User`s manual

ManualsBrandsAudioCodes ManualsNetworkingMediant 1000

331

332

333

334

335

336

337

338

339

340

Mediant 1000

H.323 User's Manual 340 Document #: LTRT-83401

13.6 Recommended Practices

To improve network security, the following guidelines are recommended when configuring

the Mediant 1000:

 Set the password of the primary web user account (refer to 5.6.7.1 on page 162) to a

unique, hard-to-hack string. Do not use the same password for several devices as a

single compromise may lead to others. Keep this password safe at all times and

change it frequently.

 If possible, use a RADIUS server for authentication. RADIUS allows you to set

different passwords for different users of the Mediant 1000, with centralized

management of the password database. Both Web and Telnet interfaces support

RADIUS authentication (refer to Section 13.3 on page 334).

 If the number of users that access the Web and Telnet interfaces is limited, you can

use the ‘Web and Telnet Access List’ to define up to ten IP addresses that are

permitted to access these interfaces. Access from an undefined IP address is denied

(refer to Section 5.6.7.2 on page 163).

 Use IPSec to secure traffic to all management and control hosts. Since IPSec

encrypts all traffic, hackers cannot capture sensitive data transmitted on the network,

and malicious intrusions are severely limited.

 Use HTTPS when accessing the Web interface. Set HTTPSOnly to 1 to allow only

HTTPS traffic (and block port 80). If you don't need the Web interface, disable the

Web server (DisableWebTask).

 If you use Telnet, do not use the default port (23). Use SSL mode to protect Telnet

traffic from network sniffing.

 If you use SNMP, do not leave the community strings at their default values as they

can be easily guessed by hackers (refer to Section 15.7.1 on page 354).

 Use a firewall to protect your VoIP network from external attacks. Network robustness

may be compromised if the network is exposed to Denial of Service (DoS) attacks.

DoS attacks are mitigated by Stateful firewalls. Do not allow unauthorized traffic to

reach the Mediant 1000.

13.7 Legal Notice

By default, the Mediant 1000 supports export-grade (40-bit and 56-bit) encryption due to

US government restrictions on the export of security technologies. To enable 128-bit and

256-bit encryption on your device, contact your AudioCodes representative.

This product includes software developed by the OpenSSL Project for use in the OpenSSL

Toolkit (http://www.openssl.org/

)

This product includes cryptographic software written by Eric Young' (mailto:mail to:

eay@cryptsoft.com).