Version 6.6
305
October 2014
Installation & Operation Manual
33. Configuring Security Settings
33.1
Security Configuration Guidelines
The following guidelines are provided as a starting point for users who wish to
implement basic security features on the Mediant 8000 Media Gateway. For a detailed
description of each feature and for the additional security features, see the chapters
below.
To implement basic security features on the Mediant 8000:
1.
Configure the Mediant 8000 to operate in a Secure Mode. See 'Secure Operation
Mode' on page
2.
Configure the Mediant 8000 to use secure version of management protocol –
SNMPv3 or IPSEC. Change default values of SNMP community strings
(for SNMPv2) and passwords (for SNMPv3). Modify configuration of the EMS
server and additional SNMP managers to match the new SNMP protocol
configuration. See 'Configuring Connectivity with EMS Server' on page
details.
3.
Change passwords for all users on the Mediant 8000 CLI interface, including
root
and
ems
user, Remove all unused CLI users. See 'Administering Media
Gateway's CLI Users on SC Boards' on page
4.
Configure the Mediant 8000 to use a secure version of Call Control protocol.
Alternatively, use a dedicated subnet for transmitting the call control traffic and
implementing the appropriate security measurements and network level (e.g. by
using firewalls). See 'Configuring IPSEC/IKE for Call Control and Signaling
Interfaces (on TP boards)' on page
and 'SIP over SSL/TLS (SIPS)' on page
5.
Configure the Mediant 8000 to use SRTP to secure Media traffic. Alternatively,
use a dedicated subnet for transmitting the media traffic and implement
appropriate security measurements and network level. See 'Media Security' on
page
After the initial configuration of the Mediant 8000 security features, the following
periodic maintenance tasks must be performed to ensure that the Mediant 8000
continues to operate in a secure manner. The frequency at which these tasks should
be performed is determined by security policy on site.
To ensure that the Mediant 8000 continues to operate in a secure manner,
perform the following periodic maintenance tasks:
1.
Periodically inspect Mediant 8000 trap notifications for security alarms and
events. Take appropriate actions if needed.
2.
Periodically change passwords for all users on the CLI interface (including
root
and
ems
user) and delete unused CLI users.
3.
Periodically change SNMP community strings (for SNMPv2) and passwords (for
SNMPv3).
4.
Periodically change “pre-shared keys” used to secure call control and media
traffic.
5.
Periodically upgrade the Media Gateway software to receive the latest security
fixes and OS patches.
Summary of Contents for Mediant 8000
Page 2: ......
Page 33: ...Part I Hardware Overview This part describes the hardware overview of the Mediant 8000 chassis...
Page 34: ......
Page 90: ......
Page 158: ......
Page 264: ......
Page 546: ......
Page 775: ...Part VI Maintenance This part describes the Mediant 8000 maintenance procedures...
Page 776: ......
Page 834: ......
Page 879: ...Part VIII Appendices This part describes additional Mediant 8000 configuration procedures...
Page 880: ......
Page 924: ...Media Gateway Mediant 8000 www audiocodes com Installation Operation Maintenance Manual...