IPT Attack Mitigation - Interop

More documents

Recommendations

Info

Layer-3/4 Attack Mitigation II • Mitigation: •Segment DATA from VOICE (continued) Only allow interaction through firewalled access Mitigates many IP and voice protocol attacks Make certain your vendor of choice supports voice protocols •Filter (ACL/FW) and rate-limit (QoS) traffic to known profiles Endpoints don’t need 100Mb rates to the IP PBX, limit flows on a per-port basis •Protect the network stack of any server – PFW/HIDS/HIPS/AV IP PBX Voice Gateway User System Corporate Server V Voice Segment Data Segment User System Proxy Server Secure Voice N+I © 2004, Cisco Systems, Inc. All rights reserved. Vmail Server Email Server 6
Everything Else • IDS/IPS Provides significant real-time monitoring of voice segments Consider anomaly detection in addition to traditional IDS • QoS Traffic classification and policing ensures voice high availability and resilience in the campus (including WLAN) and over the WAN. Secure Voice N+I © 2004, Cisco Systems, Inc. All rights reserved. 7
Page 1 and 2: IPT Attack Mitigation Jason Halpern
Page 3 and 4: Agenda Secure Voice N+I © 2004, Ci
Page 5: Layer-3/4 Attack Mitigation • Typ
Page 9 and 10: Voice Services (All) • Turn off u
Page 11 and 12: Toll Fraud • Many commonly exploi
Page 13 and 14: Voice Services: IP PBX/Call-Process
Page 15 and 16: Endpoints • IP phones Harden - co
Page 17 and 18: Attack Mitigation Roles for Buildin
Page 19 and 20: Attack Mitigation Roles for Data Ce
Page 21: Questions? • Consider the SAFE IP

IPT Attack Mitigation - Interop

Create successful ePaper yourself

Delete template?

Save as template?