For all communications between client and server that must be secure:
- HTTPS is used with SSL certificates from a trusted authority.
- For WebRTC, DTLS-SRTP is used.
- For Flash, RTMFP or RTMPT/S is used.
Note: Currently TLS and SRTP are not supported by MCU on the SIP-side.
Tools and Services
To ban IP addresses that repeatedly have failed login attempts, Genesys recommends installing fail2ban. This rpm is shipped with the Common IP package in the extras folder.
You need root access to install this rpm:
sudo yum -y --nogpgcheck localinstall gamin-python-0.1.10-9.el6.x86_64.rpm
sudo yum -y --nogpgcheck localinstall fail2ban-0.8.14-1.el6.noarch.rpm
The default install will ban IP addresses after three failed attempts for 600 seconds.
Telnet and FTP
Telnet and FTP services have known security issues. Genesys recommends disabling these services on the Platform.
Run the following command:
For port requirements, see Connection Map.