Security Features Matrix |
 |
| FEATURE
| BENEFITS
| | Security
|  |
| SIP-aware NAT traversal
| Ensure that media can safely traverse across near-end and far-end firewalls
| | Network topology hiding
| Prevents access from unauthenticated, malicious users
| | Cryptographic authentication
| Prevents a wide range of attacks by denying access to malicious, unauthenticated users and domains
| | Denial of service (DOS) attack protection
| Detects abnormal signaling patterns and denies resources to sessions that match attack profiles to prevent the loss or degradation of service from brute force and precision denial of service attacks (SYN, REGISTER, INVITE, SUBSCRIBE floods)
| | Signaling encryption (TLS)
| Ensures the authenticity, confidentiality and integrity of SIP signaling streams to prevent attacks that exploit the visibility and/or mutability of signaling information (e.g. call hijacking attacks)
| | Media encryption (SRTP)
| Encrypts media sessions (audio, video, file transfer, etc) to ensure the authenticity, confidentiality and integrity of real-time media and prevent attacks that exploit the visibility and/or mutability of media streams (eavesdropping, media injection, etc)
| | Signaling validation
| Performs syntactic and semantic validation of signaling streams to prevent service theft and attacks based on the injection of invalid signaling information (e.g. buffer overflow attacks)
| | Media validation
| Ensures that media sessions between SIP user agents are the same as the sessions that were negotiated during the session set-up to prevent service theft
| | Signaling and media anchoring
| Defeats attacks that exploit the independence of SIP signaling and media streams, enables media security
| | Session detail recording
| Enables forensic analysis and implementation of active counter-measures
| | Virus Scanning
| Scans SIP-based file transfers to prevent the propagation of viruses via SIP based applications
|
|
|
