Page History

1. Configure the 

   Spacevars
   0 product

    to meet network user needs and to comply with enterprise security guidelines. You can deploy the

   Spacevars
   0 product

   either on the network edge using the built-in firewall, or in a DMZ behind an enterprise firewall. Take the appropriate actions to allow signaling and protocol/service traffic based on the SBC placement. 
    

• Prepare your Network for Upgrading to Teams

2. Address port, protocol, and service needs of all call flows when using the SBC Edge with Microsoft Teams on-premises.

Note: This step does not apply to SfB deployments.

• Configuring SBC Edge for Microsoft Teams Phone System Direct Routing On-Premises Deployment

• Running Microsoft Teams Direct Routing when SBC SWe Lite is Hosted in Azure

4. Use the latest versions of 

• Ribbon Support Portal - Download Center
• Installing and Upgrading the SBC 1000/2000
• Installing and Upgrading SBC SWe Lite

5. Configure Access Control Lists to prevent excessive unwanted traffic, such as Denial of Service (DoS) attacks on the 

• Managing Access Control Lists
• Creating and Modifying Rules for IPv4 Access Control Lists

6. Use TLS/SRTP for SIP/Media.

• • Use TLS for signaling and SRTP for media.
  • Do not use UDP/RTP for signaling and media because they are not encrypted.

• Managing TLS Profiles

• SBC ISDN To SIP Routing for Dummies - TLS
• Configuring SBC Edge for Standard and Mutual TLS Authentication
• Managing SDES-SRTP Profiles

 7. Only use Certificates from a trusted Certificate Authority (CA).

• • Always use certificates from a trusted CA.
  • Do not use self-signed certificates, or limit self-signed certificate use to scenarios for which the systems with the self-signed certificates are within a trusted network

• Working with Certificates

• Common Troubleshooting Issues with Certificates in SBC Edge

• • When new SBC operator accounts are created, enhanced security measures such as complex passwords, limited account duration, limiting the number of login sessions, etc., are not implemented by default.
  • Administrators must enable security measures supported on the SBC to deter malicious/unauthorized login attacks on the system.

Accounts and Passwords

• Managing Global Security Options

• Monitoring User Activity
• How do I find a logged in user's IP address

9. When configuring Active Directory services on 

• Configuring the SBC Edge for Active Directory

• How User Authentication Works
• Microsoft Article: Using TLS with Active Directory

10. Check whether RADIUS is used for user authentication and/or for Call Detail Records (CDRs). The RADIUS use applies to select employments where the customers send CDRs for protection, billing, and such.

• • Passwords are encrypted during RADIUS authentication process. However, RADIUS works on UDP and fields other than the user's credentials are not encrypted. Because RADIUS servers and the 

    Spacevars
    0 product

     are usually within the same trusted domain (inside corporate LAN protected by firewall or over VPN), this is not normally an issue.
  • If confidentiality is critical even inside the trusted domain, consider other options for user authentication.

• How User Authentication Works

• Configuring the SBC Edge for RADIUS
• RADIUS User Authentication Tips Using FreeRADIUS

• • RADIUS CDR transport is based on UDP and this data is not encrypted. However, RADIUS servers and 

    Spacevars
    0 product

     are usually within the same trusted domain (inside corporate LAN protected by firewall or over VPN), consequently this is not an issue.
  • If confidentiality is important inside the trusted domain, RADIUS should not be used.

• Configuring the SBC for CDR

• Configuring the SBC Edge for a Single CCE

• Configuring the SBC Edge for Two CCEs
• Troubleshooting Cloud Connector

13. If the ASM module is present, configure the ASM Firewall.

• Configuring the ASM Firewall

14. If the ASM module is present, configure the ASM security template.

• Applying an SBA Security Template