SBM powered by Microsoft Lync Administrator's Guide 2010-11
B-11
HP SBM Security Hardening
USGCB Recommendations That Must Not Be Implemented
Table B-2 displays the rules that HP has added to the SBM’s firewall.
Table B-2. Firewall Rules Added by HP at Factory Default Settings
USGCB Recommendations That Must
Not Be Implemented
There are several settings recommended by USGCB that you must not imple-
ment because they will interfere with the installation process or cause the
SBM to malfunction.
Table B-3 displays the recommended settings that must not be implemented.
The correct setting is configured by default unless a domain policy changes it
when the SBM joins the domain. Therefore, you should check your domain
Rule Name Rule
CS TCP444 dir=in,action=allow,localip=any,remoteip=any,protocol=any,profile=
any,enable=yes
CS rtcmedsrv dir=in,action=allow,program="%PROGRAMFILES%\Microsoft
Communications Server 2010\Mediation
Server\MediationServerSvc.exe",service=RTCMEDSRV,localip=any,
localport=any,remoteip=any,remoteport=any,protocol=TCP,profile=
any,enable=yes
CS rtcsrv dir=in,action=allow,program="%PROGRAMFILES%\Microsoft
Communications Server
2010\Server\Core\RTCSrv.exe",service=RTCSrv,localip=any,
localport=any,remoteip=any,remoteport=any,protocol=TCP,profile=
any,enable=yes
CS MSSQL dir=in,action=allow,program="%PROGRAMFILES%\Microsoft SQL
Server\MSSQL10.RTCLOCAL\MSSQL\Binn\sqlservr.exe",service=
"MSSQL$RTCLOCAL",localip=any,localport=any,remoteip=any,
remoteport=any,protocol=TCP,profile=any,enable=yes
Outbound444 dir=out,action=allow,localip=any,remoteip=any,protocol=any,
profile=any,enable=yes
PSTN Gateway TCP dir=in,action=block,localip=any,localport=5081,remoteip=any,
remoteport=any,protocol=TCP,profile=any,enable=yes
PSTN Gateway TLS dir=in,action=block,localip=any,localport=5082,remoteip=any,
remoteport=any,protocol=TCP,profile=any,enable=yes