RedMax EXtreme EX-LRT Guía para resolver problemas Pagina 32
- Pagina / 142
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Oracle SBC Security Guide
A Signaling Security Module (SSM) daughter card is required for cryptographic acceleration
when using TLS (with the exception of the NN38xx platforms under 500 sessions)
Certificate key lengths can go up to 2048 bits, with 4096 possible with SSM3 (currently on
supported on 6300) after SC7.2.
Certificates are currently signed with a SHA-1 hash. It is recognized that this needs to be updated
to a SHA-2 algorithm. When the FIPS license is applied SHA-256 is used instead.
If site-to-site failover is required, the main site’s fully qualified domain name (FQDN) and the
FQDN for any alternate site should be specified as alternate-names in the certificate record prior
to CSR generation.
TLS session caching (tls-global element) allows a previously authenticated user to reuse a
previous session so authentication is sped up. This may help reduce time to recovery due to
outages, though it is best suited for environments where user IP does not vary significantly.
The default cipher list when creating a tls-profile is currently “ALL”. This includes potentially
insecure ciphers and a “NONE” cipher which does not provide encryption - only authentication.
When configuring a tls-profile, use the following ciphers for maximum security:
For release SC7.2 and above:
TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256
For SC7.2 and below:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Since TLS is based on TCP, TCP DoS protections should be configured to limit the number of
connections per source IP and per sip-interface. Consider these settings in your environment:
sip-config > inactive-dynamic-conn – Defines global timer for tearing down idle TCP/TLS
connections where no SIP data has been sent. The timer used is twice as long for TLS.
sip-interface settings to limit connections:
o untrusted-conn-timeout – Closes socket if untrusted entity does not become trusted, such
as if the register didn’t complete.
o inactive-conn-timeout – Tears down idle TCP/TLS connections when no further data is
being sent, such as if a trusted host sends an INVITE but nothing else.
o max-incoming-conns – Set to max incoming sessions you want the SIP interface to host
plus overhead for setup / teardown (depends on call rate).
o per-src-ip-max-incoming-conns – Usually 1 or 2 but affected by NAT use and
application.
Configuration is detailed in Section 15 “Security” of the ACLI Configuration Guide.
OCSP
The Online Certificate Status Protocol (OCSP) is defined in RFC 2560, X.509 Internet Public Key
Infrastructure Online Certificate Status Protocol - OCSP. The protocol enables users to determine the
revocation state of a specific certificate, and may provide a more efficient source of revocation
information than is possible with Certificate Revocation Lists (CRL).
- SECURITY GUIDE 1
- Contents 3
- Related Documentation 7
- Part 1: Overview 8
- Figure 1: Net-SAFE Framework 9
- General Security Principles 10
- Monitor System Activity 11
- Session Border Controller 13
- Unified Session Manager 14
- Core Session Manager 15
- Session Router 16
- Realm Design Considerations 16
- Management Interfaces 17
- Passwords 18
- Boot Flags 18
- System ACLs 19
- Telnet/SSH 19
- FTP/SFTP 19
- GUI Management 19
- Resiliency 20
- Physical Link Redundancy 21
- Part 3: Security Features 22
- Security Specific Licenses 24
- Features 26
- Configuring AAA Integration 27
- SIP Interface Security 28
- Service ACLs 29
- TLS for SIP 31
- IPsec for SIP 33
- Call Admission Control (CAC) 34
- Media Policing 35
- DoS/DDoS Prevention 35
- Attack Tool Prevention 36
- Lawful Interception 36
- Part 4: Appendices 37
- Appendix B: Port Matrix 38
- Configuration Models: 40
- Supported platforms 40
- Configuration Parameters 40
- Realm Configuration 41
- SIP Interface 41
- Observations/Limitations 49
- Overview 61
- Deployment Archetypes 61
- Scanner Mitigation 63
- Peering Environments 68
- IDS License Details 70
- Dependencies 70
- Statistics 71
- SNMP MIB OIDS 71
- SNMP Traps 72
- Constraints Limiting 75
- Session-Constraints 75
- Rate constraints 76
- Message Rejections 78
- SNMP support 79
- Log Action 79
- Blacklist Table Maintentance 86
- SNMP OIDs 88
- System Management Statistics 88
- Realm Statistics 89
- Environmental Statistics 90
- Enterprise SNMP Traps 90
- SNMP Traps in HA environment 93
- Appendix I: Syslog 94
- Call Detail Records (CDR) 102
- Oracle SBC Security Guide 103
- System Statistics 106
- Application Statistics 106
- Introduction 108
- SRTP Topologies 108
- Requirements 110
- Design Aspects 111
- Secured/Unsecured Network 114
- Troubleshooting 122
- References 142
Relacionado con productos y manuales para Cortadoras De Césped RedMax EXtreme EX-LRT
Cortadoras De Césped RedMax GZ25N Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax CHT2301 Especificaciones
(36 paginas)
(36 paginas)
Cortadoras De Césped RedMax BC250 Especificaciones
(52 paginas)
(52 paginas)
Cortadoras De Césped RedMax HE2601 Especificaciones
(26 paginas)
(26 paginas)
Cortadoras De Césped RedMax CHT2200 Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax LRT2300 Especificaciones
(26 paginas)
(26 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.048 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales