Application Notes for Configuring Radware DefensePro 3020 in an Avaya SIP Telephony Environment Issue 0.3

Similar documents
Application Notes for Configuring Yealink T-22 SIP Phones to interoperate with Avaya IP Office - Issue 1.0

Application Notes for Valcom PagePro IP with Avaya IP Office Issue 1.0

Application Notes for Configuring NMS Adaptive Desktop SMS with Avaya IP Office R8.0 using Avaya IP Office TAPI Service Provider - Issue 1.

Application Notes for Resource Software International Revolution Web Call Accounting with Avaya Quick Edition Issue 1.0

Application Notes for Configuring a SonicWALL Continuous Data Protection (CDP) backup solution with Avaya Voic Pro - Issue 1.

Sample Configuration for Microsoft Firewall and McAfee Desktop Firewall 8.5 to Support Avaya IP Softphone Issue 1.0

Application Notes for Biamp Tesira SVC-2 and Avaya IP Office Issue 1.0

Application Notes for Metropolis ProfitWatch Hotel Call Accounting with Avaya IP Office Issue 1.0

Application Notes for VTech 1-Line Corded Analog Hotel Phone with Avaya IP Office 8.1 and Voic Pro 8.1 Issue 1.0

Application Notes for Configuring 911 Enable Emergency Routing Service with Avaya IP Office - Issue 1.0

Configuring the Avaya B179 SIP Conference Phone with Avaya Aura Communication Manager and Avaya Aura Session Manager Issue 1.0

Abstract. Avaya Solution & Interoperability Test Lab

Abstract. Avaya Solution & Interoperability Test Lab

Application Notes for Configuring the Ascom i62 VoWiFi handset version with Avaya IP Office Release Issue 1.0

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

Abstract. Avaya Solution & Interoperability Test Lab

Configuring H.323 over Port Network Address Translation (PNAT) for Avaya IP Endpoints using the Avaya SG200 Security Gateway - Issue 1.

Configuring Avaya 1120E, 1140E, 1220 and 1230 IP Deskphones with Avaya IP Office Release 6.1 Issue 1.0

Application Notes for the GN Netcom GN 8120 USB Headset Adapter with Avaya IP Softphone Issue 1.0

Application Notes for Multi-Tech FaxFinder IP with Avaya IP Office Issue 1.0

Application Notes for Configuring Dorado Software Redcell Enterprise Bundle using SNMP with Avaya Communication Manager - Issue 1.

Application Notes for Resource Software International Shadow Real-Time Dashboard 2.3 with Avaya IP Office Server Edition 9.1 Issue 1.

Application Notes for Lucent Technologies VitalQIP DHCP/DNS Management with Avaya IP Telephones and Avaya Communication Manager Issue 1.

Application Notes for Integrated Research PROGNOSIS IP Telephony Manager with Avaya Communication Manager - Issue 1.0

How To Test The Nms Adaptive Suite With An Ip Office On A Windows 2003 Server On A Nms Desktop On A Pnet 2.5 (Tapi) On A Blackberry 2.2 (Tapi) On An Ipo 2

Avaya Solution & Interoperability Test Lab Application Notes for Configuring Datatal AB Flexi with Avaya IP Office - Issue 1.0

Configuring Instant Messaging and Presence capability for Avaya IP Agent using Avaya SIP Enablement Services - Issue 1.0

Application Notes for snom 3x0 VoIP Phones with Avaya IP Office Issue 1.0

Application Notes for Codima autoasset with an Avaya Infrastructure - Issue 1.0

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0

Application Notes for Configuring Avaya IP Office 8.1 with Colt VoIP Access service Issue 1.0

Application Notes for Algo 8028 SIP Door Phone with Avaya IP Office - Issue 1.0

Abstract. Avaya Solution & Interoperability Test Lab

Application Notes for Biamp AudiaFLEX VoIP-2 with Avaya IP Office Issue 1.0

Application Notes for AudioCodes MP-202 Telephone Adaptor with Avaya SIP Enablement Services and Avaya Communication Manager - Issue 1.

Application Notes for Configuring Broadvox SIP Trunking with Avaya IP Office - Issue 1.0

Application Notes for Spectralink 84-Series Wireless Telephones and Avaya IP Office Issue 1.0

Application Notes for MultiTech FaxFinder FFx40 Software version with Avaya IP Office 8.0 Issue 1.0

Application Notes for DuVoice with Avaya IP Office 8.1 Issue 1.1

Configuring the Juniper NetScreen Firewall Security Policies to support Avaya IP Telephony Issue 1.0

Application Notes for Configuring Cablevision Optimum Voice SIP Trunking with Avaya IP Office - Issue 1.1

Application Notes for DuVoice Emergency Alert System with Avaya IP Office 9.0 Issue 1.0

Application Notes for Integrating Verint ULTRA9 VoIP Call Recording Service With Avaya Interaction Center - Issue 1.1

Application Notes for configuring ICR Evolution Software with Avaya IP Office R8 using Avaya IP Office TAPI Service Provider - Issue 1.

Application Notes for configuring ContactPro from CCT Deutschland GmbH with Avaya Aura Presence Services R6.2 - Issue 1.0

Application Notes for DATEL Call SWEET! Live Outbound Dialer with Avaya IP Office 8.0 Issue 1.0

Abstract. These Application Notes provide information for the setup, configuration, and verification of this solution.

Application Notes for TONE Software ReliaTel with Avaya Aura Communication Manager 6.2 Using SNMP Issue 1.0

Application Notes for GN Netcom Jabra PC Suite Software Version 2.9 and Jabra Speak 410 USB with Avaya Aura Agent Desktop 6.2 Issue 1.

Application Notes for Verint Work Force Management with Avaya IQ Issue 1.0

Application Notes for MultiTech FaxFinder IP with Avaya IP Office Issue 1.0

Application Notes for Revolabs FLX UC 1000 with Avaya IP Office - Issue 0.1

Application Notes for Microsoft Office Communicator R2 Client integration with Avaya one-x Portal and Intelligent Presence Server - Issue 1.

Application Notes for configuring Avaya IP Office IP500 R7.0 with 2Ring NetFAX R3.0 Issue 1.0

IPS Anti-Virus Configuration Example

Application Notes for Configuring QuesCom 400 IP/GSM Gateway with Avaya IP Office using H.323 trunks Issue 1.0

Application Notes for Configuring Teleopti CCC with Avaya Aura Contact Center for Real-time and Historical Reporting Issue 1.0

Application Notes for Configuring MUG Enterprise Interceptor with Avaya Proactive Contact - Issue 1.0

Avaya IP Office SIP Configuration Guide

Application Notes for the Ingate SIParator with Avaya Converged Communication Server (CCS) - Issue 1.0

Application Notes for BT Wholesale/HIPCOM SIP Trunk Service and Avaya IP Office 8.0 Issue 1.0

Application Notes for Configuring Microsoft Office Communications Server 2007 R2 and Avaya IP Office PSTN Call Routing - Issue 1.0

Application Notes for Configuring Wesley Clover Solutions Trading Platform with Avaya IP Office using SIP Trunks Issue 1.0

Application Notes for Symon Enterprise Server with Avaya IQ Issue 1.0

Application Notes for DuVoice with Avaya IP Office 9.0 Issue 1.0

Application Notes for Configuring SIP Trunking between Metaswitch MetaSphere CFS and Avaya IP Office Issue 1.0

Application Notes for Jabra PC Suite and Jabra Evolve 65 Headset with Avaya one-x Agent - Issue 1.0

Abstract. Avaya Solution & Interoperability Test Lab

Application Notes for Configuring Avaya IP Office 9.0 with HIPCOM SIP Trunk Issue 1.0

How to Configure the Juniper NetScreen 5GT to Support Avaya H.323 IP Telephony Issue 1.0

Job Aid: Creating Additional Remote Access Logins

Application Notes for Avaya Aura Conferencing 7.2 and Radvision SCOPIA Elite MCU Issue 1.0

Abstract. Avaya Solution & Interoperability Test Lab

Sample Configuration for H.323 Trunk between Avaya IP Office and Cisco Unified Communications Manager 7.0 Issue 1.0

Configuring Avaya Aura Communication Manager and Avaya Call Management System Release 16.3 with Avaya Contact Center Control Manager Issue 1.

IPS Attack Protection Configuration Example

Abstract. Avaya Solution & Interoperability Test Lab

Qvis Security Technical Support Field Manual LX Series

Application Notes for Algo 8180 SIP Audio Alerter with Avaya IP Office - Issue 1.1

Application Notes for Resource Software International Revolution Web Call Accounting with Avaya IP Office - Issue 1.0

Send technical support questions to In the United States, call the technical support team toll-free at TMSS

Application Notes for Biamp AudiaFLEX VoIP-2 with Avaya Aura Communication Manager Using Avaya Aura SIP Enablement Services Issue 1.

Application Notes for Configuring Intelepeer SIP Trunking with Avaya IP Office Issue 1.0

Application Notes for TANDBERG Video Conference Solution with Avaya Meeting Exchange - Issue 1.0

Application Security Backgrounder

EINTE LAB EXERCISES LAB EXERCISE #5 - SIP PROTOCOL

Application Notes for GN Netcom Jabra GN 9330 USB Headset and Jabra PC Suite with Avaya one-x Communicator and Avaya one-x Agent - Issue 1.

Configuring the CyberData VoIP 4-Port Zone Controller with Audio Out

Avaya Solution & Interoperability Test Lab

Firewall Defaults and Some Basic Rules

FLX VoIP Registering with Avaya IP Office 500

Using Cisco UC320W with Windows Small Business Server

Application Notes for GN Netcom Jabra LINK 280 USB Adapter and Jabra PC Suite with Avaya one-x Communicator and Avaya one-x Agent - Issue 1.

Application Notes for VPI EMPOWER Suite Performance Reporting with Avaya Call Management System R17 Issue 1.0

Abstract. Avaya Solution & Interoperability Test Lab

Avaya IP Office SIP Trunk Configuration Guide

Application Notes for G-Tek SIP Telephone MT-102H version 1510X i with Avaya Software Communication System Release 3.0 Issue 1.0.

Application Notes for Invision Interaction Recording System Version 5.0 with Avaya Aura Communication Manager Release 6.3 Issue 1.

USER GUIDE. Ethernet Configuration Guide (Lantronix) P/N: Rev 6

How To Test Fcs Winexpress On An Ipo On A Pc Or Mac Xp (Windows) On A Microsoft V3.3.5 (Windows Xp) On An Iphone Or Ipo (Windows V3) On Pc

Transcription:

Avaya Solution & Interoperability Test Lab Application Notes for Configuring Radware DefensePro 3020 in an Avaya SIP Telephony Environment Issue 0.3 Abstract These Application Notes describe the configuration of the Radware DefensePro 3020 Release 3.00 security appliance to successfully interoperate in an Avaya SIP Telephony environment consisting of Avaya Communication Manager 3.1, Avaya SIP Enablement Services 3.1, Avaya 4600 Series IP Telephones, and Avaya SIP Softphones. Information in these Application Notes has been obtained through compliance testing and additional technical discussions. Testing was conducted via the DeveloperConnection Program at the Avaya Solution and Interoperability Test Lab. 1 of 20

1. Introduction The Radware DefensePro 3020 is an intrusion prevention and denial of service protection solution that protects against network, OS and application level attacks from worms, viruses, hackers, SYN floods and DoS attacks. Both known and unknown zero-day attacks can be blocked by DefensePro 3020 s adaptive self-learning behavior-based capabilities. The DefensePro 3020 provides multi-layer security by integrating content signature-based, behaviorbased and rate-based protection into a single multi-layer-security solution, and features inline security switching and stateful packet inspection to bi-directionally scan and protect all network traffic. As shown in the above configuration, the Radware DefensePro 3020 is configured to protect the Avaya servers from the security attacks. The Avaya servers include the Avaya SIP Enablement Services server and Avaya S8300 Media Server with Avaya G700 Media Gateway. The two Layer 2 switches are connected to a pair of static forwarding ports on the DefensePro 3020. The Radware APSolute Insite is an application that provides the main management interface for all Radware devices, including the DefensePro 3020. The APSolute Insite is used to configure, modify, and manage the DefensePro 3020. For the compliance testing, various security attacks were launched from the Hacker PC. Upon detecting an attack, DefensePro 3020 prevents propagation by executing the predefined action in the security policy, while continue to inspect and forward the legitimate application traffic between the pair of static forwarding ports. DefensePro 3020 also has an internal bypass mode that can be triggered upon a power failure or shut down of the DefensePro 3020 application, such that the pair of static forwarding ports can continue to forward traffic to one another without DefensePro 3020. The administration of the Avaya SIP infrastructure is not the focus of these Application Notes and will not be described. For administration of the Avaya SIP infrastructure, refer to the appropriate documentation listed in Section 8. 2 of 20

2. Equipment and Software Validated The following equipment and software were used for the sample configuration provided: Equipment Software Avaya S8300 Media Server with G700 Media Gateway Communication Manager 3.1.1, load 628.7 Avaya SIP Enablement Services 3.1, load 18 Avaya 4612 & 4624 IP Telephones (H.323) 1.8.3 Avaya 4610SW IP Telephones (SIP) 2.4 Avaya Softphones (SIP) One-X Desktop Edition 2.1, build 44 Radware DefensePro 3020 3.00.00 Radware APSolute Insite running on IBM ThinkPad with Windows XP Professional 2.00 V2002 SP2 Hacker PC Red Hat Enterprise Linux ES 3 3 of 20

3. Configure Radware DefensePro 3020 This section provides the procedures for configuring Radware DefensePro 3020. The procedures include the following areas: Administer IP address and management port Administer device Administer security policy 3.1. Administer IP Address and Management Port Connect a PC to the console serial port of the DefensePro 3020. The Startup Configuration screen is displayed. Enter an IP address, IP subnet mask, and Port number that will be used for APSolute Insite connectivity, as shown below. Default values of remaining fields may be modified as necessary, consult the Radware documentation listed in Section 8 for detail descriptions. For the compliance testing, default values were retained for all remaining fields. 4 of 20

The SNMP Startup Configuration screen is displayed next. Field default values may be modified as necessary, consult the Radware documentation listed in Section 8 for detail descriptions. For the compliance testing, all default values were retained. The Startup Configuration screen shown previously is displayed again, to provide the user an opportunity to make any additional changes. Accept all displayed values. 5 of 20

3.2. Administer Device Physically connect the PC running the APSolute Insite application to the DefensePro 3020 management port. For the compliance testing, the designated management port was 11, as configured in Section 3.1. Double click on the APSolute Insite icon below from the PC to launch the application. The following APSolute Insite login screen is displayed. For User Name and Password, enter the corresponding values from Section 3.1. Click OK. 6 of 20

The following APSolute Insite main screen is displayed next. Select Device > Add Radware Device > DefensePro from the menu drop down lists as shown below. The APSolute Insite main screen is updated with a DP-1 icon displayed into the right pane. Double click on the DP-1 icon. 7 of 20

The Connect DP Device dialogue box is displayed. For the Device IP Address field, enter the IP address from Section 3.1, in this case 192.168.1.1. For the Device Community Name, enter a descriptive name, in this case Avaya DevConnect. Click OK. The APSolute Insite main screen is updated with the IP address and device name as shown below. Double click on the Avaya DevConnect icon in the right pane. 8 of 20

The DefensePro screen appears. Right click on Networking and select Static Forwarding. The Static Forwarding screen is displayed. Administer the pair of static forwarding ports. Source Port: Destination Port: Port Operation: Select the source port to transmit the traffic. Select the destination port to receive the traffic. Select process to enable packet inspection. For the compliance testing, the Avaya telephones and hacker PC are connected to port G-1, and the Avaya servers are connected to port G-2. All traffic from both directions are inspected with the process option in the Port Operation field for a more strenuous test, although the forward option could have been used from port G-2 to G-1 to allow straight forwarding of packets from the Avaya servers. Click OK to submit the changes. 9 of 20

3.3. Administer Security Policy From the APSolute Insite main screen, right click on the Avaya DevConnect icon in the right pane, and select APSolute OS > Security from the drop down lists. The Connect & Protect Table screen is displayed. This table is used to define security policies for the system. Create a new security policy by click on the first blank grid under the Networks column, and the associated parameters are displayed into the Settings pane. Select any from the drop down lists for the From and To fields in the Settings pane, to enable the security policy to be applied to all source and destination networks in the system. Click on Apply. For the compliance testing, the new security policy is configured to be applied to the entire system. Customers can use the Port/VLAN column to define specific ports and VLANs for each security policy to be applied to. 10 of 20

3.3.1. Administer Intrusion Protection From the Connect & Protect Table screen, double click on the corresponding grid in the Intrusions column for the security policy, to display the Settings pane. The Intrusion Prevention Profiles area displays a list of pre-defined profiles, and the All Intrusion Attacks area provides a list of pre-defined types of intrusion attacks. The user can consult the Radware documentation for selecting the appropriate profile and intrusion attacks to correspond to the network configuration, or create a new profile with known and user defined types of attacks. For the compliance testing, a new profile is created to contain all pre-defined types of intrusion attacks. Click on New Profile, the New Intrusion Prevention dialogue box is displayed. Enter a descriptive Profile Name, and click OK. 11 of 20

The Intrusion Prevention Profiles pane is updated with the newly created profile. Check the newly created profile in the Intrusion Prevention Profiles section, and apply all pre-defined intrusion attacks by selecting each group of attacks in the All Intrusion Attacks section followed by the leftward arrow. Apply the newly created intrusion profile to the security policy, by clicking on the corresponding grid in the Intrusions column followed by the Apply button at the bottom right of the screen. 12 of 20

3.3.2. Administer DoS/DDoS Protection From the Connect & Protect Table screen, double click on the corresponding grid in the DoS/DDoS column for the security policy, to display the Settings pane. The procedures for creating a new DoS/DDoS profile with all pre-defined DoS attacks are similar to the creation of the intrusion profile. Follow the procedures described in Section 3.3.1 to create the new DoS profile shown below. 13 of 20

3.3.3. Administer SYN Flood Protection From the Connect & Protect Table screen, double click on the corresponding grid in the SYN Flood column for the security policy, to display the Settings pane. The procedures for creating a new SYN flood profile with all pre-defined SYN flood attacks are similar to the creation of the intrusion profile. Follow the procedures described in Section 3.3.1 to create the new DevConnect profile shown below. Upon clicking the Apply button, the following dialogue box is displayed. A reboot of the system is necessary to create the table and allocate the memory for SYN flood protection. Click OK to proceed with the device reboot. 14 of 20

3.3.4. Administer Behavioral DoS Protection From the Connect & Protect Table screen, double click on the corresponding grid in the Behavioral DoS column for the security policy, to display the Settings pane. The procedures for creating a new behavioral DoS profile with all pre-defined behavioral DoS attacks are similar to the creation of the intrusion profile. Follow the procedures described in Section 3.3.1 to create the new BDoS profile shown below. 3.3.5. Administer Anomalies Protection From the Connect & Protect Table screen, double click on the corresponding grid in the Anomalies column for the security policy, to display the Settings pane. The procedures for creating a new anomalies profile with all pre-defined behavioral anomaly attacks are similar to the creation of the intrusion profile. Follow the procedures described in Section 3.3.1 to create the new Anomalies profile shown below. 15 of 20

3.3.6. Administer Anti-Scanning Protection From the Connect & Protect Table screen, double click on the corresponding grid in the Anti- Scanning column for the security policy, to display the Settings pane. The procedures for creating a new anti-scanning profile with all pre-defined anti-scanning attacks are similar to the creation of the intrusion profile. Follow the procedures described in Section 3.3.1 to create the new Anti-scan1 profile shown below. 3.3.7. Administer Additional Parameters From the Connect & Protect Table screen, double click on the corresponding grid in the Additional Parameters column for the security policy, to display the Settings pane. For the Policy Action field, select Block to enable dropping of security attack packets upon detection. Keep the default value for the Packet Reporting field. Click Apply. Activate the new security policy by checking the corresponding grid in the Enable column, followed by Update Policies. 16 of 20

4. Interoperability Compliance Testing The interoperability compliance test included security attacks, SIP features, and serviceability testing. The security attacks testing included pings to death (used and unused IP addresses), SYN/ICMP floods, port scans (vertical and horizontal), TCP/TLS/UDP port attacks, and H323/SIP registration attacks. The security attacks focused on attacking the Avaya servers. The feature testing included basic SIP features of registration, basic calling, hold, transfers, conference, call forwarding, bridging, presence, and instant messaging. The focus is on verifying these basic SIP features while the system is under security attack. The serviceability testing focused on verifying the ability of DefensePro 3020 to trigger the internal bypass mode upon pulling the power chord, such that the IP traffic can continue to be forwarded between the two static forwarding ports without the DefensePro 3020 application. 4.1. General Test Approach All tests were performed manually. The Knoppix, Nmap, and Hgod tools were used to generate the various forms of attacks. The attacks were verified to be detected, logged, and blocked from DefensePro 3020, with detail descriptions provided in the attack logs. While the system was under attack, the feature test cases were executed to verify that the legitimate traffic continued to flow through. 4.2. Test Results All test cases were executed and passed. 17 of 20

5. Verification Steps This section provides the tests that can be performed to verify proper configuration of Radware DefensePro 3020. Launch a security attack from the hacker PC to one of the Avaya servers. From the APSolute Insite main menu screen, click on the Security Reporting tab at the bottom of the screen. Double click on the dashboard icon (not shown) to bring up the APSolute Insite - Top Attacks Dashboard screen below. This real-time monitoring tool displays the most intensive attacks currently in the system. Verify that the newly launched attack is detected and displayed in the radar screen. From the APSolute Insite main menu screen, click on the Security Reporting tab at the bottom of the screen. Double click on the logs icon (not shown) to bring up the logs screen below. Verify that the details of the newly launched attack are displayed in the logs. 18 of 20

6. Support Technical support on Radware DefensePro 3020 can be obtained through the following: Phone: (877) 236-9807 Email: support@radware.com 7. Conclusion These Application Notes describe the configuration steps required for Radware DefensePro 3020 Release 3.00 to successfully interoperate with Avaya SIP Telephony environment consisting of Avaya Communication Manager 3.1, Avaya SIP Enablement Services 3.1, Avaya 4600 Series IP Telephones, and Avaya SIP Softphones. 8. Additional References This section references the product documentation relevant to these Application Notes. Administrator Guide for Avaya Communication Manager, Document 03-300509, Issue 2, February 2006, available at http://support.avaya.com. Installing and Administering SIP Enablement Services R3.1, Document ID 03-600768, Issue 1.4, February 2006, available at http://support.avaya.com. SIP Support in Release 3.1 of Communication Manager Running on the S8300, S8400, S8500, S8500B, S8700, and S8710 Media Server, Document 555-245-206, Issue 1.4, February 2006, available at http://support.avaya.com. DefensePro 3.00 User Manual, Software Version 3.00, March 2006, available at http://www.radware.com with proper login. VoIP Security Threats and Solutions, available at http://www.radware.com with proper login. DefensePro Best Practices for Transparent Introduction, available at http://www.radware.com with proper login. Radware s Security Zone, available at http://www.radware.com with proper login. 19 of 20

Avaya and the Avaya Logo are trademarks of Avaya Inc. All trademarks identified by and are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners. The information provided in these Application Notes is subject to change without notice. The configurations, technical data, and recommendations provided in these Application Notes are believed to be accurate and dependable, but are presented without express or implied warranty. Users are responsible for their application of any products specified in these Application Notes. Please e-mail any questions or comments pertaining to these Application Notes along with the full title name and filename, located in the lower right corner, directly to the Avaya DeveloperConnection Program at devconnect@avaya.com. 20 of 20

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information