RedMax EXtreme EX-LRT Guía para resolver problemas Pagina 42
- Pagina / 142
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Oracle SBC Security Guide
The following sip-interface->sip-ports parameter SHOULD be used for Peering
environments.
Setting “allow-anonymous” to agents-only will allow the SBC to reject requests sent by any IP which has
not yet been defined as a “Session-Agent” in the SBC configuration. In Peering configurations, the
customer SHOULD define each IP of a peer’s device as a “session-agent” for optimal purpose.
Parameter
Peer Realm
Core Realm
allow-anonymous
agents-only
all
Although it is not recommended, but it is still possible to allow packets from an IP that has not yet
defined as a Session-Agent, by setting “allow-anonymous” to “all”. In this setup, the SBC will simply
allow the request under DDoS threshold opposed to rejecting it with a 403 Forbidden response.
Session Agent and Access-Control
Any peering signaling device SHOULD be defined as a Session-Agent in SBC configuration. Further, for
proper DDoS prevention, it requires explicitly configuring one access control per address of each Session-
Agent address or other address (that has not yet been defined as a session-agent).
session-router->session-agent
Parameter
Realm
realm-id
peer
constraints
enabled
[optional]
max-sessions
X
max-burst-rate
Y
max-sustain-rate
Z
time-to-resume
60 sec
burst-rate-window
1 sec
sustain-rate-window
30 sec
There is no demotion event when access-control-trust-level in the realm-config is set “high” as packets
from the trusted peer endpoint are always allocated in the trusted queue for processing. It becomes a
concern when there is excessive amount of SIP traffic sent by a customer which is beyond the SLA.
Session constraints under session-agent can be deployed to further mitigate this problem. Listed above are
a small set of constraints to provide basic level of call admission control in order to ensure that a session-
agent’s capacity is not exceeded, or the SBC will reject the service with 503 Exceed Constraints. Please
be advised that these settings are only optional. Customers may consider them when deploying their
service in a Peering environment with or without DDoS configuration.
max-sessions –X
Define a maximum number of sessions (inbound and outbound) allowed by the session agent.
Once the session limit is reached, the SBC will start rejecting new service with 503 Exceed
Constraints until the number of seconds in time-to-resume has elapsed.
max-burst-rate –Y
- SECURITY GUIDE 1
- Contents 3
- Related Documentation 7
- Part 1: Overview 8
- Figure 1: Net-SAFE Framework 9
- General Security Principles 10
- Monitor System Activity 11
- Session Border Controller 13
- Unified Session Manager 14
- Core Session Manager 15
- Session Router 16
- Realm Design Considerations 16
- Management Interfaces 17
- Passwords 18
- Boot Flags 18
- System ACLs 19
- Telnet/SSH 19
- FTP/SFTP 19
- GUI Management 19
- Resiliency 20
- Physical Link Redundancy 21
- Part 3: Security Features 22
- Security Specific Licenses 24
- Features 26
- Configuring AAA Integration 27
- SIP Interface Security 28
- Service ACLs 29
- TLS for SIP 31
- IPsec for SIP 33
- Call Admission Control (CAC) 34
- Media Policing 35
- DoS/DDoS Prevention 35
- Attack Tool Prevention 36
- Lawful Interception 36
- Part 4: Appendices 37
- Appendix B: Port Matrix 38
- Configuration Models: 40
- Supported platforms 40
- Configuration Parameters 40
- Realm Configuration 41
- SIP Interface 41
- Observations/Limitations 49
- Overview 61
- Deployment Archetypes 61
- Scanner Mitigation 63
- Peering Environments 68
- IDS License Details 70
- Dependencies 70
- Statistics 71
- SNMP MIB OIDS 71
- SNMP Traps 72
- Constraints Limiting 75
- Session-Constraints 75
- Rate constraints 76
- Message Rejections 78
- SNMP support 79
- Log Action 79
- Blacklist Table Maintentance 86
- SNMP OIDs 88
- System Management Statistics 88
- Realm Statistics 89
- Environmental Statistics 90
- Enterprise SNMP Traps 90
- SNMP Traps in HA environment 93
- Appendix I: Syslog 94
- Call Detail Records (CDR) 102
- Oracle SBC Security Guide 103
- System Statistics 106
- Application Statistics 106
- Introduction 108
- SRTP Topologies 108
- Requirements 110
- Design Aspects 111
- Secured/Unsecured Network 114
- Troubleshooting 122
- References 142
Relacionado con productos y manuales para Cortadoras De Césped RedMax EXtreme EX-LRT
Cortadoras De Césped RedMax GZ25N Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax CHT2301 Especificaciones
(36 paginas)
(36 paginas)
Cortadoras De Césped RedMax BC250 Especificaciones
(52 paginas)
(52 paginas)
Cortadoras De Césped RedMax HE2601 Especificaciones
(26 paginas)
(26 paginas)
Cortadoras De Césped RedMax CHT2200 Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax LRT2300 Especificaciones
(26 paginas)
(26 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.069 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales