Session Control Manager Overview
Cisco ASR 5000 Series Product Overview ▄
Least Cost, Congestion Based, Call Type, Domain Based
As a SIP ALG, supports signaling and media routing with overlapping address ranges
SIP Application-level Gateway (SIP-ALG)
SIP NAT Traversal
SIP NAT (IPv4 <–> IPv6 translation)
Media Relay (Header Manipulation): RTP, MSRP
Call Admission and Access Control
Access Control based on IP, URL, SIP Identity, and Session Limits
Topology Hiding Inter-network Gateway (THIG)
CALEA Support
SIP and media taps
SIP Security
Prevent Theft of Service
Prevent CSCF bypass
Robust authentication procedures
SIP message checking
Prevent Registration Hijacking
Authenticate Re-Register (S-CSCF)
Early IMS Security: DoS attack prevention, impersonating a server
UA authentication (prevent server impersonation)
AKA authentication mechanism (further protection)
Prevent Message Tampering (IPSec)
Prevent Early Session Tear Down
Early IMS Security prevents a different user releasing existing session
Mitigate SIP Denial of Service (DoS)
P-CSCF DoS Attack Prevention
Blocking of user/IP address
after repeated authentication and bad request failure in Register/INVITE
Dropping of Register
containing Contact header pointing to CSCF service ip:port
Limited number of contacts on which Forking is allowed
Dropping of Requests
coming from source address other than the Register request's source address
To Next Page
Loading...
