SIP in higher education

[Steve Blair <>]

Yul:

 I've tried a number of approaches. I'm not sure if Penn has settled
on one method yet. Our proxy currently requires anyone who
registers to authenticate, registered users must be in a specific
group to use the PSTN and our PSTN gateway has ACLs to limit
access on the LAN side. We also log the remote domain name for
inbound IP calls. We don't do any other "filtering" on IP calls.

-Steve

Yul Pyun wrote:

> I'm interested in finding out what other campuses are doing or what 
> your thoughts are in regards to UA registration and authentication.
>  
> It seems to me that there are at least two distinct functions when it 
> comes to authentication: 1) processing registration, and 2) processing 
> INVITES.
>  
> My thoughts are that:
> 1) You want to authenticate those UAs that belong to your domain when 
> they register, regardless of where they are registering from, and deny 
> registration of all other UAs.  If you don't authenticate, then 
> potentially anyone can register with your Registrar, and basically 
> spoof the calls as if they are part of your organization.  I'd rather 
> not be in the business of providing registration/proxy services to the 
> entire net.
>  
> 2) You want to be able to receive calls (INVITES) from anyone on the 
> net, or perhaps narrow it down by use of ACL.  Analogy would be my pbx 
> phone...anyone in the world can call me if they my number.
>  
> Thoughts/comments?
>  
> -Yul
> ----------------------------------------------------
> Yul Pyun, 
>
>  
> <mailto:>
> University of Hawaii