User`s manual
Table Of Contents
- Mediant 2000 & TP-1610 & TP-260/UNI SIP User’s Manual Version 5.0
- Table of Contents
- List of Figures
- List of Tables
- Notices
- 1. Overview
- 2. Physical Description
- 3. Installation
- 4. Getting Started
- 5. Web Management
- Computer Requirements
- Protection and Security Mechanisms
- Accessing the Embedded Web Server
- Getting Acquainted with the Web Interface
- Protocol Management
- Advanced Configuration
- Status & Diagnostic
- Software Update Menu
- Maintenance
- Logging Off the Embedded Web Server
- 6. Gateway's ini File Configuration
- Secured ini File
- Modifying an ini File
- The ini File Content
- The ini File Structure
- The ini File Example
- Networking Parameters
- System Parameters
- Web and Telnet Parameters
- Security Parameters
- RADIUS Parameters
- SNMP Parameters
- SIP Configuration Parameters
- Voice Mail Parameters
- ISDN and CAS Interworking-Related Parameters
- Number Manipulation and Routing Parameters
- E1/T1 Configuration Parameters
- Channel Parameters
- Configuration Files Parameters
- 7. Using BootP / DHCP
- 8. Telephony Capabilities
- Working with Supplementary Services
- Configuring the DTMF Transport Types
- Fax & Modem Transport Modes
- Event Notification using X-Detect Header
- ThroughPacket™
- Dynamic Jitter Buffer Operation
- Configuring the Gateway’s Alternative Routing (based on Conn
- Call Detail Report
- Supported RADIUS Attributes
- Trunk to Trunk Routing Example
- Proxy or Registrar Registration Example
- SIP Call Flow Example
- SIP Authentication Example
- 9. Networking Capabilities
- 10. Advanced PSTN Configuration
- 11. Advanced System Capabilities
- 12. Special Applications
- 13. Security
- 14. Diagnostics
- 15. SNMP-Based Management
- SNMP Standards and Objects
- Carrier Grade Alarm System
- Cold Start Trap
- Third-Party Performance Monitoring Measurements
- TrunkPack-VoP Series Supported MIBs
- Traps
- SNMP Interface Details
- SNMP Manager Backward Compatibility
- Dual Module Interface
- SNMP NAT Traversal
- SNMP Administrative State Control
- AudioCodes’ Element Management System
- 16. Configuration Files
- Appendix A. Selected Technical Specifications
- Appendix B. Supplied SIP Software Kit
- Appendix C. SIP Compliance Tables
- Appendix D. The BootP/TFTP Configuration Utility
- Appendix E. RTP/RTCP Payload Types and Port Allocation
- Appendix F. RTP Control Protocol Extended Reports (RTCP-XR)
- Appendix G. Accessory Programs and Tools
- Appendix H. Release Reason Mapping
- Appendix I. SNMP Traps
- Appendix J. Installation and Configuration of Apache HTTP Server
- Appendix K. Regulatory Information
SIP User's Manual 13. Security
Version 5.0 301 October 2006
13.7 Recommended Practices
To improve network security, the following guidelines are recommended when configuring
the gateway:
Set the password of the primary web user account (refer to Section 5.6.8.1 on page
98) to a unique, hard-to-hack string. Do not use the same password for several
devices as a single compromise may lead to others. Keep this password safe at all
times and change it frequently.
If possible, use a RADIUS server for authentication. RADIUS allows you to set
different passwords for different users of the gateway, with centralized management of
the password database. Both Web and Telnet interfaces support RADIUS
authentication (refer to Section 13.3 on page 294).
If the number of users that access the Web and Telnet interfaces is limited, you can
use the ‘Web and Telnet Access List’ to define up to ten IP addresses that are
permitted to access these interfaces. Access from an undefined IP address is denied
(refer to Section 5.6.8.2 on page 100).
Use IPSec to secure traffic to all management and control hosts. Since IPSec
encrypts all traffic, hackers cannot capture sensitive data transmitted on the network,
and malicious intrusions are severely limited.
Use HTTPS when accessing the Web interface. Set HTTPSOnly to 1 to allow only
HTTPS traffic (and block port 80). If you don't need the Web interface, disable the
Web server (DisableWebTask).
If you use Telnet, do not use the default port (23). Use SSL mode to protect Telnet
traffic from network sniffing.
If you use SNMP, do not leave the community strings at their default values as they
can be easily guessed by hackers (refer to Section 15.7.1 on page 316).
Use a firewall to protect your VoIP network from external attacks. Network robustness
may be compromised if the network is exposed to Denial of Service (DoS) attacks.
DoS attacks are mitigated by Stateful firewalls. Do not allow unauthorized traffic to
reach the gateway.
13.8 Legal Notice
By default, the gateway supports export-grade (40-bit and 56-bit) encryption due to US
government restrictions on the export of security technologies. To enable 128-bit and 256-
bit encryption on your device, contact your AudioCodes representative.
This product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit (www.openssl.org
)
This product includes cryptographic software written by Eric Young' (eay@cryptsoft.com
).