Cisco Systems OL-12397-13 Call Processing, Validation, Received SIP Response Message, Securefqdn

Page 7

Chapter 2 SIP Subscribers

SIP Registration and Security

Call Processing

The SIP application in the BTS 10200 implements the secure provisioning feature for all incoming SIP messages (requests and responses) from SIP endpoints.

When a SIP request message is received from a SIP endpoint and Auth_Rqed=Y for the serving domain, the request is challenged. When the request is resubmitted with credentials, the AOR of the authenticated SIP endpoint is used to perform the SECURE_FQDN validation, provided a SECURE_FQDN value is provisioned in the AOR2SUB record. If Auth_Reqd=N, the SECURE_FQDN validation is performed without the request being challenged.

Validation

The validation processing for a SIP request, that comes from a SIP endpoint provisioned with this feature, is as follows:

1.The SECURE_FQDN validation occurs on every request (including CANCEL/ACK).

2.The SECURE_FQDN is verified to have a DNS resolution, if it is a domain name. If there is no DNS resolution, a 500 Internal Server Error response is returned.

3.The DNS resolution for the SECURE_FQDN is verified to yield a single IP address Secure-IP1. If the address is incorrect, a 500 Internal Server Error response is returned.

4.The Source IP address of the packet is verified as identical to Secure-IP1. If the address is not identical, a 403 Forbidden response is returned.

5.If the Request is a Register, it is verified to have a single Contact header.

If there is not a single contact header, a 403 Forbidden response is returned.

6.If the SIP request is an initial INVITE (including an INVITE resubmitted with credentials), it is verified that there is an unexpired registered contact for the AOR.

If here is not an unexpired registered contact, a 403 Forbidden response is returned.

7.When a Contact header is present, the Contact FQDN/IP address of the request is verified to yield a single IP address Secure-IP1.

If it does not yield the proper address, a 500 Internal Server Error response is returned.

8.The IP address of the Contact host is verified as identical to the IP address Secure-IP1 of the

SECURE_FQDN.

If the addresses are not identical, a 403 Forbidden response is returned.

9.The provisioning of a static contact on a AOR is not disabled, but any provisioned value is ignored because of the SECURE_FQDN validation rules. A static contact is irrelevant for SECURE_FQDN AORs, since the SIP request is denied if no registered contact exists.

10.The To and From header URLs in a REGISTER are verified to be identical, for SECURE_FQDN subscribers. This is to block third-party registration.

Received SIP Response Message

When a SIP response message is received from a SIP endpoint, the following occurs:

1.The Source IP address of the packet is verified to be identical with the IP address of the Secure-IP1.

If the addresses are not identical, the response is dropped. This has the same result as the non-receipt of that response, such as would happen with a call failure.

Cisco BTS 10200 Softswitch SIP Feature and Provisioning Guide, Release 5.0

 

OL-12397-13

2-7

 

 

 

Image 7
Contents A P T E R SIP SubscribersProvisioning a SIP Subscriber SIP Phone InitializationSIP Registration and Security Description Enhanced SIP RegistrationExample Provisioning CommandsProvision a New SIP Subscriber Enable or Disable Secure Fqdn for an Existing SubscriberCisco BTS 10200 Challenges Registration OperationsRegistration Expires Securefqdn Call ProcessingValidation Received SIP Response MessageValidation of ACK Request Events and AlarmsMeasurements Rules for Sending a SIP Invite Message from the BTSAOR SIP User AuthenticationSIP Subscriber Calls SIP Timer Values for SIP Subscribers Provisioning Session Timers for SIP SubscribersDiversion Indication for SIP Subscribers Acact ACRAcract AcrdeactCfbi CFBCfbva CfbvdCidcw CwdiCidsd CidssDndact DrcwDrcwact DNDOsfg OcbaOcbd OcbiCids Cisco BTS 10200 Softswitch-Based FeaturesSummary CPTCall Forwarding Activation and Deactivation Call ForwardingCalling Name and Number Delivery Detailed Provisioning Procedure and Feature DescriptionCall Forwarding to an E.164 Number or an Extension Number Caller ID Delivery Suppression Customer Access TreatmentDirect Inward Dialing Do Not Disturb Direct Outward DialingUser-Level Privacy Operator Services 0-, 0+, 01+, and 00 CallsVertical Service Code Features Centrex Dialing Plan Extension DialingPlanning VSCs In Networks with SIP Subscribers Supported VSC-Enabled Features for SIP EndpointsMWI Notification Voice MailVM Actions VM DepositRetrieving VM VM Implementation for Centrex SubscribersCalling Back a Message Depositor Add the SIP trunk group VM Within a Single Centrex GroupProvisioning Voice Mail Across Multiple Centrex Groups Text-GUI Features Jointly Provided FeaturesSIP Handset Supported FeaturesAccessing Features Supported HandsetsSIP Software Clients Call Transfer Blind and Attended with ReferCwcid Phone-Based FeaturesDistinctive Ringing Distinctive Ringing for Centrex did CallsSIP Subscribers Phone-Based Features OL-12397-13

OL-12397-13 specifications

Cisco Systems OL-12397-13 refers to a specific training course or certification related to Cisco's networking technologies and solutions. While precise details about OL-12397-13 may vary, it typically encompasses various features, technologies, and characteristics central to Cisco's offerings in networking and cybersecurity.

One main feature of the course is its comprehensive curriculum designed to provide learners with in-depth knowledge of Cisco’s networking architecture and best practices. The course often covers topics such as routing and switching, network security, wireless networking, and automation, enabling participants to understand the complex interactions within a network environment.

Another significant inclusion in the OL-12397-13 curriculum is an emphasis on emerging technologies. This may include training on software-defined networking (SDN), Internet of Things (IoT) solutions, and cloud-based networking. By integrating these modern frameworks, participants can grasp how to manage and optimize their network infrastructures for current and future demands.

A key characteristic of Cisco certification courses is the hands-on training component. Classes may involve lab sessions where students can apply theoretical knowledge practically by configuring devices, troubleshooting network issues, and implementing security protocols. This experiential learning ensures that learners are prepared to face real-world networking challenges.

The course also aims to instill best practices in network management and monitoring. Concepts such as network design, implementation strategies, and the use of network management tools are pivotal to ensuring efficient and secure operations within an organization.

Moreover, the emphasis on security throughout the OL-12397-13 course reflects the growing need for robust cybersecurity measures in networking. Participants are taught how to identify vulnerabilities, implement security measures, and respond to potential threats, which is crucial in today’s digital landscape.

Networking professionals pursuing Cisco certifications find OL-12397-13 to be instrumental in developing their skill sets, enhancing their career prospects, and enabling them to contribute effectively to their organizations. Overall, OL-12397-13 serves as a gateway for individuals looking to solidify their understanding of Cisco's technologies while preparing for future advancements in the field of networking. With a focus on both foundational knowledge and cutting-edge trends, it positions learners to excel in a rapidly evolving tech landscape.