Nortel Networks NN10035-111 Napt function, RTP Media Portal component level security functions

Page 44

44 Security and Administration

Nortel Networks Confidential

 

 

refer to Table 2, “RTP Media Portal tab configurable properties” on page 33.

As multimedia sessions are initiated, a port is chosen from the port pool associated with the selected blade. When a multimedia session completes, their associated ports are deallocated from the pool and new replacement ports are allocated to the pool. The deallocation of used ports and allocation of replacement ports provides randomization in the port pools for the blades.

NAPT function

In order to obscure the private network topology, the RTP Media Portal uses the NAPT functionality to secure the multimedia sessions so that there is no leakage of topology information.

This is achieved by maintaining a list of media ports (NAPT table) which are being used within active multimedia sessions. Only packets which arrive on these active ports are processed. Packets which arrive on non-active ports are rejected and logged as potential problems.

RTP Media Portal component level security functions

The RTP Media Portal component also contributes to system security by opening and closing media ports only in response to requests from the SIP Application Module (which has pre-authenticated such requests) and by rejecting any unauthorized packets on an active connection.

Authenticated requests

All requests to manipulate the media resources on the RTP Media Portal originate from the SIP Application Module. The SIP Application Module ensures that all requests are made by, or made to, a valid service subscriber. In this way, the SIP Application Module effectively authenticates all requests.

In addition, the portion of the RTP Media Portal which processes these requests to manipulate the media resources resides safely within the private network.

Packet filter/firewall

As packets are received from the public network, the RTP Media Portal analyzes each packet to ensure the following:

the data format is RTP/RTCP/UDP (as indicated by the session description). All other packet types are discarded and logged as problems.

the source/destination addresses match the expected source/destination addresses indicated in the session description.

NN10035-111 Standard MCP 1.1 FP1 (02.02) April 2003

Copyright © 2003, Nortel Networks

Image 44
Contents MCP RTP Media Portal Page Functional description OverviewHow this chapter is organized Network Component Interoperability Hardware DescriptionCard slots for the two different domains Motorola chassis CPX8216T Interfaces Protocols Software update maintenance loadsOAM&P strategy RTP Media Portal interfaces Network Interfaces Signaling and OAM interface CPV5370 Host CPU MCPN765 Media stream interface User interfaces Page OAM&P strategy UpgradesRTP Media Portal software upgrade Task flows Shutdown the RTP Media Portal componentUpdate a software load Updating the RTP Media Portal from the menu treeUpdating the RTP Media Portal from the pull-down menu Load list for updating Successful update dialog box Fault tolerance Fault managementNetwork fault management strategy Fault management procedures Alarm surveillance Example of viewing alarm information Clearing an alarm RTP Media Portal Alarms Clearing the RTP101 Alarm Blade out of serviceClearing the RTP105 Alarm Private Port Usage LogsPage Configuration management Configuration proceduresNetwork strategy Adding the RTP Media Portal componentSoftware load list Add successful dialog box Configuration tabs and properties Configuration management Nortel Networks Confidential RTP Media Portal tab 1 RTP Media Portal tab 2 RTP Media Portal tab 3 RTP Media Portal tab 4 Nortel Networks Confidential Configuration management RTP Media Portal tab configurable properties Default gateways are for the cards, not for the host Default gatewaysAre for the cards Not for the hostRTP Media Portal tab configurable properties RTP Media Portal tab configurable properties RTP Media Portal tab configurable properties Accounting management StrategyPage Performance management Page Security and Administration Security strategy overviewNetwork level security functions Blade IP address randomizationAuthenticated requests Napt functionRTP Media Portal component level security functions Packet filter/firewallUser administration Page Page MCP RTP Media Portal