Version 6.6 305 October 2014
Installation & Operation Manual 33. Configuring Security Settings
33.1 Security Configuration Guidelines
The following guidelines are provided as a starting point for users who wish to
implement basic security features on the Mediant 8000 Media Gateway. For a detailed
description of each feature and for the additional security features, see the chapters
below.
To implement basic security features on the Mediant 8000:
1. Configure the Mediant 8000 to operate in a Secure Mode. See 'Secure Operation
Mode' on page 306 for details.
2. Configure the Mediant 8000 to use secure version of management protocol –
SNMPv3 or SNMPv2+IPSEC. Change default values of SNMP community strings
(for SNMPv2) and passwords (for SNMPv3). Modify configuration of the EMS
server and additional SNMP managers to match the new SNMP protocol
configuration. See 'Configuring Connectivity with EMS Server' on page 153 for
details.
3. Change passwords for all users on the Mediant 8000 CLI interface, including root
and ems user, Remove all unused CLI users. See 'Administering Media
Gateway's CLI Users on SC Boards' on page 361 for details.
4. Configure the Mediant 8000 to use a secure version of Call Control protocol.
Alternatively, use a dedicated subnet for transmitting the call control traffic and
implementing the appropriate security measurements and network level (e.g. by
using firewalls). See 'Configuring IPSEC/IKE for Call Control and Signaling
Interfaces (on TP boards)' on page 346 and 'SIP over SSL/TLS (SIPS)' on page
349 for details.
5. Configure the Mediant 8000 to use SRTP to secure Media traffic. Alternatively,
use a dedicated subnet for transmitting the media traffic and implement
appropriate security measurements and network level. See 'Media Security' on
page 350 for details.
After the initial configuration of the Mediant 8000 security features, the following
periodic maintenance tasks must be performed to ensure that the Mediant 8000
continues to operate in a secure manner. The frequency at which these tasks should
be performed is determined by security policy on site.
To ensure that the Mediant 8000 continues to operate in a secure manner,
perform the following periodic maintenance tasks:
1. Periodically inspect Mediant 8000 trap notifications for security alarms and
events. Take appropriate actions if needed.
2. Periodically change passwords for all users on the CLI interface (including root
and ems user) and delete unused CLI users.
3. Periodically change SNMP community strings (for SNMPv2) and passwords (for
SNMPv3).
4. Periodically change “pre-shared keys” used to secure call control and media
traffic.
5. Periodically upgrade the Media Gateway software to receive the latest security
fixes and OS patches.
To Next Page
Loading...
