Manuals / Nortel Networks / Computer Equipment / Projector

Nortel Networks NN10035-111 Napt function, RTP Media Portal component level security functions

Models: MCP 1.1 FP1(02.02) NN10035-111

1 48
Download 48 pages 27.15 Kb
Page 44
Image 44

44 Security and Administration

Nortel Networks Confidential

 

 

refer to Table 2, “RTP Media Portal tab configurable properties” on page 33.

As multimedia sessions are initiated, a port is chosen from the port pool associated with the selected blade. When a multimedia session completes, their associated ports are deallocated from the pool and new replacement ports are allocated to the pool. The deallocation of used ports and allocation of replacement ports provides randomization in the port pools for the blades.

NAPT function

In order to obscure the private network topology, the RTP Media Portal uses the NAPT functionality to secure the multimedia sessions so that there is no leakage of topology information.

This is achieved by maintaining a list of media ports (NAPT table) which are being used within active multimedia sessions. Only packets which arrive on these active ports are processed. Packets which arrive on non-active ports are rejected and logged as potential problems.

RTP Media Portal component level security functions

The RTP Media Portal component also contributes to system security by opening and closing media ports only in response to requests from the SIP Application Module (which has pre-authenticated such requests) and by rejecting any unauthorized packets on an active connection.

Authenticated requests

All requests to manipulate the media resources on the RTP Media Portal originate from the SIP Application Module. The SIP Application Module ensures that all requests are made by, or made to, a valid service subscriber. In this way, the SIP Application Module effectively authenticates all requests.

In addition, the portion of the RTP Media Portal which processes these requests to manipulate the media resources resides safely within the private network.

Packet filter/firewall

As packets are received from the public network, the RTP Media Portal analyzes each packet to ensure the following:

the data format is RTP/RTCP/UDP (as indicated by the session description). All other packet types are discarded and logged as problems.

the source/destination addresses match the expected source/destination addresses indicated in the session description.

NN10035-111 Standard MCP 1.1 FP1 (02.02) April 2003

Copyright © 2003, Nortel Networks

Page 43 Page 45
Page 44
Image 44
Nortel Networks NN10035-111 Napt function, RTP Media Portal component level security functions, Authenticated requests
Page 43 Page 45