Configure a DNS resolver that supports DNSSEC. Converged Application Server supports a number of SIP RFCs that use DNS, and Converged Application Server accesses DNS a lot. DNSSEC is important to prevent malicious entities from spoofing DNS entries and cause issues to the deployment.

See the IETF specifications dealing with DNS security.

Understanding the Digest identity assertion providers

Configuring LDAP Digest authentication

Configuring Digest authentication with an RDBMS

See "Configuring Digest Authentication".

Understanding client-cert authentication solutions

Delivering X509 certificates over 2-way SSL

Developing a Perimeter authentication solution

Using the Converged Application Server WL_Client_Cert header to deliver X509 certificates

See "Configuring Client-Cert Authentication".

Understand forwarding rules for SIP messages having the P-Asserted-Identity header

Configuring P-Asserted-Identity providers

See "Overview of SIP Servlet Identity Assertion Mechanisms".

Defining security constraints for a SIP Servlet

Mapping SIP Servlet roles to Converged Application Server roles and principals

Debugging SIP Servlet security constraints

See "Securing SIP Servlet Resources" in Converged Application Server Developer's Guide

Configuring trusted hosts

See information on the sip-security setting in sipserver.xml, as described in Oracle Communications Converged Application Server Administrator's Guide