Add_workflow_for_techpubs | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Section | ||||
---|---|---|---|---|
|
...
|
This document provides a checklist to help with hardening
Spacevars | ||
---|---|---|
|
The following
...
table provides a
...
checklist for security hardening.
Step | Component(s) | More Information | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
| Firewall and DMZ | |||||||||
2. Address port, protocol, and service needs of all call flows when using the SBC Edge with Microsoft Teams on-premises. Note: This step does not apply to SfB deployments. | Teams | |||||||||
3. Address port, protocol, and service needs of all call flows when running Microsoft Teams and SBC SWe Lite hosted in Azure. | Teams | |||||||||
4. Use the latest versions of
|
...
software; maintenance releases include fixes for known vulnerabilities in operating systems and common third-party software |
...
Spacevars | ||
---|---|---|
|
...
. | software updates | |
5. Configure Access Control Lists |
...
to prevent excessive |
...
unwanted traffic |
...
, such as Denial of Service (DoS) attacks on the
|
...
...
SBC ACLs | |
6. Use TLS/SRTP for SIP/Media.
|
...
Protocols | |
7. Only use Certificates from |
...
a trusted Certificate Authority (CA).
|
...
|
...
|
...
Certificates |
...
...
8. Enable enhanced password security for SBC operator accounts. |
...
|
...
|
...
...
9. When configuring Active Directory services |
...
on
|
...
...
10. Check whether RADIUS is used for user authentication and/or for Call Detail Records (CDRs). The RADIUS use applies to select employments where the customers send CDRs for protection, billing, and such.
|
...
|
...
|
...
|
...
|
...
|
...
| RADIUS |
...
...
whether RADIUS CDR confidentiality is required.
|
...
|
...
|
...
|
...
CDRs | ||
12. For CCE deployments, configure firewall settings as recommended. | CCE |
|
13. If the ASM module is present, configure the ASM Firewall. |
...
ASM | |
14. If the ASM module is present, configure the ASM security template. |
...
Once the system is fully configured,the operator should periodically monitor the system. Many alarms supported by the system are triggered upon security events.
Pagebreak |
---|