RedMax EXtreme EX-LRT Guía para resolver problemas Pagina 62
- Pagina / 142
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Oracle SBC Security Guide
peering does happen over an untrusted network, such as OTT, the ACL entry drops incoming requests
from unknown sources.
It then falls to the operator to determine if their particular architecture might see SIP scans from behind a
trusted IP address. With multiple layers of NAT in IPv4 networks, it is always possible that messages are
transiting through a firewall or gateway rather than just an individual SIP proxy.
Access: Calls are sent directly from a SIP endpoint to the SBC. A SIP registration may be required to
authenticate and authorize the services available to the endpoint.
Access deployments will benefit the most from SIP scanner mitigation. This deployment model relies on
the ability for users to roam, so ACLs based on known IP addresses cannot be used. Access to the
network needs to be controlled via other means, usually through the use of a SIP registration.
Hybrid: Many networks have a mix of peering and access. In these cases, calls from remote subscribers
may be sent to a trusted peer such as a service provider.
Strategies for Mitigating Against SIP Scanners
Mitigation Strategies
Mitigation against SIP scanners can be provided through several complementary strategies.
1. Access Control: Ensure proper configuration to block unauthorized end-points. Proper
configuration of access control settings such as realm trust levels, access control lists (ACL), and
SIP port allow-anonymous settings can limit traffic to known session agents and/or registered
endpoints.
2. Threat Identification: Identify and drop messages from SIP scanners and avoid responding to
the sender whenever possible - fraudulent messages can be dropped based on patterns found in
the SIP messaging.
3. Enforcement: Limit attacks that cannot be identified as a scan from a known tool. Enforcement
of message thresholds (DoS configuration) can demote or blacklist endpoints that do not become
trusted or abuse their existing trust potentially limiting the damage of a scan.
Access Control
There are several types of access control that apply to deployments over untrusted networks.
Denial of Service Prevention: The section regarding DoS in this appendix covesr proper configuration of
access control parameters. Guidelines are provided for configuring trust levels, ACLs, allow-anonymous
settings, and message thresholds.
Signaling Authentication and Encryption: SIP can be encrypted using the Transport Layer Security
(TLS) protocol. If the connection is established using mutual certificate authentication, then a resulting
benefit is effective access control. During the TLS connection establishment, the endpoint verifies the
SBC certificate, and the SBC verifies the endpoint certificate was issued by a trusted Certificate Authority
(CA). That mutual authentication provides assurance that the device is legitimate, and not an attack tool.
When combined with the use of online certificate status protocol (OCSP), it is possible for administrators
to refuse network access to devices that are lost or have left the organization. If TLS with mutual
authentication is used, then the effects of all SIP scanning tools are mitigated.
- SECURITY GUIDE 1
- Contents 3
- Related Documentation 7
- Part 1: Overview 8
- Figure 1: Net-SAFE Framework 9
- General Security Principles 10
- Monitor System Activity 11
- Session Border Controller 13
- Unified Session Manager 14
- Core Session Manager 15
- Session Router 16
- Realm Design Considerations 16
- Management Interfaces 17
- Passwords 18
- Boot Flags 18
- System ACLs 19
- Telnet/SSH 19
- FTP/SFTP 19
- GUI Management 19
- Resiliency 20
- Physical Link Redundancy 21
- Part 3: Security Features 22
- Security Specific Licenses 24
- Features 26
- Configuring AAA Integration 27
- SIP Interface Security 28
- Service ACLs 29
- TLS for SIP 31
- IPsec for SIP 33
- Call Admission Control (CAC) 34
- Media Policing 35
- DoS/DDoS Prevention 35
- Attack Tool Prevention 36
- Lawful Interception 36
- Part 4: Appendices 37
- Appendix B: Port Matrix 38
- Configuration Models: 40
- Supported platforms 40
- Configuration Parameters 40
- Realm Configuration 41
- SIP Interface 41
- Observations/Limitations 49
- Overview 61
- Deployment Archetypes 61
- Scanner Mitigation 63
- Peering Environments 68
- IDS License Details 70
- Dependencies 70
- Statistics 71
- SNMP MIB OIDS 71
- SNMP Traps 72
- Constraints Limiting 75
- Session-Constraints 75
- Rate constraints 76
- Message Rejections 78
- SNMP support 79
- Log Action 79
- Blacklist Table Maintentance 86
- SNMP OIDs 88
- System Management Statistics 88
- Realm Statistics 89
- Environmental Statistics 90
- Enterprise SNMP Traps 90
- SNMP Traps in HA environment 93
- Appendix I: Syslog 94
- Call Detail Records (CDR) 102
- Oracle SBC Security Guide 103
- System Statistics 106
- Application Statistics 106
- Introduction 108
- SRTP Topologies 108
- Requirements 110
- Design Aspects 111
- Secured/Unsecured Network 114
- Troubleshooting 122
- References 142
Relacionado con productos y manuales para Cortadoras De Césped RedMax EXtreme EX-LRT
Cortadoras De Césped RedMax GZ25N Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax CHT2301 Especificaciones
(36 paginas)
(36 paginas)
Cortadoras De Césped RedMax BC250 Especificaciones
(52 paginas)
(52 paginas)
Cortadoras De Césped RedMax HE2601 Especificaciones
(26 paginas)
(26 paginas)
Cortadoras De Césped RedMax CHT2200 Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax LRT2300 Especificaciones
(26 paginas)
(26 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.051 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales