RedMax EXtreme EX-LRT Guía para resolver problemas Pagina 23
- Pagina / 142
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Oracle SBC Security Guide
Multi-queue access fairness for unknown traffic
Automatic behaviorally driven promotion/demotion/denial of devices
Per-device constraints and authorization
Each device is classified as untrusted, trusted or denied. The entire system bandwidth is allocated for the
trusted and untrusted queues according to the characteristics of the customer Access deployment (e.g.
number of endpoints, rate of registration, packet size, etc.). The allocation of the CAM is configurable to
tailor the sizes of the entries available for media, trusted and deny NAT entries according to the scale of
the customer Access network. Separate configurable sized queues also exist for fragmented packets and
ARP requests.
The trust-levels below determine promotion/demotion criteria between the deny list, untrusted and trusted
queues.
None: Device is always untrusted, no promotion or demotion
Low: Device is initially untrusted, can be promoted to trusted, or demoted to denied
Medium: Device is initially untrusted, can be promoted to trusted, cannot be denied
High: Device is always trusted
A low or medium trust level is appropriate for Access or untrusted networks (realms). In contrast, a high
trust level is appropriate only for Core or trusted networks (realms).
Promotion Criteria Examples
o SIP: 200OK received for either Register or Invite method
o MGCP: 200 received for either RSIP or CRCX
Demotion Criteria Examples
Exceeding any of the following thresholds:
invalid-signal-threshold: maximum number of non-compliant signaling packets acceptable
maximum-signal-threshold: maximum number of signaling packets acceptable while an
endpoint is classified as trusted
untrusted-signaling-threshold: maximum number of signaling packets while an endpoint is
classified as untrusted
These thresholds are all measured in the configurable system wide tolerance-window (default 30s)
If an endpoint crosses one of these thresholds then a deny ACL is written to the CAM, and checked by the
Network Processors (NP) upon receipt of a packet from the denied endpoint. The endpoint is denied for a
configurable period of time.
The goal of the DDoS protection tools detailed above is to assess and plan for a configuration that allows
service to continue whether the SBC is under malicious attack or a non-malicious attack such as a
recovery from a Softswitch outage or registration flood from endpoints. This involves allowing enough
untrusted traffic such that endpoints can over time register successfully yet constraining all queues
sufficiently to protect SBC resources (i.e. core CPU threshold).
Furthermore, the SIP Registration Overload Protection (SROP) feature is used to protect the SBC against
mass endpoint avalanche restarts. The following sip-config options are recommended to be configured:
- SECURITY GUIDE 1
- Contents 3
- Related Documentation 7
- Part 1: Overview 8
- Figure 1: Net-SAFE Framework 9
- General Security Principles 10
- Monitor System Activity 11
- Session Border Controller 13
- Unified Session Manager 14
- Core Session Manager 15
- Session Router 16
- Realm Design Considerations 16
- Management Interfaces 17
- Passwords 18
- Boot Flags 18
- System ACLs 19
- Telnet/SSH 19
- FTP/SFTP 19
- GUI Management 19
- Resiliency 20
- Physical Link Redundancy 21
- Part 3: Security Features 22
- Security Specific Licenses 24
- Features 26
- Configuring AAA Integration 27
- SIP Interface Security 28
- Service ACLs 29
- TLS for SIP 31
- IPsec for SIP 33
- Call Admission Control (CAC) 34
- Media Policing 35
- DoS/DDoS Prevention 35
- Attack Tool Prevention 36
- Lawful Interception 36
- Part 4: Appendices 37
- Appendix B: Port Matrix 38
- Configuration Models: 40
- Supported platforms 40
- Configuration Parameters 40
- Realm Configuration 41
- SIP Interface 41
- Observations/Limitations 49
- Overview 61
- Deployment Archetypes 61
- Scanner Mitigation 63
- Peering Environments 68
- IDS License Details 70
- Dependencies 70
- Statistics 71
- SNMP MIB OIDS 71
- SNMP Traps 72
- Constraints Limiting 75
- Session-Constraints 75
- Rate constraints 76
- Message Rejections 78
- SNMP support 79
- Log Action 79
- Blacklist Table Maintentance 86
- SNMP OIDs 88
- System Management Statistics 88
- Realm Statistics 89
- Environmental Statistics 90
- Enterprise SNMP Traps 90
- SNMP Traps in HA environment 93
- Appendix I: Syslog 94
- Call Detail Records (CDR) 102
- Oracle SBC Security Guide 103
- System Statistics 106
- Application Statistics 106
- Introduction 108
- SRTP Topologies 108
- Requirements 110
- Design Aspects 111
- Secured/Unsecured Network 114
- Troubleshooting 122
- References 142
Relacionado con productos y manuales para Cortadoras De Césped RedMax EXtreme EX-LRT
Cortadoras De Césped RedMax GZ25N Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax CHT2301 Especificaciones
(36 paginas)
(36 paginas)
Cortadoras De Césped RedMax BC250 Especificaciones
(52 paginas)
(52 paginas)
Cortadoras De Césped RedMax HE2601 Especificaciones
(26 paginas)
(26 paginas)
Cortadoras De Césped RedMax CHT2200 Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax LRT2300 Especificaciones
(26 paginas)
(26 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.053 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales