5
Connecting Tieline to other Codecs Using SIP
© Tieline Pty. Ltd. 2021
4.
SIP does not support advanced software enhancements which deliver redundancy and rock
solid reliablity over IP, e.g. failover connections, SmartStream PLUS redundant streaming,
Fuse-IP bonding, plus error concealment strategies.
5.
Codecs using SIP cannot use the TieLink Traversal Server for presence and connections. In
addition port forwarding is usually required.
6.
Some ISPs and/or cellular networks may block SIP traffic.
SIP Security
Tools such as Shodan make it easy for anyone to easily locate devices connected to the internet
around the world. Therefore it is critical that security measures are in place for all IP and SIP
connections over the public internet.
Managing Unwanted SIP Calls
Hackers and other nefarious net-bound characters look for networks with easy access in which to
ply their trade. As a starting point they look for networks with open gateways and platforms using
default passwords.
Maintaining Codec Network Security
Adequate security is a major factor in ensuring your codecs and your broadcast network remain
secure. There are several layers of security available in Tieline codecs to maintain secure
connections. These include:
1. Immediately change the default password when you commission and install your codecs
(see instructions which follow). Create a strong password which includes both capital and
lower case letters, symbols and numbers (up to 15 characters can be entered). Password
managers can be useful when managing multiple passwords within organizations.
2. Ensure your codec is behind a firewall and only open the TCP and UDP ports required to
transmit session and audio data between your codecs. Using non-standard ports instead of
Tieline default ports can also ensure the codec is more difficult to discover by external
parties.
3. Ports 80 and 8080 are commonly used to access the Tieline codec web server. You can add
an additional layer of security by translating these ports on the WAN side of your network
into non-standard port numbers. Adjust ports using the
Options panel
in the Toolbox
HTML5 Web-GUI.
4. By default SIP interfaces are disabled to avoid unwanted traffic. The
SIP Filter Lists panel
in the Toolbox HTML5 Web-GUI allows filtering of SIP URIs and User Agents to provide
greater security when using SIP. See "Configure SIP Allow and Block lists" in the product
user manual for more information.
5. An SSL security certificate can be installed on each codec in your network to ensure it is a
trusted device within your network. See "Installing a Security Certificate" in the product user
manual for more information.
6. Firewall settings facilitate enabling or disabling a range of firewall-related network services, or
limit ping to only work in a local subnet. Tieline also recommends SNMP is disabled if a
codec is connected to a public network like the internet. Adjust settings using the Toolbox
HTML5 Web-GUI
Options panel
in the
Firewall
tab, or see "Firewall Configuration" in the
product user manual.
7. Implementation of CSRF protection (Cross-Site Request Forgery). Enable and disable this
setting using the
Options panel
in the Toolbox HTML5 Web-GUI, or see "Enabling CSRF
Security" in the product user manual for more info.
Be sure to document any port changes because this information will be required if you need to
contact Tieline or other online support services.
