You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

On This Page

Purpose

This document provides a checklist to help with hardening 

Unable to show "metadata-from": No such page "_space_variables"
against malicious network-based attacks.

Security Hardening Checklist

The following checklist provides a security hardening guide.

  1. Use latest versions of 
    Unable to show "metadata-from": No such page "_space_variables"
    software. When new security vulnerabilities are reported in operating systems and common third-party software, Sonus produces maintenance releases incorporating the fixes.
  2. Configure Access Control Lists.
  3. Use TLS/SRTP for SIP/Media.
  4. Only use Certificates from Trusted CA. Do not use self-signed certificates (unless the systems with self-signed certificates are within your trusted network).
  5. Enable enhanced password security for SBC operator accounts.
  6. If Active Directory is used, use TLS with Active Directory.
  7. Check if RADIUS is used for user authentication.
    • Passwords are encrypted during RADIUS authentication process. However, RADIUS works on UDP and fields other than the user's credentials are not encrypted. RADIUS servers and the
      Unable to show "metadata-from": No such page "_space_variables"
      are usually within the same trusted domain (inside corporate LAN protected by firewall or over VPN) and so this is not an issue at all. However, if confidentiality is important even inside the trusted domain, RADIUS should not be used.
    • Documentation links:
  8. Check if RADIUS CDR confidentiality is required
    • RADIUS CDR transport is based on UDP and this data is not encrypted. In all cases however, RADIUS servers and 
      Unable to show "metadata-from": No such page "_space_variables"
      are usually within the same trusted domain (inside corporate LAN protected by firewall or over VPN), consequently this is not an issue. However, if confidentiality is important inside the trusted domain, RADIUS should not be used.
    • Documentation link:
  9. If the ASM module is present, configure the ASM Firewall.
  10. If the ASM module is present, configure the ASM security template

Monitoring Security

Once the system is fully configured,the operator should periodically monitor the system. Many alarms supported by the system are triggered upon security events.

  1. Review system security logs and user-login activity.
  2. .Review web-access logs:
  3. Review alarms.

 

  • No labels