manualshive.com logo in svg

Allo.com Shield STM, User Manual

Introducing the Allo.com Shield STM - a revolutionary device ensuring seamless connectivity! Find all the information you need in the comprehensive User Manual available for free download on our website. Discover the features and functionalities that make the Shield STM a must-have for professionals. Get your User Manual at manualshive.com.

Share
Download
background image

 

   

Summary of Contents for Shield STM

Page 1: ......

Page 2: ...User Manual Shield STM Appliance 1 0 Version 1 0 ...

Page 3: ...3 Configuring the Device 9 3 1 General Settings 10 3 2 Time Settings 11 3 3 Management Access 11 3 4 Signature Update 12 3 5 Logging 13 4 Configuring the SIP Security Policies 14 4 1 SIP Security Settings 14 4 2 DPI Signatures 14 4 3 Firewall Rules 16 4 4 White list Rules 16 4 5 Blacklist Rules Static 17 4 6 Dynamic Blacklist Rules 18 4 7 Geo IP Filter 18 5 Status 19 5 1 Security Alerts 19 6 Devic...

Page 4: ...User Manual v1 0 www shield com 1 6 4 Traceroute 22 6 5 Troubleshooting 22 6 6 Firmware Upgrade 23 ...

Page 5: ...urability of detection parameters Detection and Prevention of the following categories of SIP based Attacks Reconnaissance attacks SIP Devices Fingerprinting User enumeration Password Cracking Attempt Dos DDos Attacks Cross Site Scripting based attacks Buffer overflow attacks SIP Anomaly based attacks 3rd Party vendor vulnerabilities Toll Fraud detection and prevention Protection against VOIP Spam...

Page 6: ...n the device No administrator intervention is required to operate the device with default configuration USB based power supply Optional support for security events logging on the USB based storage Technical Specifications Functional Mode Transparent Firewall with SIP Deep Packet Engine SIP Intrusion Prevention 400 SIP Attack Signatures Support Throughput 10Mbps No of concurrent calls supports 50 c...

Page 7: ...Deployment Scenario 1 Note Some of the PBX Gateway devices may have an exclusive LAN Mgmt Interface for device management purpose other than the Data Interface also referred as WAN Public Interface In such cases LAN port of the STM should be connected to the Data Interface WAN Public Interface Deployment Scenario 2 In the case of PBX deployed in the LAN Setup the following setup is recommended as ...

Page 8: ...wall with Deep Packet Inspection enabled on the SIP traffic By default the appliance has been made to acquire the IP Address via DHCP The device has been made to be fully functional with the default configuration However if the user needs to tune the device settings the DPI policies user can tune the configuration via the Device WebUI Important Note a We strongly recommend you to change the Nano2P...

Page 9: ...rom the Shield command prompt execute the following command to view the IP Address acquired by the device shield show ip Now you can access the device from the browser using the URL as given below https device ip Note The WebUI has been made accessible only via HTTPS The Device WebUI Server has been made to use Self signed PKI Certificate Thus the browser will prompt to accept the self signed cert...

Page 10: ...sion has been made to time out and if the user does not enter the login credentials for 30 seconds and will redirect to the informational page The user can click the hyperlink named as login appearing on the information page to visit the login page again If somebody is already logged in to STM WebUI session the subsequent attempts to login will notify the details previous login session as illustra...

Page 11: ...l automatically terminated and browser will be redirected to login page again 2 5 WebUI Settings To change the WebUI settings click the settings icon that appears top right corner below the Apply Changes button The WebUI settings dialog will be displayed on the browser and allow the administrator to configure WebUI session timeout WebUI login password To configure the WebUI login password the user...

Page 12: ...e refresh icon and Setting icon On clicking the page refresh button the main content area in the current page will be refreshed On clicking settings icon the pop menu which contains menu options logout WebUI settings will be shown System Status Panel shows Device up time Memory Usage Flash Usage CPU Usage Sig Update Version Panel shows STM Signature version and Release State Network Status Panel s...

Page 13: ... pages and click the Save button the settings will be saved in a temporary buffer location on the device On saving the configuration changes the Apply Changes button that appears in the right top corner will be enabled the Ignore Changes button will appears next The number of configuration changes will appear on the immediate left to the Apply Changes button To view the details of the configuratio...

Page 14: ...ation element to the inappropriate value then the tooltip icon that appears next to each configuration element will provide the details on the error On clicking the help icon that appears next to the configuration title the help section corresponding the current configuration page will be launched 3 1 General Settings The General settings page will allow configuring the host network settings of th...

Page 15: ...e time settings timezone should be set on the device for the correct timestamp to appear on the SIP security alerts generated by the device 3 3 Management Access The access the STM Device management SSH CLI WebUI Access can be restricted with the management access filters By default the access has been allowed to any global address and management vlan network configuration configure on the device ...

Page 16: ...update select the checkbox enable update on the device and configure the signature update schedule The valid subscription key and correct signature update url should be configured for the signature update to happen To update the signatures on the device instantaneously Click Update Signatures now button Note When the user buys the STM appliance the device will be shipped with the SIP signatures th...

Page 17: ...ministrator can configure the STM appliance to send the security alerts generated on detecting the SIP based attacks to the remote syslog server The logging page will allow enable disable the remote logging of security alerts and to which syslog server the security alerts are to be forwarded ...

Page 18: ...uring the SIP ports on which the SIP DPI happens RTP ports in use in the target deployment 4 2 DPI Signatures The SIP DPI Configuration page allows toe configure the SIP Deep packet Inspection rules categories The administrator can enable disable the inspection against particular category of rules action to be taken on detecting attacks matching the rules in the categories The possible actions tha...

Page 19: ... Scanning Log the alert Block the attack Blacklist attacker ip SIP Dos Attacks Log the alert Block the attack Blacklist attacker ip Threshold Intervel SIP DDos Attacks Log the alert Block the attack Blacklist attacker ip Threshold Intervel SIP Anomaly attacks Log the alert Block the attack Blacklist attacker ip SIP Buffer overflow attacks Log the alert Block the attack Blacklist attacker ip SIP Cr...

Page 20: ...ia in the filtering rule and action to be taken on matching the filtering rule The possible actions are to block the traffic and allow the traffic on matching the filtering rule The rules precedence will be in the order in which the rules configured on firewall rules table 4 4 White list Rules This page allows to configure the white listed ip addresses in the untrusted wan zone from which the acce...

Page 21: ...e the black listed ip addresses in the untrusted wan zone from which the access to communicate with the protected SIP network will be blocked by the STM firewall This page will also allows configuring whether the white rules take precedence over the blacklist rules both static and dynamic configured on the device at any instant ...

Page 22: ...n detecting the attack The dynamic blacklist rules will allow the administrator to see the dynamic blacklist rules currently configured on the device at any instant In case if the administrator wants to override and allow the traffic from particular blacklisted ip he can delete the rule from the dynamic blacklist rules page 4 7 Geo IP Filter The administrator can choose to block the traffic origin...

Page 23: ...SV format is available in the page Note Unless the user configures to forward the security alerts to remote syslog server the security alerts are not persisted permanently on the device The logging buffer location will be flushed at the predefined interval not configurable will once the logging threshold criteria met However if the administrator wants to persist the alerts into an usb storage he s...

Page 24: ... button and will be prompted login once the device comes up with the default configuration The STM appliances support taking the configuration backup and restore the configuration later Note The configuration backup will contain the lastly persisted configuration If there are any transient changes that are yet to be applied while taking the backup those configuration changes will not be included i...

Page 25: ...administrator can download the reports by clicking the Get Report button and send the report to Allo Shield Support team 6 3 Ping The administrator can troubleshoot the network connectivity issues with running ping from the STM device The administrator needs to enter the IP address that needs to be pinged from the STM appliance ping count and click the Ping button to run the task The ping results ...

Page 26: ...device The administrator needs to enter the IP address to which the route needs to be traced from the STM appliance hop count and click the Traceroute button to run the task The traceroute results will be displayed in the text area once the traceroute task is complete 6 5 Troubleshooting This page will allow disable enable the DPI on the STM appliance for troubleshooting purposes ...

Page 27: ... package from Allo Shield website and keep it your local system From the browser in your local system login to STM WebUI and launch the STM firmware upgrade page Click the Browse in the firmware page and select the STM firmware update package file that you saved in your local system After selecting the file click the Upgrade button The device will verify the firmware uploaded and install After ins...

Reviews:

No comments

Related manuals for Shield STM

Iget C210 Quick Start Manual preview
C210
Brand: Iget Pages: 7
Vega ATEX Safety Instructions preview
ATEX
Brand: Vega Pages: 68
Panasonic KX-TDA50 Pc Programming Manual preview
KX-TDA50
Brand: Panasonic Pages: 722
KBS CD 290 Instruction Manual preview
CD 290
Brand: KBS Pages: 37
Aastra 392 User Manual preview
392
Brand: Aastra Pages: 28
HAGENUK CD 150 Bedienungsanleitung preview
CD 150
Brand: HAGENUK Pages: 76
Garland ECO Parts List preview
ECO
Brand: Garland Pages: 36
4MOMS RockaRoo Instruction Manual preview
RockaRoo
Brand: 4MOMS Pages: 20
Karel FT10 Technical Reference And User'S Manual preview
FT10
Brand: Karel Pages: 72
PACIFIC CYCLE none Owner'S Manual preview
none
Brand: PACIFIC CYCLE Pages: 112
E+E Elektronik EE371 User Manual preview
EE371
Brand: E+E Elektronik Pages: 14
E+E Elektronik EE240 Manual preview
EE240
Brand: E+E Elektronik Pages: 26
E+E Elektronik EE240 Operating Manual preview
EE240
Brand: E+E Elektronik Pages: 28
E+E Elektronik EE371 Quick Manual preview
EE371
Brand: E+E Elektronik Pages: 2
BW 10022875 Quick Start Manual preview
10022875
Brand: BW Pages: 8
Easiphone C03 User Manual preview
C03
Brand: Easiphone Pages: 13
EarthX ETX900-TSO Instructions Manual preview
ETX900-TSO
Brand: EarthX Pages: 17
EarthX ETX Series Installation & Maintenance Manual preview
ETX Series
Brand: EarthX Pages: 23

Brands by name

Popular brands

Load more brands