In this section:
This document provides a checklist to help with hardening SBC Edge against malicious network-based attacks.
The following table provides a checklist for security hardening.
Step | Component(s) | More Information |
---|---|---|
| Firewall and DMZ | |
2. Address port, protocol, and service needs of all call flows when using the SBC Edge with Microsoft Teams on-premises. Note: This step does not apply to SfB deployments. | Teams | |
3. Address port, protocol, and service needs of all call flows when running Microsoft Teams and SBC SWe Lite hosted in Azure. | Teams | |
4. Use the latest versions of SBC Edge software; maintenance releases include fixes for known vulnerabilities in operating systems and common third-party software. | software updates | |
5. Configure Access Control Lists to prevent excessive unwanted traffic, such as Denial of Service (DoS) attacks on the SBC Edge. | SBC ACLs | |
6. Use TLS/SRTP for SIP/Media.
| Protocols | |
7. Only use Certificates from a trusted Certificate Authority (CA).
| Certificates | |
8. Enable enhanced password security for SBC operator accounts.
| Accounts and Passwords | |
9. When configuring Active Directory services on SBC Edge, use TLS with Active Directory.
| Active Directory | |
10. Check whether RADIUS is used for user authentication and/or for Call Detail Records (CDRs). The RADIUS use applies to select employments where the customers send CDRs for protection, billing, and such.
| RADIUS | |
11. Check whether RADIUS CDR confidentiality is required.
| CDRs | |
12. For CCE deployments, configure firewall settings as recommended. | CCE |
|
13. If the ASM module is present, configure the ASM Firewall. | ASM | |
14. If the ASM module is present, configure the ASM security template. | ASM |
Once the system is fully configured,the operator should periodically monitor the system. Many alarms supported by the system are triggered upon security events.