RedMax EXtreme EX-LRT Průvodce řešením problémů Strana 10
- Strana / 142
- Tabulka s obsahem
- ŘEŠENÍ PROBLÉMŮ
- KNIHY
Hodnocené. / 5. Na základě hodnocení zákazníků
Oracle SBC Security Guide
Per-device signaling and media overload control, with deep packet inspection and call rate
control to prevent DoS attacks from reaching service infrastructure
6. Fraud prevention
Session-based authentication, authorization, and contract enforcement for signaling and
media
7. Monitoring and reporting
Audit trails, event logs, access violation logs and traps, management access command
recording
Call Detail Records (CDRs) with media performance monitoring
Raw packet capture ability
Lawful intercept capability
General Security Principles
The following principles are fundamental to using any application securely.
Keep Software Up To Date
One of the principles of good security practice is to keep all software versions up to date. Oracle
maintains multiple SBC streams or versions that are updated with applicable security patches. Always
review the Critical Patch Updates and Release Notes relevant to the stream installed to determine whether
an update should be applied. Throughout this document, a minimum software release of at least S-C6.2.0
is assumed so the guide can be applicable to multiple releases.
Restrict Network Access to Critical Services
By design, the SBC family defaults to a closed state. No signaling or media can pass through the system
unless it is explicitly configured.
Only services required for initial configuration of the system are available on a dedicated management
Ethernet port (wancom0) which should be connected to a management network. Insecure services such as
telnet and FTP should be disabled. Access to management services should be protected through the use of
system level Access Control Lists (ACL) specifying allowed IP address ranges.
Signaling and media are only available on a separate set of Ethernet ports designated for services. ACLs
should also be used on services ports for SIP peering deployments where possible. Some management
capabilities can be enabled on these services ports by an administrator, so care should be taken to
determine the risk of doing so in individual cases. In general it is not recommended to enable services
other than perhaps ICMP.
Services should also be protected from DoS abuse through configuration of call admission controls,
signaling thresholds, blacklisting, and attack tool detection, elements covered as part of this guide.
Follow the Principle of Least Privilege
The SBC family provides some implicit least privilege because direct user access is usually not provided.
In most cases, the system acts as a proxy device so there is no direct user interaction. In other cases the
system may provide a registrar function. However, providing the registrar function does not give the user
access to any system level commands.
- SECURITY GUIDE 1
- Contents 3
- Related Documentation 7
- Part 1: Overview 8
- Figure 1: Net-SAFE Framework 9
- General Security Principles 10
- Monitor System Activity 11
- Session Border Controller 13
- Unified Session Manager 14
- Core Session Manager 15
- Session Router 16
- Realm Design Considerations 16
- Management Interfaces 17
- Passwords 18
- Boot Flags 18
- System ACLs 19
- Telnet/SSH 19
- FTP/SFTP 19
- GUI Management 19
- Resiliency 20
- Physical Link Redundancy 21
- Part 3: Security Features 22
- Security Specific Licenses 24
- Features 26
- Configuring AAA Integration 27
- SIP Interface Security 28
- Service ACLs 29
- TLS for SIP 31
- IPsec for SIP 33
- Call Admission Control (CAC) 34
- Media Policing 35
- DoS/DDoS Prevention 35
- Attack Tool Prevention 36
- Lawful Interception 36
- Part 4: Appendices 37
- Appendix B: Port Matrix 38
- Configuration Models: 40
- Supported platforms 40
- Configuration Parameters 40
- Realm Configuration 41
- SIP Interface 41
- Observations/Limitations 49
- Overview 61
- Deployment Archetypes 61
- Scanner Mitigation 63
- Peering Environments 68
- IDS License Details 70
- Dependencies 70
- Statistics 71
- SNMP MIB OIDS 71
- SNMP Traps 72
- Constraints Limiting 75
- Session-Constraints 75
- Rate constraints 76
- Message Rejections 78
- SNMP support 79
- Log Action 79
- Blacklist Table Maintentance 86
- SNMP OIDs 88
- System Management Statistics 88
- Realm Statistics 89
- Environmental Statistics 90
- Enterprise SNMP Traps 90
- SNMP Traps in HA environment 93
- Appendix I: Syslog 94
- Call Detail Records (CDR) 102
- Oracle SBC Security Guide 103
- System Statistics 106
- Application Statistics 106
- Introduction 108
- SRTP Topologies 108
- Requirements 110
- Design Aspects 111
- Secured/Unsecured Network 114
- Troubleshooting 122
- References 142
Související produkty a manuály pro Zastřihovače trávy RedMax EXtreme EX-LRT
Zastřihovače trávy RedMax EXZ2401S-BC Specifikace
(60 stránky)
(60 stránky)
Zastřihovače trávy RedMax GZ25N Specifikace
(32 stránky)
(32 stránky)
Zastřihovače trávy RedMax CHT2301 Specifikace
(36 stránky)
(36 stránky)
Zastřihovače trávy RedMax BC250 Specifikace
(52 stránky)
(52 stránky)
Zastřihovače trávy RedMax CHTZ2500 Specifikace
(36 stránky)
(36 stránky)
Zastřihovače trávy RedMax HE250F Servisní příručka
(26 stránky)
(26 stránky)
Zastřihovače trávy RedMax SRTZ2401F Specifikace
(56 stránky)
(56 stránky)
Zastřihovače trávy RedMax HE2601 Specifikace
(26 stránky)
(26 stránky)
Zastřihovače trávy RedMax CHTZ2400 Specifikace
(36 stránky)
(36 stránky)
Zastřihovače trávy RedMax BCZ3000SW Specifikace
(40 stránky)
(40 stránky)
Zastřihovače trávy RedMax HEZ2500F Specifikace
(36 stránky)
(36 stránky)
Zastřihovače trávy RedMax BCZ3001S Specifikace
(44 stránky)
(44 stránky)
Zastřihovače trávy RedMax CHT2200 Specifikace
(32 stránky)
(32 stránky)
Zastřihovače trávy RedMax LRT2300 Specifikace
(26 stránky)
(26 stránky)
Zastřihovače trávy RedMax EXtreme EX2-BC Specifikace
(112 stránky)
(112 stránky)
© 2020, manymanuals.cz. Všechna práva vyhrazena. | 0.061 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce