proposed design and also the evaluation mechanisms which are done atthe end of this project.
author Neshat, Reza
spellingShingle Neshat, Reza
Implementation of Security for a Video-conferencing System Management Module
author_facet Neshat, Reza
author_sort Neshat, Reza
title Implementation of Security for a Video-conferencing System Management Module
title_short Implementation of Security for a Video-conferencing System Management Module
title_full Implementation of Security for a Video-conferencing System Management Module
title_fullStr Implementation of Security for a Video-conferencing System Management Module
title_full_unstemmed Implementation of Security for a Video-conferencing System Management Module
title_sort implementation of security for a video-conferencing system management module
publisher KTH, Kommunikationsnät
publishDate 2015
url http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-160270
work_keys_str_mv AT neshatreza implementationofsecurityforavideoconferencingsystemmanagementmodule
_version_ 1716731463159775232