Our edgeNet-SAFE spans seven functional areas, each of which is a collection of more specific requirements, including: 
SBC DoS protectionAutonomic, SBC self-protection against malicious and non-malicious DoS attacks and overloads at layer 3/4 (e.g. TCP, SYN, ICMP, fragments, etc.) and layer 5 (e.g. SIP signaling floods, malformed messages, etc.). Mandates hardware-enforced fairness, control and throttling for signaling and media. Access controlSession-aware access control for signaling and media using static and dynamic permit/deny ACLs at layer 3 and 5. Topology hiding and privacyComplete infrastructure topology hiding at all protocol layers for confidentiality and attack prevention security, as well as modification, removal or insertion of call signaling application headers and fields. Privacy support using industry-standard encryption methods such as TLS and IPsec. VPN separationSupport for virtual private networks (VPNs) with full inter-VPN topology hiding and separation, the ability to create separate signaling and media-only VPNs, and with optional intra-VPN media hairpinning to monitor calls within a VPN. Service infrastructure DoS preventionPer-device signaling and media overload control, with deep-packet inspection and call rate control to prevent DoS attacks from reaching service infrastructure such as SIP servers, H.323 gatekeepers, MCUs, application servers, media servers or media gateways Fraud preventionSession-based authentication, authorization and contract enforcement for signaling and media; and service theft protection. Monitoring and reportingAudit trails, event logs, access violation logs and traps, management access command recording, call detail records (CDRs) with media performance monitoring, raw packet capture ability and lawful intercept capability.
|