Version 7.2 177 Mediant 1000B Gateway & E-SBC
User's Manual 13. Security
• Message flow tampering: This is a special case of DoS attacks. These attacks
disturb the ongoing communication between users. An attacker can then target
the connection by injecting fake signaling messages into the communication
channel (such as CANCEL messages).
• Message Flooding: The most common DoS attack is where an attacker sends a
huge amount of messages (e.g., INVITEs) to a target. The goal is to overwhelm
the target’s processing capabilities, thereby rendering the target inoperable.
SPAM over Internet Telephony (SPIT): VoIP spam is unwanted, automatically
dialed, pre-recorded phone calls using VoIP. It is similar to e-mail spam.
Theft of Service (ToS): Service theft can be exemplified by phreaking, which is a type
of hacking that steals service (i.e., free calls) from a service provider, or uses a service
while passing the cost to another person.
The IDS configuration is based on IDS Policies, where each policy can be configured with
a set of IDS rules. Each rule defines a type of malicious attack to detect and the number of
attacks during an interval (threshold) before an SNMP trap is sent. Each policy is then
applied to a target under attack (SIP interface) and/or source of attack (Proxy Set and/or
subnet address).
13.3.1 Enabling IDS
The following procedure describes how to enable IDS.
To enable IDS:
1. Open the IDS General Settings page (Setup menu > Signaling & Media tab >
Intrusion Detection folder >IDS General Settings).
Figure 13-3: Enabling IDS
2. From the 'Intrusion Detection System' drop-down list, select Enable.
3. Click Apply, and then reset the device with a save-to-flash for the setting to take
effect.
13.3.2 Configuring IDS Policies
Configuring IDS Policies is a two-stage process that includes the following tables:
1. IDS Policies (parent table): Defines a name and provides a description for the IDS
Policy. You can configure up to 20 IDS Policies.
2. IDS Rules table (child table): Defines the actual rules for the IDS Policy. Each IDS
Policy can be configured with up to 20 rules.
Note: A maximum of 100 IDS rules can be configured (regardless of how many rules
are assigned to each policy).
The device provides the following pre-configured IDS Policies that can be used in your
deployment (if they meet your requirements):
"DEFAULT_FEU": IDS Policy for far-end users in the WAN
To Next Page
Loading...
