RedMax EXtreme EX-LRT Instrukcja Naprawy Strona 70
- Strona / 142
- Spis treści
- ROZWIĄZYWANIE PROBLEMÓW
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
Oracle SBC Security Guide
Appendix F: Intrusion Detection System
The SBC supports intrusion detection and protection capabilities using anomaly based detection. SIP
messages are compared to their expected format per the SIP RFCs, and may be repaired or rejected based
on the severity of the issue and the settings defined by the administrator. The Intrusion Detection System
(IDS) provides notification of unexpected events using all of the SD’s configured monitoring methods,
though the amount of detail in each may vary. An optional IDS Reporting Feature Group license
introduced in S-CX6.3.0 provides additional detail for attempted intrusions and suspicious behavior.
This section details the security related events and statistics the SBC monitoring features can provide,
some of which may be used as input to a security monitoring platform. Some of the following information
may be partially repeated in other sections, however the intent is to provide further details and depict the
relationship of various indicators here.
IDS License Details
The S-CX6.3.0 release introduced the IDS Reporting Feature Group, which has the additional capabilities
described below.
Media manager configuration elements visible after installing the license:
o trap-on-demote-to-deny – controls traps for deny events
o trap-on-demote-to-untrusted (6.4 only) – controls traps for untrust demotion events
o syslog-on-demote-to-deny – controls syslogs for deny events
Access control list configuration elements visible after installing the license:
o cac-failure-threshold –contributes to demotion
o untrust-cac-failure-threshold –contributes to demotion
Endpoint demotions based on admission control failures
When the IDS license is installed, the apSysMgmtInetAddrWithReason-DOSTrap trap (described
below) is available and the apSysMgmtExpDOSTrap is disabled. Without an IDS license
installed, only the apSysMgmtExpDOSTrap trap is available.
Dependencies
On Net-Net 3800 systems, the DOS license must be installed in addition to the IDS license in order to
enable all features described in this section.
Endpoint Promotions and Demotions
Endpoints, irrespective of whether or not they are defined as session-agents are promoted/demoted
between hardware-enforced trusted, untrusted, and denied Access Control List traffic queues based on
trust level configuration. Static ACLs are also configurable to further classify signaling traffic as being
permanently assigned to the appropriate trust queue.
Trust is assigned through several mechanisms including the access-control-trust-level parameter of the
realm the session-agent or end point is a member of, trust-level of provisioned ACLs, and the allow-
anonymous setting on the applicable sip-interface.
The SBC will demote an endpoint if:
1. It receives too many signaling messages within the configured time window (maximum-signal-
threshold in the realm or static ACL)
2. It receives too many invalid signaling messages within the configured time window (invalid-
signal-threshold in the realm or static ACL)
- SECURITY GUIDE 1
- Contents 3
- Related Documentation 7
- Part 1: Overview 8
- Figure 1: Net-SAFE Framework 9
- General Security Principles 10
- Monitor System Activity 11
- Session Border Controller 13
- Unified Session Manager 14
- Core Session Manager 15
- Session Router 16
- Realm Design Considerations 16
- Management Interfaces 17
- Passwords 18
- Boot Flags 18
- System ACLs 19
- Telnet/SSH 19
- FTP/SFTP 19
- GUI Management 19
- Resiliency 20
- Physical Link Redundancy 21
- Part 3: Security Features 22
- Security Specific Licenses 24
- Features 26
- Configuring AAA Integration 27
- SIP Interface Security 28
- Service ACLs 29
- TLS for SIP 31
- IPsec for SIP 33
- Call Admission Control (CAC) 34
- Media Policing 35
- DoS/DDoS Prevention 35
- Attack Tool Prevention 36
- Lawful Interception 36
- Part 4: Appendices 37
- Appendix B: Port Matrix 38
- Configuration Models: 40
- Supported platforms 40
- Configuration Parameters 40
- Realm Configuration 41
- SIP Interface 41
- Observations/Limitations 49
- Overview 61
- Deployment Archetypes 61
- Scanner Mitigation 63
- Peering Environments 68
- IDS License Details 70
- Dependencies 70
- Statistics 71
- SNMP MIB OIDS 71
- SNMP Traps 72
- Constraints Limiting 75
- Session-Constraints 75
- Rate constraints 76
- Message Rejections 78
- SNMP support 79
- Log Action 79
- Blacklist Table Maintentance 86
- SNMP OIDs 88
- System Management Statistics 88
- Realm Statistics 89
- Environmental Statistics 90
- Enterprise SNMP Traps 90
- SNMP Traps in HA environment 93
- Appendix I: Syslog 94
- Call Detail Records (CDR) 102
- Oracle SBC Security Guide 103
- System Statistics 106
- Application Statistics 106
- Introduction 108
- SRTP Topologies 108
- Requirements 110
- Design Aspects 111
- Secured/Unsecured Network 114
- Troubleshooting 122
- References 142
Powiązane produkty i podręczniki dla Podkaszarki do trawy RedMax EXtreme EX-LRT
Podkaszarki do trawy RedMax GZ25N Dokumentacja
(32 strony)
(32 strony)
Podkaszarki do trawy RedMax CHT2301 Dokumentacja
(36 strony)
(36 strony)
Podkaszarki do trawy RedMax BC250 Dokumentacja
(52 strony)
(52 strony)
Podkaszarki do trawy RedMax HE2601 Dokumentacja
(26 strony)
(26 strony)
Podkaszarki do trawy RedMax CHT2200 Dokumentacja
(32 strony)
(32 strony)
Podkaszarki do trawy RedMax LRT2300 Dokumentacja
(26 strony)
(26 strony)
© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.122 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji