Data Security | AudioControl VERSION 6.2 specification

CPE SIP Products

2.4.3Data Security

The device supports the following new data security features:

1.Zero Configuration Firewall wizard with three security levels:

•Minimum (Inbound and Outbound policies set to ‘Accept’)

•Typical (Inbound policy set to ‘Reject’; Outbound Policy to ‘Accept’)

•Maximum (only selected applications are allowed in Outbound policy)

2.Access Control for pinpoint security policy.

3.Extensive list of ALG-modules combined with SPI for error-free configuration and maximum security.

4.Port-forwarding and DMZ support for local applications and hosts.

5.Website Restriction allows static URL-based blocking of public/extranet websites.

6.Advanced Filtering allows full control on Inbound/Outbound Rules per interface/device.

7.Site-to-Site VPN:

•Supports two IPSec use-cases:

♦Site-to-Site (Gateway-to-Gateway) VPN

♦Teleworker (User-to-Gateway) VPN

•Fully compliant with IPSec RFCs:

♦RFC 2401 - Security Architecture for IP

♦RFC 2402 - IP Authentication Header

♦RFC 2406 – ESP

♦RFC 2403 and RFC 2404 for Authentication

8.PPTP/L2TP Client-Server VPN:

•Supports two VPN use-cases:

♦Server support for remote Teleworker VPN access

♦Client-to-Gateway support with PPTP/L2TP

•Point-to-Point Tunneling Protocol - RFC 2637

•Layer Two Tunneling Protocol - RFC 2661 (with L2TP/IPSec)

•Support all WiN OS versions as well as Linux

9.DoS and IDS/IPS:

•Denial of Service (DoS) protection: TCP RST, Ping Flood, ICMP Echo storm, UDP snork attack, ICMP Smurf, UDP fraggle and more

•IP spoofing attacks: FTP bounce, Broadcast/multicast source IP attack

•Intrusion and scanning attacks:

♦IP source route, ICMP Echo reply without request, ICMP Ping sweep, TCP Stealth

♦Scan (FIN, XMAS, NULL), UDP port, FTP passive attack, loopback/Echo chargen, Block security hazard ICMP messages

