EasyManuals Logo

AudioCodes Mediant 2000 User Manual

AudioCodes Mediant 2000
702 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #144 background imageLoading...
Page #144 background image
User's Manual 144 Document #: LTRT-68822
Mediant 2000
12.4 Intrusion Detection System
The device can be configured to detect malicious attacks on its system and send SNMP
traps if malicious activity is identified. The Intrusion Detection System (IDS) is an important
feature for Enterprises to ensure legitimate calls are not being adversely affected by
attacks and to prevent Theft of Service and unauthorized access. If, for example, you
identify the source (IP address) of the attack, you can add that source to your blacklist to
prevent it from accessing your device.
There are many types of malicious attacks, the most common being:
Denial of service: This can be Denial of Service (DoS) where an attacker wishing to
prevent a server from functioning correctly directs a large amount of requests
sometimes meaningless and sometimes legitimate, or it can be Distributed Denial of
Service (DDoS) where the attacker controls a large group of systems to coordinate a
large scale DoS attack against a system:
Message payload tampering: Attacker may inject harmful content into a message,
e.g., by entering meaningless or wrong information, with the goal of exploiting a
buffer overflow at the target. Such messages can be used to probe for
vulnerabilities at the target.
Message flow tampering: This is a special case of DoS attacks. These attacks
disturb the ongoing communication between users. An attacker can then target
the connection by injecting fake signaling messages into the communication
channel (such as CANCEL messages).
Message Flooding: The most common DoS attack is where an attacker sends a
huge amount of messages (e.g., INVITEs) to a target. The goal is to overwhelm
the target’s processing capabilities, thereby rendering the target inoperable.
SPAM over Internet Telephony (SPIT): VoIP spam is unwanted, automatically
dialed, pre-recorded phone calls using VoIP. It is similar to e-mail spam.
Theft of Service (ToS): Service theft can be exemplified by phreaking, which is a type
of hacking that steals service (i.e., free calls) from a service provider, or uses a service
while passing the cost to another person.
The IDS configuration is based on IDS Policies, where each policy can be configured with
a set of IDS rules. Each rule defines a type of malicious attack to detect and the number of
attacks during an interval (threshold) before an SNMP trap is sent. Each policy is then
applied to a target under attack (SIP interface) and/or source of attack (Proxy Set and/or
subnet address).
12.4.1 Enabling IDS
The procedure below describes how to enable IDS.
To enable IDS:
1. Open the IDS Global Parameters page (Configuration tab > VoIP menu > Security >
Intrusion Detection and Prevention > Global Parameters).
Figure 12-5: Enabling IDS on IDS Global Parameters Page
2. From the 'Intrusion Detection System' drop-down list, select Enable.
3. Reset the device with a burn-to-flash for the setting to take effect (see Saving
Configuration).

Table of Contents

Other manuals for AudioCodes Mediant 2000

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the AudioCodes Mediant 2000 and is the answer not in the manual?

AudioCodes Mediant 2000 Specifications

General IconGeneral
BrandAudioCodes
ModelMediant 2000
CategoryGateway
LanguageEnglish

Related product manuals