RedMax EXtreme EX-LRT Guía para resolver problemas Pagina 61
- Pagina / 142
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Oracle SBC Security Guide
Appendix E: Mitigating SIP Attacks
Goals
The goal of this appendix is to provide configuration recommendations to be implemented on the Session
Border Controller (SBC) to reduce the negative effects of SIP scanning tools.
The configuration techniques described will reduce the impact of attacks by known tools. The intent is to
drop all packets received from these tools without responding wherever possible. This is not possible in
all cases. DDoS configuration adjustments will be recommended to reduce the impact of attacks on SBC
resources and allow uninterrupted service to legitimate, trusted users.
Overview
SIP scanning and attack tools employed by fraudsters may target specific IP address ranges directly, but
most tend to be random scans of a whole range of IP addresses. The scanning and attack methodology
seen most frequently includes:
1. OPTIONS - Discover whether a SIP process is open and listening by asking for supported SIP
options
2. INVITE - Check for an open service that will forward calls without authorization or challenge for
registration by sending an initial call request
3. INVITE or REGISTER – Send calls and/or user authentication requests; Based on the error
received it may be possible to enumerate user extensions, or in other words determine what
accounts are available for password cracking.
4. REGISTER - Guess weak or default passwords; The attacker sends tens, hundreds, or even
thousands of passwords per discovered extension until a password is found.
5. Start making calls. The attacker then registers a soft client and makes call attempts. The initial
call attempt may not work if a dial prefix is needed, so attackers try all of those until they get an
outside line
Most of the scanning tools such as SIPVicious, SIPScan, smap, and Sipsak are open source and freely
available. Other tools are used exclusively by specific segments of criminals. As of the end of 2012, 99%
of the attacks on customer systems and public SIP honeypots that we tracked were committed using an
open source tool with easily identifiable characteristics.
This appendix provides configuration recommendations and references for more detailed information
used to mitigate attacks by SIP scanning and attack tools. Several methods will be discussed since not all
solutions may be acceptable in all customer environments.
Deployment Archetypes
Oracle classifies SIP deployments in three different major archetypes:
Peering: Calls are sent from a SIP proxy to the SD. The proxy may host SIP user agents or analog
devices if a gateway function is provided. Peering is deployed either over a private network such as
MPLS from service provider to customer, or over-the-top (OTT) via the Internet.
Customers using SIP peering or “trunking” deployments can usually implement a combination of trusted
Session Agents (SA) and Access Control Lists (ACLs) to limit what remote IP addresses are able to
communicate with the SD. In a peering network there is an implicit level of trust since the remote IP
address is known and provisioned. When the trunk is delivered over a private network we are not usually
concerned with SIP scanning prevention since there is no direct Internet access. In deployments where
- SECURITY GUIDE 1
- Contents 3
- Related Documentation 7
- Part 1: Overview 8
- Figure 1: Net-SAFE Framework 9
- General Security Principles 10
- Monitor System Activity 11
- Session Border Controller 13
- Unified Session Manager 14
- Core Session Manager 15
- Session Router 16
- Realm Design Considerations 16
- Management Interfaces 17
- Passwords 18
- Boot Flags 18
- System ACLs 19
- Telnet/SSH 19
- FTP/SFTP 19
- GUI Management 19
- Resiliency 20
- Physical Link Redundancy 21
- Part 3: Security Features 22
- Security Specific Licenses 24
- Features 26
- Configuring AAA Integration 27
- SIP Interface Security 28
- Service ACLs 29
- TLS for SIP 31
- IPsec for SIP 33
- Call Admission Control (CAC) 34
- Media Policing 35
- DoS/DDoS Prevention 35
- Attack Tool Prevention 36
- Lawful Interception 36
- Part 4: Appendices 37
- Appendix B: Port Matrix 38
- Configuration Models: 40
- Supported platforms 40
- Configuration Parameters 40
- Realm Configuration 41
- SIP Interface 41
- Observations/Limitations 49
- Overview 61
- Deployment Archetypes 61
- Scanner Mitigation 63
- Peering Environments 68
- IDS License Details 70
- Dependencies 70
- Statistics 71
- SNMP MIB OIDS 71
- SNMP Traps 72
- Constraints Limiting 75
- Session-Constraints 75
- Rate constraints 76
- Message Rejections 78
- SNMP support 79
- Log Action 79
- Blacklist Table Maintentance 86
- SNMP OIDs 88
- System Management Statistics 88
- Realm Statistics 89
- Environmental Statistics 90
- Enterprise SNMP Traps 90
- SNMP Traps in HA environment 93
- Appendix I: Syslog 94
- Call Detail Records (CDR) 102
- Oracle SBC Security Guide 103
- System Statistics 106
- Application Statistics 106
- Introduction 108
- SRTP Topologies 108
- Requirements 110
- Design Aspects 111
- Secured/Unsecured Network 114
- Troubleshooting 122
- References 142
Relacionado con productos y manuales para Cortadoras De Césped RedMax EXtreme EX-LRT
Cortadoras De Césped RedMax GZ25N Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax CHT2301 Especificaciones
(36 paginas)
(36 paginas)
Cortadoras De Césped RedMax BC250 Especificaciones
(52 paginas)
(52 paginas)
Cortadoras De Césped RedMax HE2601 Especificaciones
(26 paginas)
(26 paginas)
Cortadoras De Césped RedMax CHT2200 Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax LRT2300 Especificaciones
(26 paginas)
(26 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.077 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales