RedMax EXtreme EX-LRT Guía para resolver problemas Pagina 22
- Pagina / 142
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Oracle SBC Security Guide
Part 3: Security Features
This section outlines specific SBC security mechanisms.
The Security Model
The Oracle Communications SBC is a purpose built device providing customers both centralized and
distributed control of the management and security of UC networks. The SBC is a critical network
security element for VoIP services designed to effectively manage sessions and protect core network
elements from various types of DDoS attacks, including malicious and non-malicious signaling overload
attacks. The SBC is the sole ingress and egress point for all signaling messages (SIP/H.323/MGCP) and
media streams to/from the core network and is therefore generally the demarcation point between trusted
and untrusted network boundaries. Hence it is vital that the SBC be as secure and available as possible.
Oracle provides a number of industry leading techniques through SBC configuration to secure the
network border. Some of these features are enabled “out of the box” and some require further analysis of
the network architecture to determine the most optimal configuration for security.
For example, the SBC performs access control based on layer 5 signaling messages as one of its primary
functions. The SBC is designed to allow authorized VoIP communications into the core network by
opening/closing firewall ports and by performing NAPT (network address and port translations) on all
signaling and media IP packets as one of its core functions. Signaling messages, going to and from the
SIP core servers and residential gateways and/or peering affiliate infrastructure is therefore inspected and
rewritten as necessary by the SBC.
The SBC follows a “closed” philosophy where ports and interfaces are closed by default and opened on
an as-needed basis. Therefore the system will generally have ports, services and processes disabled unless
configured.
Net-SAFE Architecture: SBC & Core Infrastructure Protection
The SBC provides several techniques for protecting the SBC, and therefore the service, from DDoS
attacks.
First, traditional static ACLs should be configured to only permit signaling traffic from trusted devices.
Permit ACLs are applicable for both unsecured networks (peering partner’s SBCs, proxies, gateways) and
secure network devices (core network softswitches, media servers, application servers, gateways). All
other devices should be denied access to the SBC through the use of deny ACLs.
This solution does not scale for hosted NAT traversal (or hosted access) based applications where
thousands of remote endpoint devices with dynamic IP addresses communicate directly to the SBC
signaling interfaces.
The SBC provides the following tools for DDoS protection in Access networks:
Protect the SBC core CPU via configurable sized queues and separation of signaling packets
(trusted, untrusted)
Configurable trust-level (none, low, medium, high)
Wire speed hardware classification of every remote device trust-level
Provide fair access for new/untrusted devices to signaling queue
- SECURITY GUIDE 1
- Contents 3
- Related Documentation 7
- Part 1: Overview 8
- Figure 1: Net-SAFE Framework 9
- General Security Principles 10
- Monitor System Activity 11
- Session Border Controller 13
- Unified Session Manager 14
- Core Session Manager 15
- Session Router 16
- Realm Design Considerations 16
- Management Interfaces 17
- Passwords 18
- Boot Flags 18
- System ACLs 19
- Telnet/SSH 19
- FTP/SFTP 19
- GUI Management 19
- Resiliency 20
- Physical Link Redundancy 21
- Part 3: Security Features 22
- Security Specific Licenses 24
- Features 26
- Configuring AAA Integration 27
- SIP Interface Security 28
- Service ACLs 29
- TLS for SIP 31
- IPsec for SIP 33
- Call Admission Control (CAC) 34
- Media Policing 35
- DoS/DDoS Prevention 35
- Attack Tool Prevention 36
- Lawful Interception 36
- Part 4: Appendices 37
- Appendix B: Port Matrix 38
- Configuration Models: 40
- Supported platforms 40
- Configuration Parameters 40
- Realm Configuration 41
- SIP Interface 41
- Observations/Limitations 49
- Overview 61
- Deployment Archetypes 61
- Scanner Mitigation 63
- Peering Environments 68
- IDS License Details 70
- Dependencies 70
- Statistics 71
- SNMP MIB OIDS 71
- SNMP Traps 72
- Constraints Limiting 75
- Session-Constraints 75
- Rate constraints 76
- Message Rejections 78
- SNMP support 79
- Log Action 79
- Blacklist Table Maintentance 86
- SNMP OIDs 88
- System Management Statistics 88
- Realm Statistics 89
- Environmental Statistics 90
- Enterprise SNMP Traps 90
- SNMP Traps in HA environment 93
- Appendix I: Syslog 94
- Call Detail Records (CDR) 102
- Oracle SBC Security Guide 103
- System Statistics 106
- Application Statistics 106
- Introduction 108
- SRTP Topologies 108
- Requirements 110
- Design Aspects 111
- Secured/Unsecured Network 114
- Troubleshooting 122
- References 142
Relacionado con productos y manuales para Cortadoras De Césped RedMax EXtreme EX-LRT
Cortadoras De Césped RedMax GZ25N Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax CHT2301 Especificaciones
(36 paginas)
(36 paginas)
Cortadoras De Césped RedMax BC250 Especificaciones
(52 paginas)
(52 paginas)
Cortadoras De Césped RedMax HE2601 Especificaciones
(26 paginas)
(26 paginas)
Cortadoras De Césped RedMax CHT2200 Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax LRT2300 Especificaciones
(26 paginas)
(26 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.058 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales