Enabling Inspection Settings for SCCP

Inspection Settings add more than 80 protections and VoIP settings. It protects against malicious attacks by:

• Identifying attack signatures
• Identifying packets with protocol anomalies
• Ensuring RFC compliance
• Inspecting signaling protocols, verifying header formats and protocol call flow state

As part of Inspection Settings, VoIP protections can be:

• Enforced for different gateways using Inspection Setting profiles
• Monitored using Detect Mode

With Inspection Settings you can:

• Generate detailed logs with packet captures on VoIP security events
• Configure granular VoIP security for maximum flexibility in deployment and enforcement
• Add exceptions to specified VoIP protections

  For example, if you add an exception that allows non-RFC compliant SIP traffic on a specified VoIP server, security is not compromised for all other VoIP traffic.

Inspection Settings can be configured for each profile and can be:

• Prevent
• Detect
• Inactive

Configuring SCCP Protections

To configure Inspection Settings:

1. In the Manage & Settings tab, go to Blades > General, select Inspection Settings.

   The Inspection Settings window opens.

2. From the General tab, in the search window, enter SCCP.

   In the Settings column, SCCP Inspection Settings shows.

   Double-click the service you want to configure. A window opens.

3. Double-click on the Inspection Profile of your choice. Select Advanced.
4. Check the boxes to enable the protections that you want.
5. Click OK.

Configuring SCCP Application Policy

Specific VoIP services can be blocked if the services:

• Consume more bandwidth than the IP infrastructure can support
• Do not comply with the organization's security policy

To configure Application Policy:

1. In the Manage & Settings tab, go to Blades > General, select Inspection Settings.

   The Inspection Settings window opens.

2. From the General tab, in the search window, enter SCCP.

   A list of Settings options shows.

3. Double-click the setting that you want to configure.
4. Make your changes and click OK.

Configuring SCCP Protocol Anomaly Protection

A protocol anomaly is a field name or value in the protocol header that is RFC compliant, but deviates from usual use.

For example, the presentation of a field value which contains hundreds of characters, where normally, fewer than ten characters is usual. This is an anomaly.

If a protocol anomaly is found in the VoIP packet, this is a good indication that the VoIP network is being attacked.

To configure Protocol Anomaly Protection:

1. In the Manage & Settings tab, go to Blades > General, select Inspection Settings.

   The Inspection Settings window opens.

2. From the General tab, in the search window, enter SCCP.
3. A list of Settings options shows.
4. Double-click the setting that you want to configure.
5. Make your changes and click OK.

Configuring SCCP Engine Settings

To configure Engine Settings:

1. In the Manage & Settings tab, go to Blades > General, select Inspection Settings.

   The Inspection Settings window opens.

2. From the General tab, in the search window, enter SCCP - General Settings.

   The SCCP - General Settings window opens.

3. Select Advanced and configure the fields.
4. Click OK.

Field

• Block dynamic opening of ports for SCCP media channel

  A gateway dynamically opens ports for VoIP media channel, based on the information in the SCCP signaling connection. When you select this option, it prevents the opening of SCCP media channels. Do not select this option if a SCCP media channel passes through the gateway.