User's Manual 176 Document #: LTRT-27055
Mediant 1000B Gateway & E-SBC
4. Configure various SIPS parameters in the Security Settings page (Setup menu > IP
Network tab > Security folder > Security Settings).
Figure 13-2: Configuring TLS
For a description of the TLS parameters, see ''TLS Parameters'' on page 1039.
5. By default, the device initiates a TLS connection only for the next network hop. To
enable TLS all the way to the destination (over multiple hops), configure the 'Enable
SIPS' (EnableSIPS) parameter to Enable on the Transport Settingspage (Setup menu
> Signaling & Media tab > SIP Definitions folder > Transport Settings):
13.3 Intrusion Detection System
The device's Intrusion Detection System (IDS) feature detects malicious attacks on the
device and reacts accordingly. A remote host is considered malicious if it has reached or
exceeded a user-defined threshold (counter) of specified malicious attacks.
If malicious activity is detected, the device can do the following:
Block (blacklist) remote hosts (IP addresses / ports) considered by the device as
malicious. The device automatically blacklists the malicious source for a user-defined
period after which it is removed from the blacklist.
Send SNMP traps to notify of malicious activity and/or whether an attacker has been
added to or removed from the blacklist. For more information, see ''Viewing IDS
Alarms'' on page
183.
The Intrusion Detection System (IDS) is an important feature for Enterprises to ensure
legitimate calls are not being adversely affected by attacks and to prevent Theft of Service
and unauthorized access.
There are many types of malicious attacks, the most common being:
Denial of service: This can be Denial of Service (DoS) where an attacker wishing to
prevent a server from functioning correctly directs a large amount of requests –
sometimes meaningless and sometimes legitimate, or it can be Distributed Denial of
Service (DDoS) where the attacker controls a large group of systems to coordinate a
large scale DoS attack against a system:
• Message payload tampering: Attacker may inject harmful content into a message,
e.g., by entering meaningless or wrong information, with the goal of exploiting a
buffer overflow at the target. Such messages can be used to probe for
vulnerabilities at the target.
To Next Page
Loading...
