Common Security Configuration Tasks

Table 1-1 lists Converged Application Server configuration tasks and provides links to additional information.

Table 1-1 Security Configuration Tasks

Task	Document Reference
Configure a DNS resolver that supports DNSSEC. Converged Application Server supports a number of SIP RFCs that use DNS, and Converged Application Server accesses DNS a lot. DNSSEC is important to prevent malicious entities from spoofing DNS entries and cause issues to the deployment.	See the IETF specifications dealing with DNS security.
Understanding the Digest identity assertion providers Configuring LDAP Digest authentication Configuring Digest authentication with an RDBMS	See "Configuring Digest Authentication".
Understanding client-cert authentication solutions Delivering X509 certificates over 2-way SSL Developing a Perimeter authentication solution Using the Converged Application Server WL_Client_Cert header to deliver X509 certificates	See "Configuring Client-Cert Authentication".
Understand forwarding rules for SIP messages having the P-Asserted-Identity header Configuring P-Asserted-Identity providers	See "Overview of SIP Servlet Identity Assertion Mechanisms".
Defining security constraints for a SIP Servlet Mapping SIP Servlet roles to Converged Application Server roles and principals Debugging SIP Servlet security constraints	See "Securing SIP Servlet Resources" in Converged Application Server Developer's Guide
Configuring trusted hosts	See information on the sip-security setting in sipserver.xml, as described in Oracle Communications Converged Application Server Administrator's Guide