44 Security and Administration | Nortel Networks Confidential |
|
|
refer to Table 2, “RTP Media Portal tab configurable properties” on page 33.
As multimedia sessions are initiated, a port is chosen from the port pool associated with the selected blade. When a multimedia session completes, their associated ports are deallocated from the pool and new replacement ports are allocated to the pool. The deallocation of used ports and allocation of replacement ports provides randomization in the port pools for the blades.
NAPT function
In order to obscure the private network topology, the RTP Media Portal uses the NAPT functionality to secure the multimedia sessions so that there is no leakage of topology information.
This is achieved by maintaining a list of media ports (NAPT table) which are being used within active multimedia sessions. Only packets which arrive on these active ports are processed. Packets which arrive on
RTP Media Portal component level security functions
The RTP Media Portal component also contributes to system security by opening and closing media ports only in response to requests from the SIP Application Module (which has
Authenticated requests
All requests to manipulate the media resources on the RTP Media Portal originate from the SIP Application Module. The SIP Application Module ensures that all requests are made by, or made to, a valid service subscriber. In this way, the SIP Application Module effectively authenticates all requests.
In addition, the portion of the RTP Media Portal which processes these requests to manipulate the media resources resides safely within the private network.
Packet filter/firewall
As packets are received from the public network, the RTP Media Portal analyzes each packet to ensure the following:
•the data format is RTP/RTCP/UDP (as indicated by the session description). All other packet types are discarded and logged as problems.
•the source/destination addresses match the expected source/destination addresses indicated in the session description.
Copyright © 2003, Nortel Networks |