Manualshelf

User`s manual

ManualsBrandsAudioCodes ManualsAcousticsMEDIAPACK VERSION 6.2
211212213214215216217218219220
MediaPack SIP User’s Manual 12. Security (MP-11x Only)
Version 4.6 219 June 2005
12.3 Network Port Usage
The following table lists the default TCP/UDP network port numbers used by the MediaPack.
Where relevant, the table lists the ini file parameters that control the port usage and provide
source IP address filtering capabilities.
Table
12-1: Default TCP/UDP Network Port Numbers
Port Number Peer Port Application Notes
2 2 Debugging interface Always ignored
23 - Telnet
Disabled by default (TelnetServerEnable).
Configurable (TelnetServerPort), access controlled
by WebAccessList
68 67 DHCP Active only if DHCPEnable = 1
80 - Web server (HTTP)
Configurable (HTTPPort), can be disabled
(DisableWebTask or HTTPSOnly). Access
controlled by WebAccessList
161 - SNMP GET/SET
Configurable (SNMPPort), can be disabled
(DisableSNMP). Access controlled by
SNMPTrustedMGR
443 - Web server (HTTPS)
Configurable (HTTPSPort), can be disabled
(DisableWebTask). Access controlled by
WebAccessList
500 - IPSec IKE
Can be disabled (EnableIPSec)
Not supported in the current version.
6000, 6010 and up - RTP traffic
Base port number configurable (BaseUDPPort),
fixed increments of 10. The number of ports used
depends on the channel capacity of the device.
6001, 6011 and up - RTCP traffic Always adjacent to the RTP port number
6002, 6012 and up - T.38 traffic Always adjacent to the RTCP port number
5060 5060 SIP
Configurable (LocalSIPPort [UDP],
TCPLocalSIPPort [TCP]).
5061 5061 SIP over TLS (SIPS) Configurable (TLSLocalSIPPort)
(random) > 32767 514 Syslog Disabled by default (EnableSyslog).
(random) > 32767 - Syslog ICMP Disabled by default (EnableSyslog).
(random) > 32767 - ARP listener
(random) > 32767 162 SNMP Traps Can be disabled (DisableSNMP)
(random) > 32767 - DNS client
12.4 Recommended Practices
To improve network security, the following guidelines are recommended when configuring the
MediaPack:
Set the Administrator password (refer to Section
5.2.1 on page 47) to a unique, hard-to-hack
string. Do not use the same password for several devices as a single compromise may lead
to others. Keep this password safe at all times and change it frequently.
If possible, use a RADIUS server for authentication. RADIUS allows you to set different
passwords for different users of the MP-11x, with centralized management of the password
database. Both Web and Telnet interfaces support RADIUS authentication (refer to Section
12.2 on page 217).