RedMax EXtreme EX-LRT Instrukcja Naprawy Strona 67
- Strona / 142
- Spis treści
- ROZWIĄZYWANIE PROBLEMÓW
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
Oracle SBC Security Guide
.
in-translationid
out-translationid
in-manipulationid addRouteHeader
Session Agent: A dummy Session Agent needs to be created with the state disabled. This is important so
that the Session Agent will reply with a 503 response to any request. The 503 response will then be
mapped to a new response code that can be easily dropped. A SIP Response Mapping is created to map
any 503 from this Session Agent to a 677 SIP response code. We use an error code that is not valid
according to RFCs so it can easily be distinguished from other traffic. Any 677 responses can then be
dropped at the SIP Interface level without dropping any valid 503 responses from other endpoints. The
SIP Response Mapping must be assigned in the Session Agent as shown below.
session-agent
hostname 10.11.12.13
ip-address
port 5060
state disabled
app-protocol SIP
transport-method UDP
realm-id *
.
.
.
local-response-map 503Rogue
SIP Response Mapping: A SIP Response Mapping must be configured to map 503 responses from this
Session Agent to a dummy response code (677). The response-map ACLI level can be found in
configuration mode under session-router > sip-response-map.
response-map
name 503Rogue
entries 503 -> 677 (Rogue)
SIP Interface: All SIP interfaces that receive messages from SIP scanners require the option
“dropResponse=677” to drop the 677 responses received from the dummy Session Agent.
sip-interface
state enabled
realm-id access
.
.
.
options dropResponse=677
Scanner Mitigation using DDoS Settings
The DDoS settings recommended in the appendices will protect the SBC, but more strict trust levels and
thresholds need to be defined to deny endpoints that are attempting to scan the system. To accomplish
this, the access-control-trust-level on the access realm-config must be configured to low, which will cause
endpoints to be blacklisted when they exceed thresholds. The untrusted-signal-threshold parameter
defines the threshold of SIP messages received within the global tolerance-window (set under media-
manager) before an untrusted user will be demoted to denied. The untrusted-signal-threshold should be
set to a value that is just greater than the number of messages required by an untrusted endpoint to
- SECURITY GUIDE 1
- Contents 3
- Related Documentation 7
- Part 1: Overview 8
- Figure 1: Net-SAFE Framework 9
- General Security Principles 10
- Monitor System Activity 11
- Session Border Controller 13
- Unified Session Manager 14
- Core Session Manager 15
- Session Router 16
- Realm Design Considerations 16
- Management Interfaces 17
- Passwords 18
- Boot Flags 18
- System ACLs 19
- Telnet/SSH 19
- FTP/SFTP 19
- GUI Management 19
- Resiliency 20
- Physical Link Redundancy 21
- Part 3: Security Features 22
- Security Specific Licenses 24
- Features 26
- Configuring AAA Integration 27
- SIP Interface Security 28
- Service ACLs 29
- TLS for SIP 31
- IPsec for SIP 33
- Call Admission Control (CAC) 34
- Media Policing 35
- DoS/DDoS Prevention 35
- Attack Tool Prevention 36
- Lawful Interception 36
- Part 4: Appendices 37
- Appendix B: Port Matrix 38
- Configuration Models: 40
- Supported platforms 40
- Configuration Parameters 40
- Realm Configuration 41
- SIP Interface 41
- Observations/Limitations 49
- Overview 61
- Deployment Archetypes 61
- Scanner Mitigation 63
- Peering Environments 68
- IDS License Details 70
- Dependencies 70
- Statistics 71
- SNMP MIB OIDS 71
- SNMP Traps 72
- Constraints Limiting 75
- Session-Constraints 75
- Rate constraints 76
- Message Rejections 78
- SNMP support 79
- Log Action 79
- Blacklist Table Maintentance 86
- SNMP OIDs 88
- System Management Statistics 88
- Realm Statistics 89
- Environmental Statistics 90
- Enterprise SNMP Traps 90
- SNMP Traps in HA environment 93
- Appendix I: Syslog 94
- Call Detail Records (CDR) 102
- Oracle SBC Security Guide 103
- System Statistics 106
- Application Statistics 106
- Introduction 108
- SRTP Topologies 108
- Requirements 110
- Design Aspects 111
- Secured/Unsecured Network 114
- Troubleshooting 122
- References 142
Powiązane produkty i podręczniki dla Podkaszarki do trawy RedMax EXtreme EX-LRT
Podkaszarki do trawy RedMax GZ25N Dokumentacja
(32 strony)
(32 strony)
Podkaszarki do trawy RedMax CHT2301 Dokumentacja
(36 strony)
(36 strony)
Podkaszarki do trawy RedMax BC250 Dokumentacja
(52 strony)
(52 strony)
Podkaszarki do trawy RedMax HE2601 Dokumentacja
(26 strony)
(26 strony)
Podkaszarki do trawy RedMax CHT2200 Dokumentacja
(32 strony)
(32 strony)
Podkaszarki do trawy RedMax LRT2300 Dokumentacja
(26 strony)
(26 strony)
© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.048 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji