You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 3
Next »
Purpose
This document provides a checklist to help with hardening
Unable to show "metadata-from": No such page "_space_variables"
against malicious network-based attacks.
Security Hardening Checklist
The following checklist provides a security hardening guide.
- Use latest versions of
Unable to show "metadata-from": No such page "_space_variables"
software. When new security vulnerabilities are reported in operating systems and common third-party software, Unable to show "metadata-from": No such page "_space_variables"
produces maintenance releases incorporating the fixes. - Configure Access Control Lists.
- Use TLS/SRTP for SIP/Media.
- Use TLS for signaling and SRTP for media. Do not use UDP/RTP for signaling and media because they are not encrypted.
- Some documentation links:
- Only use Certificates from Trusted CA. Do not use self-signed certificates (unless the systems with self-signed certificates are within your trusted network).
- Always use certificates from a trusted certificate authority, do not use self-signed certificates.
- Documentation Links:
- Enable enhanced password security for SBC operator accounts.
- By default, when new SBC operator accounts are created, enhanced security such as complex passwords, limited account duration, limiting the number of login sessions, etc., are not enforced. This must be enabled by the administrator to limit the number of malicious/unauthorized login attacks on the system.
- Documentation:
- If Active Directory is used, use TLS with Active Directory.
- Check if RADIUS is used for user authentication.
- Check if RADIUS CDR confidentiality is required
- If the ASM module is present, configure the ASM Firewall.
- If the ASM module is present, configure the ASM security template
Monitoring Security
Once the system is fully configured,the operator should periodically monitor the system. Many alarms supported by the system are triggered upon security events.
- Review system security logs and user-login activity.
- .Review web-access logs:
- Review alarms.