RedMax EXtreme EX-LRT Guía para resolver problemas Pagina 28
- Pagina / 142
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Oracle SBC Security Guide
authorization response. If TACACS+ grants authorization, the pending command is executed; if
authorization is not granted, the SBC does not execute the ACLI command, and displays an appropriate
error message.
All management stations used for SSH access should have a permit ACL configured. An ACL should also
be configured to allow TACACS+ traffic to the Network Access Server. TACACS+ is disabled by
default.
Refer to “TACACS+ AAA” in Section 2 “Getting Started” of the ACLI Configuration Guide.
Configuring Signaling & Media Interface Security
Securing the service interfaces is perhaps the most important consideration as they are typically deployed
in public unsecure networks and these interfaces are usually the demarcation or access point to the core
network infrastructure.
Signaling/Media Management Functions
The phy-card is intended for signaling and media traffic only. The SBC disables ICMP, telnet, SNMP and
FTP on signaling/media interfaces by default. It is not recommended that any of these protocols be
enabled on a service interface for any length of time beyond that required for troubleshooting purposes.
Configuration is detailed in Section 3 “System Configuration” of the ACLI Configuration Guide.
SIP Interface Security
As well as the layer3 ACLs described earlier, the SBC provides layer5 SIP protection to its signaling
interfaces. By default, the SBC sip-interface > sip-port parameter will allow and route signaling from any
device.
For Access/untrusted networks, the sip-interface > sip-port > allow-anonymous setting should be
configured to one of the following values:
registered: This is the most widely deployed setting, only allowing non-REGISTER SIP requests
from either a defined session-agent or a previously registered device. (All REGISTER requests
are processed.)
realm-prefix: Allows SIP requests only from defined session-agents or previously registered
endpoints. Only REGISTER requests from endpoints within the configured realm-prefix (subnet)
are allowed.
Although this feature will deny service to a malicious user, the SIP daemon and hence the core CPU is
utilized to parse and process each and every request; therefore, this feature is recommended to be
deployed in conjunction with the Net-SAFE architecture.
SIP-interfaces communicating with non-registering devices (e.g. peering partner SBCs or core devices
such as softswitches) should have the allow-anonymous setting configured for agents-only.
An Enforcement Profile should be configured with the list of allowable SIP methods. It is recommended
that only the minimum set of SIP methods necessary for the customer application be configured.
Furthermore in S-C6.1.0, added protection is configurable in Access scenarios where SIP endpoints are
sending SUBSCRIBE dialogs. The rate of these messages can be limited per user.
- SECURITY GUIDE 1
- Contents 3
- Related Documentation 7
- Part 1: Overview 8
- Figure 1: Net-SAFE Framework 9
- General Security Principles 10
- Monitor System Activity 11
- Session Border Controller 13
- Unified Session Manager 14
- Core Session Manager 15
- Session Router 16
- Realm Design Considerations 16
- Management Interfaces 17
- Passwords 18
- Boot Flags 18
- System ACLs 19
- Telnet/SSH 19
- FTP/SFTP 19
- GUI Management 19
- Resiliency 20
- Physical Link Redundancy 21
- Part 3: Security Features 22
- Security Specific Licenses 24
- Features 26
- Configuring AAA Integration 27
- SIP Interface Security 28
- Service ACLs 29
- TLS for SIP 31
- IPsec for SIP 33
- Call Admission Control (CAC) 34
- Media Policing 35
- DoS/DDoS Prevention 35
- Attack Tool Prevention 36
- Lawful Interception 36
- Part 4: Appendices 37
- Appendix B: Port Matrix 38
- Configuration Models: 40
- Supported platforms 40
- Configuration Parameters 40
- Realm Configuration 41
- SIP Interface 41
- Observations/Limitations 49
- Overview 61
- Deployment Archetypes 61
- Scanner Mitigation 63
- Peering Environments 68
- IDS License Details 70
- Dependencies 70
- Statistics 71
- SNMP MIB OIDS 71
- SNMP Traps 72
- Constraints Limiting 75
- Session-Constraints 75
- Rate constraints 76
- Message Rejections 78
- SNMP support 79
- Log Action 79
- Blacklist Table Maintentance 86
- SNMP OIDs 88
- System Management Statistics 88
- Realm Statistics 89
- Environmental Statistics 90
- Enterprise SNMP Traps 90
- SNMP Traps in HA environment 93
- Appendix I: Syslog 94
- Call Detail Records (CDR) 102
- Oracle SBC Security Guide 103
- System Statistics 106
- Application Statistics 106
- Introduction 108
- SRTP Topologies 108
- Requirements 110
- Design Aspects 111
- Secured/Unsecured Network 114
- Troubleshooting 122
- References 142
Relacionado con productos y manuales para Cortadoras De Césped RedMax EXtreme EX-LRT
Cortadoras De Césped RedMax GZ25N Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax CHT2301 Especificaciones
(36 paginas)
(36 paginas)
Cortadoras De Césped RedMax BC250 Especificaciones
(52 paginas)
(52 paginas)
Cortadoras De Césped RedMax HE2601 Especificaciones
(26 paginas)
(26 paginas)
Cortadoras De Césped RedMax CHT2200 Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax LRT2300 Especificaciones
(26 paginas)
(26 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.067 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales