Jump to: navigation, search

Security Considerations

Secure Transports

For all communications between client and server that must be secure:

  • HTTPS is used with SSL certificates from a trusted authority.
  • For WebRTC, DTLS-SRTP is used.
  • For Flash, RTMFP or RTMPT/S is used.

Note: Currently TLS and SRTP are not supported by MCU on the SIP-side.

Tools and Services


To ban IP addresses that repeatedly have failed login attempts, Genesys recommends installing fail2ban. This rpm is shipped with the Common IP package in the extras folder.

You need root access to install this rpm:

sudo yum -y --nogpgcheck localinstall python-inotify-0.9.1-1.el6.noarch.rpm
sudo yum -y --nogpgcheck localinstall gamin-python-0.1.10-9.el6.x86_64.rpm
sudo yum -y --nogpgcheck localinstall fail2ban-0.8.14-1.el6.noarch.rpm

The default install will ban IP addresses after three failed attempts for 600 seconds.

Telnet and FTP

Telnet and FTP services have known security issues. Genesys recommends disabling these services on the Platform.


Run the following command:

sudo chkconfig xinetd off

Port Usage

For port requirements, see Connection Map.

This page was last edited on June 16, 2016, at 20:37.
Comments or questions about this documentation? Contact us for support!