•IP fragment overlap, Ping of Death, Fragmentation attacks and more

SIP Release Notes

132

Document #: LTRT-26901

Image 132

AudioControl VERSION 6.2 manual Data Security

Contents

SIP CPE Release Notes Page Table of Contents 115 List of Tables Reader’s Notes Trademarks Weee EU DirectiveCustomer Support Abbreviations and Terminology Related Documentation Document Name Whats New in Release Supported Hardware Platforms New Hardware Platforms Power Available Mediant 800 Msbg ModelsT1/E1 Model Existing Hardware Platforms Mediant 800 Msbg Mediant 1000 Msbg Module Hardware Revision Compatibility List Item No Description Revision Hardware Platforms Not Supported SIP New Features SIP General New FeaturesMaximum SIP Message Size Time Limit for Receipt of SIP Messages SDP Offer/Answer Negotiation upon Modified Session SIP Secure Connection Vulnerability Securing memory resourcesCPU SIP Vulnerabilities Transcoding Mode for SBC and IP-to-IP Applications Proxy Redundancy Mode per Proxy Set SIP Authorization Header in Initial Registration Request Crlf Keep-Alive Mode SIP Route Header in Initial Registration Request Increase in SIP Configuration Tables Increase in SIP Media Realm Table Increased Characters for Request-URI Host Name per IP Group Destination SRD in Tel-to-IP Routing Table CPE SIP Products SIP Gateway New Features Microsoft’s Wideband Real-Time RTAudio Codec SupportTransparent Codec Packetization Time Adapting Comfort Noise to Remote Party Hotline Duration per Port for Automatic Dialing Channel Select Mode for Ringing Hunt Group Distinctive Ringing per FXS Based on Destination Number Increase in Characters for Endpoint Phone Number Flash-Hook with Digit Sequence On-Board, Three-Way Conferencing High Definition Three-Way Conferencing SIP Proprietary Header for Call QoS Statistics Gruu Support According to RFC RTP-Stat PS=207OS=49680PR=314OR=50240PL=0JI=600LA=40 Sending/Receiving IP Calls to/from Trusted IP Addresses Trunk Re-Registration upon Return to Service Maximum Simultaneous TLS Connections Enhanced IP-to-Tel Number Manipulation Rtcp XR Voice Quality Monitoring 20. T.38 SDP T38MaxBitRate Negotiation New Range and Defaults for T.38 Fax Maximum Buffer Size New Range and Defaults for T.38 Fax Maximum Datagram Size Fax Transmission behind NAT Euro-ISDN Message Waiting Indication MWI for IP-to-Tel Calls Channel Off-Hook Cut-Through Sending and Receiving RTP Packets without SIP Messages Pre-emption of IP-to-Tel E911 Emergency Calls Combined Support for Digit Map and External Dial Plan File Multi-AMD Sensitivity Table Answer Machine Detector AMD per Call Additional Vxml Script Attributes for Invoking Vxml Scripts Activating Vxml Script on Receipt of Regular Invite Enhanced Isdn BRI Support Registration Status Display for BRI Endpoints BRI Call Forwarding Supplementary Service BRI Suspend-Resume Supplementary Service Attended Call Transfer for BRI Interfaces MWI for BRI Interfaces Keypad Protocol for Dtmf Digits According to ETS 300 Interworking Date/Time between SIP and Euro-ISDN Interworking Isdn Offhook IE to SIP Invite SIP Release Notes Whats New in Release Manipulation of Redirect Reason for Tel-to IP Calls UC Namespace for Mlpp Calls Response to SIP Options only if Trunk Group 1 is Available Isdn Facility IE Trace SIP SAS New Features Blocking Incoming Calls from Unregistered SAS UsersMaximum Registered SAS Users SAS Normal Mode Routing Enhancement SAS Manipulation on Invite Requests Session Border Controller New Features SBC Support by MediantMaximum Registered SBC Users SBC Registration Timers IP Alert Timeout to SBC Outgoing Invite Message Max-Forwards SIP Header Size SIP-Dialog Rate Control Mediation without Transcoding Interworking SIP Diversion and History-Info HeadersParameter Value History-Info History-Info History-Info added New IP Group Type Gateway Minimum Session Expires SIP Min-SE Header Multiple RTP Media Streams per Call Session General SBC Configuration Enghancements Media New Features Media Packet Forwarding34 Fax Relay over T.38 Version 722 Codec Support Wideband AMR Codec Support Pstn New Features Implicit Mode for Explicit Call Transfer ECTE1/T1 Pstn Interface T310 Timer Configuration for Isdn Variant NI2 Removing Validation Check of Uuie Data Networking New Features Aria Encryption Algorithm for TLSVoIP Firewall VoIP Firewall per Network Interface LAN Port Monitoring Default Gateway per IP Interface Static Routing Table Enhancements Increase in Maximum Call Control/Media Interfaces Remote Garp Detection of Media Streams VoIP Internet Protocol Version 6 IPv6 Support Data-Router New Features Dual WAN over T1 Interface PortsBER Test for T1 WAN Interface WAN Ethernet Port Settings Speed and Duplex Mode Local-line Loopback on T1 WAN InterfaceIPSec Crypto CLI Ethernet in the First Mile EFM for Shdsl WAN Interface Virtual Routing and Forwarding VRF Lite Security New Features Aria Encryption Algorithm for Srtp