User`s manual
Table Of Contents
- Mediant 2000 & TP-1610 & TP-260/UNI SIP User’s Manual Version 5.0
- Table of Contents
- List of Figures
- List of Tables
- Notices
- 1. Overview
- 2. Physical Description
- 3. Installation
- 4. Getting Started
- 5. Web Management
- Computer Requirements
- Protection and Security Mechanisms
- Accessing the Embedded Web Server
- Getting Acquainted with the Web Interface
- Protocol Management
- Advanced Configuration
- Status & Diagnostic
- Software Update Menu
- Maintenance
- Logging Off the Embedded Web Server
- 6. Gateway's ini File Configuration
- Secured ini File
- Modifying an ini File
- The ini File Content
- The ini File Structure
- The ini File Example
- Networking Parameters
- System Parameters
- Web and Telnet Parameters
- Security Parameters
- RADIUS Parameters
- SNMP Parameters
- SIP Configuration Parameters
- Voice Mail Parameters
- ISDN and CAS Interworking-Related Parameters
- Number Manipulation and Routing Parameters
- E1/T1 Configuration Parameters
- Channel Parameters
- Configuration Files Parameters
- 7. Using BootP / DHCP
- 8. Telephony Capabilities
- Working with Supplementary Services
- Configuring the DTMF Transport Types
- Fax & Modem Transport Modes
- Event Notification using X-Detect Header
- ThroughPacket™
- Dynamic Jitter Buffer Operation
- Configuring the Gateway’s Alternative Routing (based on Conn
- Call Detail Report
- Supported RADIUS Attributes
- Trunk to Trunk Routing Example
- Proxy or Registrar Registration Example
- SIP Call Flow Example
- SIP Authentication Example
- 9. Networking Capabilities
- 10. Advanced PSTN Configuration
- 11. Advanced System Capabilities
- 12. Special Applications
- 13. Security
- 14. Diagnostics
- 15. SNMP-Based Management
- SNMP Standards and Objects
- Carrier Grade Alarm System
- Cold Start Trap
- Third-Party Performance Monitoring Measurements
- TrunkPack-VoP Series Supported MIBs
- Traps
- SNMP Interface Details
- SNMP Manager Backward Compatibility
- Dual Module Interface
- SNMP NAT Traversal
- SNMP Administrative State Control
- AudioCodes’ Element Management System
- 16. Configuration Files
- Appendix A. Selected Technical Specifications
- Appendix B. Supplied SIP Software Kit
- Appendix C. SIP Compliance Tables
- Appendix D. The BootP/TFTP Configuration Utility
- Appendix E. RTP/RTCP Payload Types and Port Allocation
- Appendix F. RTP Control Protocol Extended Reports (RTCP-XR)
- Appendix G. Accessory Programs and Tools
- Appendix H. Release Reason Mapping
- Appendix I. SNMP Traps
- Appendix J. Installation and Configuration of Apache HTTP Server
- Appendix K. Regulatory Information
SIP User's Manual 13. Security
Version 5.0 281 October 2006
13 Security
This section describes the security mechanisms and protocols implemented on the
gateway. The following list specifies the available security protocols and their objectives:
IPSec and IKE protocols are part of the IETF standards for establishing a secured IP
connection between two applications. IPSec and IKE are used in conjunction to
provide security for control and management protocols but not for media (refer to
Section 13.1 below).
SSL (Secure Socket Layer) / TLS (Transport Layer Security) – The SSL / TLS
protocols are used to provide privacy and data integrity between two communicating
applications over TCP/IP. They are used to secure the following applications: SIP
Signaling (SIPS), Web access (HTTPS) and Telnet access (refer to Section 13.2 on
page 290).
Secured RTP (SRTP) according to RFC 3711, used to encrypt RTP and RTCP
transport (refer to Section 13.3 on page 294).
RADIUS (Remote Authentication Dial-In User Service) - RADIUS server is used to
enable multiple-user management on a centralized platform (refer to Section 13.4
page 295.
Internal Firewall allows filtering unwanted inbound traffic (refer to Section 13.5 on
page 298).
13.1 IPSec and IKE
IPSec and IKE protocols are part of the IETF standards for establishing a secured IP
connection between two applications (also referred to as peers). Providing security
services at the IP layer, IPSec and IKE are transparent to IP applications.
IPSec and IKE are used in conjunction to provide security for control and management
(e.g., SNMP and Web) protocols but not for media (i.e., RTP, RTCP and T.38).
IPSec is responsible for securing the IP traffic. This is accomplished by using the
Encapsulation Security Payload (ESP) protocol to encrypt the IP payload (illustrated in
Figure
13-1 below). The IKE protocol is responsible for obtaining the IPSec encryption keys
and encryption profile (known as IPSec Security Association (SA)).
Figure 13-1: IPSec Encryption
Note: IPSec doesn’t function properly if the gateway’s IP address is changed on-
the-fly due to the fact that the crypto hardware can only be configured on
reset. Therefore, reset the gateway after you change its IP address.