RedMax EXtreme EX-LRT Guía para resolver problemas Pagina 33
- Pagina / 142
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Oracle SBC Security Guide
The protocol specifies the data exchanged between an OCSP client (such as the Net-Net SBC) and an
OCSP responder, the Certification Authority (CA), or its delegate, that issued the target certificate. An
OCSP client issues a request to an OCSP responder and suspends acceptance of the certificate in question
until the responder replies with a certificate status.
Certificate status is reported as
good
revoked
unknown
OCSP can be especially useful in environments where individual certificates have been issued to a single
user or user device. Certificates for devices that are stolen or misplaced can be revoked, so even if valid
credentials are known the device will not be able to connect.
Configuration is detailed in Section 15 “Security” of the ACLI Configuration Guide.
SRTP
Many customers require the ability to encrypt and authenticate the content and signaling of their real time
communications sessions. The SBC supports the Secure Real-Time Transport Protocol (SRTP).
Authentication provides assurance that packets are from the purported source, and that the packets have
not been tampered with during transmission. Encryption provides assurance that the call content and
associated signaling has remained private during transmission.
SRTP requires an IPsec NIU and a Signaling Security Module (SSM/SSM2/SSM3).
RTP and RTCP traffic are encrypted as described in RFC 3711, The Secure Real-time Transport Protocol
(SRTP). The negotiation and establishment of keys and other cryptographic materials that support SRTP
is described in RFC 4568, Session Description Protocol (SDP) Security Description for Media Streams.
Cryptographic parameters are established with only a single message or in single round-trip exchange
using the offer/answer model defined in RFC 3264, An Offer/Answer Model with the Session Description
Protocol (SDP).
The SBC also supports signaling of SRTP keys with MIKEY through an implementation of a subset of
RFC 3830. This implementation of MIKEY offers encryption of both RTP media and RTCP statistical
information. This implementation requires signaling plane encryption using SIP-TLS.
For further information and configuration settings, refer to Appendix L: and to Section 15 “Security” of
the ACLI Configuration Guide.
IPsec for SIP
IPsec provides another mechanism for encrypting and securing SIP signaling services through the use of
2-port GigE optical IPsec PHY card.
Security Associations and Security Policies allow for flexibility in defining local and remote IP address,
ports and subnet masks. These should be defined to only allow IPsec communications between authorized
gateways or hosts and the SBC.
In software release S-C6.2.0, the SBC supports IPsec IKEv1 to create IPsec tunnels dynamically. This is
based on the Internet Key Exchange (IKE) Protocol as defined in RFC 2409, Internet Key Exchange, and
for the Dead Peer Detection (DPD) protocol as defined in RFC 3706, A Traffic-Based Method of
Detecting Dead Internet Key Exchange (IKE) Peers.
- SECURITY GUIDE 1
- Contents 3
- Related Documentation 7
- Part 1: Overview 8
- Figure 1: Net-SAFE Framework 9
- General Security Principles 10
- Monitor System Activity 11
- Session Border Controller 13
- Unified Session Manager 14
- Core Session Manager 15
- Session Router 16
- Realm Design Considerations 16
- Management Interfaces 17
- Passwords 18
- Boot Flags 18
- System ACLs 19
- Telnet/SSH 19
- FTP/SFTP 19
- GUI Management 19
- Resiliency 20
- Physical Link Redundancy 21
- Part 3: Security Features 22
- Security Specific Licenses 24
- Features 26
- Configuring AAA Integration 27
- SIP Interface Security 28
- Service ACLs 29
- TLS for SIP 31
- IPsec for SIP 33
- Call Admission Control (CAC) 34
- Media Policing 35
- DoS/DDoS Prevention 35
- Attack Tool Prevention 36
- Lawful Interception 36
- Part 4: Appendices 37
- Appendix B: Port Matrix 38
- Configuration Models: 40
- Supported platforms 40
- Configuration Parameters 40
- Realm Configuration 41
- SIP Interface 41
- Observations/Limitations 49
- Overview 61
- Deployment Archetypes 61
- Scanner Mitigation 63
- Peering Environments 68
- IDS License Details 70
- Dependencies 70
- Statistics 71
- SNMP MIB OIDS 71
- SNMP Traps 72
- Constraints Limiting 75
- Session-Constraints 75
- Rate constraints 76
- Message Rejections 78
- SNMP support 79
- Log Action 79
- Blacklist Table Maintentance 86
- SNMP OIDs 88
- System Management Statistics 88
- Realm Statistics 89
- Environmental Statistics 90
- Enterprise SNMP Traps 90
- SNMP Traps in HA environment 93
- Appendix I: Syslog 94
- Call Detail Records (CDR) 102
- Oracle SBC Security Guide 103
- System Statistics 106
- Application Statistics 106
- Introduction 108
- SRTP Topologies 108
- Requirements 110
- Design Aspects 111
- Secured/Unsecured Network 114
- Troubleshooting 122
- References 142
Relacionado con productos y manuales para Cortadoras De Césped RedMax EXtreme EX-LRT
Cortadoras De Césped RedMax GZ25N Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax CHT2301 Especificaciones
(36 paginas)
(36 paginas)
Cortadoras De Césped RedMax BC250 Especificaciones
(52 paginas)
(52 paginas)
Cortadoras De Césped RedMax HE2601 Especificaciones
(26 paginas)
(26 paginas)
Cortadoras De Césped RedMax CHT2200 Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax LRT2300 Especificaciones
(26 paginas)
(26 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.106 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales