Configuring a SIP Parameter Map
Configuring User Agent Software Version Options
Enabling Strict Header Validation
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-120
If the software version of a user agent (UA) were exposed, the UA may be more
vulnerable to attacks from hackers who exploit the security holes present in that
particular version of software. To protect the UA from such attacks, the ACE
allows you to log or mask the UA software version.
To configure the UA software version options, use the software-version
command in parameter map SIP configuration mode.
The syntax of this command is as follows:
software-version {log} | {mask [log]}
The keywords are as follows:
log—Specifies that the ACE log the UA software version.
•
mask—Specifies that the ACE mask the UA software version.
•
For example, to configure the ACE to mask the UA software version, enter:
host1/Admin(config-parammap-sip)# software-version mask
To return the ACE behavior to the default of not checking the software version,
enter:
host1/Admin(config-parammap-sip)# no software-version mask
You can ensure the validity of SIP packet headers by configuring the ACE to
check for the presence of the following mandatory SIP header fields:
From
•
To
•
Call-ID
•
CSeq
•
Via
•
Max-Forwards
•
Chapter 3
Configuring Application Protocol Inspection
OL-16202-01