Ask the Expert

Are there any inherent security problems with UDP?

Are there any inherent security problems with UDP? If so, how can you resolve them?

    Requires Free Membership to View

When it comes to UDP and security, it all depends on the UDP service that is running on a port and how secure the service is. The service could be vulnerable to hacking if the service has an exploit or a bug in it that allows remote access, overflow, etc. Securing UDP communication represents a number of special challenges beyond those of TCP communication, in that streaming protocols require additional communication ports. Most firewalls cannot efficiently manage and maintain network security with UDP traffic.

The implementation of most common e-conferencing solutions require the use of dynamic ports for User Datagram Protocol (UDP)-based audio and video streaming and Transmission Control Protocol (TCP)-based call control. Firewalls implemented as perimeter protection typically block UDP, the transport mechanism for multicast packets. Because of the connectionless nature of UDP, it is almost impossible to define a reasonable firewall policy that allows some UDP communications and blocks others. Many of the protocols that are implemented over UDP are easily exploitable.

Since, typical packet filtering firewalls don't support dynamic port filtering, it's always a good idea to use application-specific proxies that enable secure UDP streaming. Though some vendors are marketing H.323 firewall solutions, they are not sufficient for many environments. The other solution is to use Firewall Tunneling whereby the conferencing sever is placed behind the firewalls at both corporate and remote locations and relies on tunneling for access into network.

This was first published in August 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: