Specifications

ManualsBrandsSiemens ManualsTelephoneHIPATH 8000

161

162

163

164

165

166

167

168

169

170

security_features.fm

A31003-H8022-F100-2-7618, October 2006

HiPath 8000 V2.2, Feature Description Guide

14-11

Security Features

Secure Storage of CDR Password

Secure Shell is also present in the CLI. Refer to Section 14.13, “Secure CLI”, on page 14-10.

14.15 Secure Storage of CDR Password

Passwords for the HiPath 8000 CLI login are stored encrypted within the Linux OS. Application-

level passwords for transferring CDRs from the HiPath 8000 to the billing mediation server are

stored via two-way encryption within the HiPath 8000 database.

14.16 SIP Privacy Mechanism

14.16.1 Definition

The privacy mechanism for SIP feature provides the following SIP privacy capabilities

according to IETF RFC 3323,

A Privacy Mechanism for SIP:

● Guidelines for the creation of messages that do not divulge personal identity information

● A

privacy service

logical role for intermediaries to handle some privacy requirements that

user agents cannot satisfy themselves

● Means by which a user can request particular functions from a privacy service

This feature uses digest authentication to permit a user to hide identity and related personal

information when issuing requests. Correspondingly, intermediaries and designated recipients

of requests can reject requests whose originator cannot be identified.

14.16.2 Functional Operation

In SIP, identity is most commonly carried in the form of a SIP URI and an optional display-name.

A SIP Address of Record (AoR) has a form similar to an E-mail address with a SIP URI scheme

(for example, sip:alice@atlanta.com). A display-name is a string that contains a name for the

identified user (for example, "Alice"). SIP identities of this form commonly appear in the To and

From header fields of SIP requests and responses. Users can have many identities that they

use in different contexts.

There are numerous other places in SIP messages in which identity-related information can be

revealed. For example, the Contact header field contains a SIP URI, one that is commonly as

revealing as the address-of-record in the From. In some headers, the originating user agent can

conceal identity information as a matter of local policy without affecting the operation of the SIP

protocol. However, certain headers are used in the routing of subsequent messages in a dialog,

and must therefore be populated with functional data.

The privacy problem is further complicated by proxy servers (also known as

intermediaries

or,

generically,

the network

) that add headers of their own, such as the Record-Route and Via

headers. Information in these headers might inadvertently reveal something about the