Infrastructure New Features Enhanced Syslog Message Management using Facility LevelsPower over Ethernet PoE Port Status Management and Provisioning New Features Web New FeaturesNew Web Navigation Tree Management Web Pages Re-design Reorganization of SIP Menus in Web Navigation Tree Home Page Display of Device State Snmp New Features Ini File Configuration through SnmpEngine ID Configuration CLI New Features Main CLI Configuration ModesCLI show Command SSH New Features Maximum SSH Login AttemptsRSA-2048 Public-Key Encryption for SSH SSH Last Login Maximum Simultaneous SSH Sessions Utilities New Features Running DConvert from Command Line New Parameters SIP New Parameters Parameter Description Static NAT Table NATTranslation EmptyAuthorizationHead New SIP Gateway Parameters for Release DescriptionInitialRouteHeader TrunkStatusReportingMo Parameter Description EnableSDPVersionNegoti AtionFacilityTrace PerformAdditionalIP2TEL RTP-Only Mode Parameter DescriptionQoSStatistics RTPOnlyMode RTPOnlyModeForTrunkI AMD ParametersAMDSensitivityParameter Suit VQMonEnable VQMonDelayTHRPingPongKeepAliveTime Rtcp XR Parameters DisableRTCPRandomize VQMonEOCRValTHRRTCPInterval RTCPXRESCTransportTy CutThroughTimeForReOr DerToneNew SIP SAS Parameter for Release Description SASBlockUnRegUsers SBC New Parameters Parameter Description SBC Registration Timers SBCUserRegistrationTimeSBCProxyRegistrationTime SBCSurvivabilityRegistrationTime Media New Parameters SIPT38Version Tel2IPDefaultRedirectReason Pstn New ParametersSuppServCodeCFU SuppServCodeCFUDeact SuppServCodeCFB SuppServCodeCFBDeactSuppServCodeCFNR SuppServCodeCFNRDeact Caller ID settings Networking New Parameters Parameter Description StaticRouteTable SyslogFacility Management and Provisioning New Parameters Modified Parameters SIP Parameters Modifications ProxySet SecureCallsFromIP Prefix 12 Modified SIP Gateway Parameters for Release DescriptionTargetOfChannel ToneIndex TrunkGroupSettings Modifications IPProfile CallPriorityMode FlashKeysSequenceStyle 3WayConferenceMode T38FaxMaxBufferSize T38MaxDatagramSizeSRTPofferedSuites MLPPDefaultNamespace VoiceMailInterfaceDtmf Qsig SIP Release Notes 110 Document # LTRT-26901 13 Modified SIP SAS Parameters for Release Description SASSurvivabilityMode SBC Parameters 14 Modified SBC Parameter for Release DescriptionIPGroup User AccessList Networking Parameters15 Modified Networking Parameter for Release Obsolete Parameters SIP Gateway Features Supported SIP Features Supported Ietf RFC’s RFC Number RFC Title RFC RFC Number RFC Title RFC 4497 orISO/IEC RFC ECMA-355, ISO/IEC SIP Compliance Tables Supported SIP FunctionsSupported SIP Methods Comments SIP Headers Supported SIP Headers Header Field Header Field Supported SDP Headers Supported SDP Headers SDP Header Element Supported 1xx SIP Responses 1xx Response Comments Supported 2xx SIP Responses 2xx Response CommentsSupported 3xx SIP Responses 3xx Response Comments 2.5.4 4xx Response Client Failure Responses Supported 4xx SIP Responses 4xx Response Comments 4xx Response Supported Comments 10 Supported 5xx SIP Responses 5xx Response Comments 11 Supported 6xx SIP Responses 6xx Response Comments Supported PSTN-SIP Interworking Features SIP Release Notes 128 Document # LTRT-26901 Supported IP Media Features Supported Data-Router Features LAN SwitchingRouting Mediant 800 Msbg RED Data Security Supported RFCs IP/RoutingQoS IPSec DSP Firmware Templates Voice Codecs MediaPack Mediant 600 and Mediant Settings 128-ms Features711 a Yes Mu-law 726 Yes Assembly Slot Number Number of Channels Default Settings Voice Coder 711 A/Mu-lawILBC Transparent Mediant 800 Msbg Mediant 1000 Msbg Settings With 128-ms Features With IPMWith IPM Voice Coder 711 A/Mu Yes Law PCM 19 DSP Firmware Templates for Mediant 1000 Msbg MPM Module Mediant With 128 ms ECWith IPM Detectors Voice Coder Transparent DSP Template Supplementary Capabilities Number of Channels Voice CodersVersion SIP Release Notes 144 Document # LTRT-26901 960/924 768/780AMR ILBC 864/936 SIP Release Notes 146 Document # LTRT-26901 Known Constraints SIP Constraints Message Publish Subscribe Notify Media Constraints SIP Release Notes 150 Document # LTRT-26901 Version 151 December SIP Release Notes 152 Document # LTRT-26901 Pstn Constraints Rtcp XR is not supported 1 DS3 Constraints SDH Constraints 3 SS7 Constraints Version 157 December IP Media Constraints Version 159 December Networking Constraints Security Constraints High Availability Constraints Version 163 December Infrastructure Constraints Version 165 December Management Constraints Web Constraints Version 167 December SIP Release Notes 168 Document # LTRT-26901 Version 169 December SIP Release Notes 170 Document # LTRT-26901 Snmp Constraints SIP Release Notes 172 Document # LTRT-26901 Version 173 December CLI Constraints Resolved Constraints SIP Resolved Constraints Web Resolved Constraints Version 177 December Release Notes Ver