RedMax EXtreme EX-LRT Guía para resolver problemas Pagina 68
- Pagina / 142
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Oracle SBC Security Guide
become trusted through SIP registration. The untrusted-signal-threshold value should be confirmed by
collecting and analyzing a packet capture from the targeted network deployment. In many cases a
registration will be two or three messages, but endpoint behavior and requirements vary. When this
threshold is exceeded, the endpoint will be placed on the denied list for the amount of time defined in the
deny-period. This period should be determined based on your individual needs. Setting the deny period to
a long duration may cause problems for endpoints that simply entered an incorrect password or had a
connection issue with some packet loss.
The following parameters should also be customized to your needs based on expected call flows.
realm-config
identifier access
description Serving all access endpoints
.
.
.
access-control-trust-level low
invalid-signal-threshold 1
maximum-signal-threshold 4000
untrusted-signal-threshold 5
nat-trust-threshold 0
deny-period 120
Configure the media-manager settings per the recommendations in the DDoS prevention appendix that is
applicable for your architecture. The max-untrusted-signaling parameter will limit the amount of
untrusted traffic the SBC will process.
If any media-manager settings are changed you MUST save, activate, and reboot the SBC so they will
take effect.
Peering Environments
As noted earlier, this appendix does not focus on scanning attacks in SIP Peering environments. In these
environments it is recommended to create static ACLs with a trust level appropriate for the peer. It is
recommended when peering over a trusted network, such as an MPLS connection delivered from a
service provider, that a “high” trust level should be used. If your trust in the peer is not assured, it may be
appropriate to set trust level to “medium” or “low” so they will be limited or blacklisted for abuse. Keep
in mind that signaling thresholds will then need to be set on the realm.
The realm-config, access-control-trust-level should match the trust-level of the ACL so that all traffic
from any endpoint that does not have an ACL will be denied. Always make sure that the realm-id, source-
address, destination-address, and application-protocol are specified.
realm-config
identifier peer
description
addr-prefix 172.16.101.6
.
.
.
access-control-trust-level high
- SECURITY GUIDE 1
- Contents 3
- Related Documentation 7
- Part 1: Overview 8
- Figure 1: Net-SAFE Framework 9
- General Security Principles 10
- Monitor System Activity 11
- Session Border Controller 13
- Unified Session Manager 14
- Core Session Manager 15
- Session Router 16
- Realm Design Considerations 16
- Management Interfaces 17
- Passwords 18
- Boot Flags 18
- System ACLs 19
- Telnet/SSH 19
- FTP/SFTP 19
- GUI Management 19
- Resiliency 20
- Physical Link Redundancy 21
- Part 3: Security Features 22
- Security Specific Licenses 24
- Features 26
- Configuring AAA Integration 27
- SIP Interface Security 28
- Service ACLs 29
- TLS for SIP 31
- IPsec for SIP 33
- Call Admission Control (CAC) 34
- Media Policing 35
- DoS/DDoS Prevention 35
- Attack Tool Prevention 36
- Lawful Interception 36
- Part 4: Appendices 37
- Appendix B: Port Matrix 38
- Configuration Models: 40
- Supported platforms 40
- Configuration Parameters 40
- Realm Configuration 41
- SIP Interface 41
- Observations/Limitations 49
- Overview 61
- Deployment Archetypes 61
- Scanner Mitigation 63
- Peering Environments 68
- IDS License Details 70
- Dependencies 70
- Statistics 71
- SNMP MIB OIDS 71
- SNMP Traps 72
- Constraints Limiting 75
- Session-Constraints 75
- Rate constraints 76
- Message Rejections 78
- SNMP support 79
- Log Action 79
- Blacklist Table Maintentance 86
- SNMP OIDs 88
- System Management Statistics 88
- Realm Statistics 89
- Environmental Statistics 90
- Enterprise SNMP Traps 90
- SNMP Traps in HA environment 93
- Appendix I: Syslog 94
- Call Detail Records (CDR) 102
- Oracle SBC Security Guide 103
- System Statistics 106
- Application Statistics 106
- Introduction 108
- SRTP Topologies 108
- Requirements 110
- Design Aspects 111
- Secured/Unsecured Network 114
- Troubleshooting 122
- References 142
Relacionado con productos y manuales para Cortadoras De Césped RedMax EXtreme EX-LRT
Cortadoras De Césped RedMax GZ25N Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax CHT2301 Especificaciones
(36 paginas)
(36 paginas)
Cortadoras De Césped RedMax BC250 Especificaciones
(52 paginas)
(52 paginas)
Cortadoras De Césped RedMax HE2601 Especificaciones
(26 paginas)
(26 paginas)
Cortadoras De Césped RedMax CHT2200 Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax LRT2300 Especificaciones
(26 paginas)
(26 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.128 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales