Jump to: navigation, search

Security Considerations

Secure Transports

For all communications between client and server that must be secure:

  • HTTPS is used with SSL certificates from a trusted authority.
  • For WebRTC, DTLS-SRTP is used.
  • For Flash, RTMFP or RTMPT/S is used.

Note: Currently TLS and SRTP are not supported by MCU on the SIP-side.

Tools and Services

Fail2ban

To ban IP addresses that repeatedly have failed login attempts, Genesys recommends installing fail2ban. This rpm is shipped with the Common IP package in the extras folder.

You need root access to install this rpm:

sudo yum -y --nogpgcheck localinstall python-inotify-0.9.1-1.el6.noarch.rpm
sudo yum -y --nogpgcheck localinstall gamin-python-0.1.10-9.el6.x86_64.rpm
sudo yum -y --nogpgcheck localinstall fail2ban-0.8.14-1.el6.noarch.rpm

The default install will ban IP addresses after three failed attempts for 600 seconds.

Telnet and FTP

Telnet and FTP services have known security issues. Genesys recommends disabling these services on the Platform.

Xinetd

Run the following command:

sudo chkconfig xinetd off

Port Usage

For port requirements, see Connection Map.

Feedback

Comment on this article:

blog comments powered by Disqus
This page was last modified on 16 June 2016, at 13:37.