RedMax EXtreme EX-LRT Průvodce řešením problémů Strana 60
- Strana / 142
- Tabulka s obsahem
- ŘEŠENÍ PROBLÉMŮ
- KNIHY
Hodnocené. / 5. Na základě hodnocení zákazníků
Oracle SBC Security Guide
avalanche from untrusted sources, temporary promotion based on the initial REGISTER request sent from
a specific source helps minimize the amount of time it will take to promote the collective untrusted
sources, to trusted sources, effectively restoring service in the event of an outage as quickly as possible.
This is also referred to as: minimizing the convergence time. The addition of any SIP option relevant to
DDoS, including reg-overload-protect, would require additional testing. For customers with specific
convergence requirements, additional research must be conducted to arrive at an appropriate DDoS
configuration prior to deployment.
A limitation of the configuration parameters described in this appendix is the handling of SIP message
spoofing. When a trusted user is “spoofed" by another user or a defective trusted user sends many SIP
messages, the CPU utilization of the SBC may spike to 100%. One safe-guard implemented as part of this
appendix is the establishment of a setting for maximum-signaling-threshold, defined in the realm-
configuration object. When set, this provides an entry level amount of protection by removing a violating
source from the trusted queue once the defined threshold is exceeded. To further handle this scenario,
there are additional advanced DDoS configurations that can be set. For example: if the desired outcome is
to deny violating sources from the hardware level, the access-control-trust-level should be set to “low”
in the realm-configuration object. This also requires the configuration of the untrusted-signal-threshold
to properly demote offending untrusted users to the deny list. If one wishes to move an endpoint back into
the untrusted queue the access-control-trust-level of “medium” should be used.
The DDoS configuration recommendations in this appendix are meant as a general baseline to help
protect the SBC from DDoS. For more complete protection, DDoS configurations should be determined
by the examining the applicable environment and customizing based on the environment driven traffic
flows and load levels.
- SECURITY GUIDE 1
- Contents 3
- Related Documentation 7
- Part 1: Overview 8
- Figure 1: Net-SAFE Framework 9
- General Security Principles 10
- Monitor System Activity 11
- Session Border Controller 13
- Unified Session Manager 14
- Core Session Manager 15
- Session Router 16
- Realm Design Considerations 16
- Management Interfaces 17
- Passwords 18
- Boot Flags 18
- System ACLs 19
- Telnet/SSH 19
- FTP/SFTP 19
- GUI Management 19
- Resiliency 20
- Physical Link Redundancy 21
- Part 3: Security Features 22
- Security Specific Licenses 24
- Features 26
- Configuring AAA Integration 27
- SIP Interface Security 28
- Service ACLs 29
- TLS for SIP 31
- IPsec for SIP 33
- Call Admission Control (CAC) 34
- Media Policing 35
- DoS/DDoS Prevention 35
- Attack Tool Prevention 36
- Lawful Interception 36
- Part 4: Appendices 37
- Appendix B: Port Matrix 38
- Configuration Models: 40
- Supported platforms 40
- Configuration Parameters 40
- Realm Configuration 41
- SIP Interface 41
- Observations/Limitations 49
- Overview 61
- Deployment Archetypes 61
- Scanner Mitigation 63
- Peering Environments 68
- IDS License Details 70
- Dependencies 70
- Statistics 71
- SNMP MIB OIDS 71
- SNMP Traps 72
- Constraints Limiting 75
- Session-Constraints 75
- Rate constraints 76
- Message Rejections 78
- SNMP support 79
- Log Action 79
- Blacklist Table Maintentance 86
- SNMP OIDs 88
- System Management Statistics 88
- Realm Statistics 89
- Environmental Statistics 90
- Enterprise SNMP Traps 90
- SNMP Traps in HA environment 93
- Appendix I: Syslog 94
- Call Detail Records (CDR) 102
- Oracle SBC Security Guide 103
- System Statistics 106
- Application Statistics 106
- Introduction 108
- SRTP Topologies 108
- Requirements 110
- Design Aspects 111
- Secured/Unsecured Network 114
- Troubleshooting 122
- References 142
Související produkty a manuály pro Zastřihovače trávy RedMax EXtreme EX-LRT
Zastřihovače trávy RedMax EXZ2401S-BC Specifikace
(60 stránky)
(60 stránky)
Zastřihovače trávy RedMax GZ25N Specifikace
(32 stránky)
(32 stránky)
Zastřihovače trávy RedMax CHT2301 Specifikace
(36 stránky)
(36 stránky)
Zastřihovače trávy RedMax BC250 Specifikace
(52 stránky)
(52 stránky)
Zastřihovače trávy RedMax CHTZ2500 Specifikace
(36 stránky)
(36 stránky)
Zastřihovače trávy RedMax HE250F Servisní příručka
(26 stránky)
(26 stránky)
Zastřihovače trávy RedMax SRTZ2401F Specifikace
(56 stránky)
(56 stránky)
Zastřihovače trávy RedMax HE2601 Specifikace
(26 stránky)
(26 stránky)
Zastřihovače trávy RedMax CHTZ2400 Specifikace
(36 stránky)
(36 stránky)
Zastřihovače trávy RedMax BCZ3000SW Specifikace
(40 stránky)
(40 stránky)
Zastřihovače trávy RedMax HEZ2500F Specifikace
(36 stránky)
(36 stránky)
Zastřihovače trávy RedMax BCZ3001S Specifikace
(44 stránky)
(44 stránky)
Zastřihovače trávy RedMax CHT2200 Specifikace
(32 stránky)
(32 stránky)
Zastřihovače trávy RedMax LRT2300 Specifikace
(26 stránky)
(26 stránky)
Zastřihovače trávy RedMax EXtreme EX2-BC Specifikace
(112 stránky)
(112 stránky)
© 2020, manymanuals.cz. Všechna práva vyhrazena. | 0.046 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce