Allo.com STM Manuel utilisateur
User Manual
ALLO STM Appliance
(aSTM)
Version 2.0
1
Table of Contents
1. Introduction ..........................................................................................................1
1.1. Overview: .................................................................................................................... 1
1.2. STM Deployment Considerations................................................................................ 3
2. Initial Setup & Configuration...............................................................................4
2.2. Default Configuration................................................................................................... 4
2.3. Accessing the WebUI.................................................................................................. 5
2.4 WebUI Session timeout................................................................................................ 7
2.5 WebUI Settings ............................................................................................................7
2.4 Dashboard.................................................................................................................... 8
3. Configuring the Device........................................................................................9
3.1. General Settings........................................................................................................ 10
3.2. Time Settings ............................................................................................................11
3.3. Management Access................................................................................................. 11
3.4. Signature Update ...................................................................................................... 12
3.5. Logging...................................................................................................................... 13
4. Configuring the SIP Security Policies..............................................................14
4.1. SIP Protocol Compliance .......................................................................................... 14
4.2. SIP Attacks Detection Policies.................................................................................. 14
4.3. Firewall Rules............................................................................................................ 16
4.4. White list Rules.......................................................................................................... 17
4.5. Blacklist Rules (Static)............................................................................................... 17
4.6. Dynamic Blacklist Rules............................................................................................ 18
4.7. Geo IP Filter.............................................................................................................. 19
5. Status..................................................................................................................20
5.1. Security Alerts........................................................................................................... 20
6. Device Administration .......................................................................................21
6.1. Administration............................................................................................................ 21
6.2. Diagnostics................................................................................................................ 21
6.3. Ping........................................................................................................................... 22
1
6.4. Traceroute................................................................................................................. 23
6.5.Troubleshooting.......................................................................................................... 23
6.6. Firmware Upgrade..................................................................................................... 24
6.7. Logs Archive.............................................................................................................. 24
STM- Introduction
1
User Manual v2.0
www.allo.com
1. Introduction
1.1. Overview:
Allo STM is an appliance based VoIP threat prevention solution dedicated to protect the SIP
based PBX/Telecom Gateway/IP Phones/Mobile devices deployments. The appliance runs
the Real time Deep Packet Inspection on the SIP traffic to identify the VOIP attack vectors
and prevents the threats impacting the SIP based devices. The appliance has been made to
seamlessly integrate with the existing network infrastructure and reduces the complexity of
deployment.
The appliance feature set includes,
•Analyze SIP packets using the Real time Deep Packet inspection engine.
•SIP Protocol Anomaly detection with configurability of detection parameters.
•Detection and Prevention of the following categories of SIP based Attacks.
¾Reconnaissance attacks ( SIP Devices Fingerprinting, User enumeration,
Password Cracking Attempt )
¾Dos/DDos Attacks
¾Cross Site Scripting based attacks.
¾Buffer overflow attacks
¾SIP Anomaly based attacks
¾3rd Party vendor vulnerabilities
¾Toll Fraud detection and prevention
¾Protection against VOIP Spam & War Dialing
•Attack response includes the option for quietly dropping malicious SIP packets to
help prevent continued attacks
•Dynamic Blacklist Update service for VOIP, SIP PBX/Gateway Threats
•Configurability of Blacklist/Whitelist/Firewall rules.
•Support for Geo Location based blocking.
•Provide the option to secure against PBX Application vulnerabilities
•Operate at Layer 2 device thus transparent to existing IP infrastructure - no changes
required to add device to your existing network
STM- Introduction
2
User Manual v2.0
www.allo.com
•Web/SSL based Device Management Access which will allow managing the device
anywhere from the Cloud.
•Ability to restrict the device management access to specific IP/Network.
•Provide System Status/Security events logging option to remote syslog server.
•Provides the SIP throughput up to ~10Mbps.
•Support for Signature update subscription and automated signature update
mechanism.
•The device has been made to operate with default configuration with just powering
on the device. No administrator intervention is required to operate the device with
default configuration.
•USB based power supply
•Optional support for security events logging on the USB based storage.
Technical Specifications
Functional Mode Transparent Firewall with SIP Deep
Packet Engine.
SIP Intrusion/Prevention ~400+ SIP Attack Signatures Support
Throughput ~10Mbps
No of concurrent calls supports 50 concurrent calls
Logging Local Security Event Console, Remote
Syslog
Device Management Web GUI via Https & SSH CLI
Hardware MIPS based 32bit Processor Single core,
300MHz
Primary Storage 16 MB Flash
RAM 64MB
Secondary Storage USB Storage devices support for logging
( Optional)
Interfaces Two Fast Ethernet Interfaces.
STM- Introduction
3
User Manual v2.0
www.allo.com
1.2. STM Deployment Considerations
The STM has been made to protect the SIP based PBX/Gateway Servers against SIP based
network threats and anomalies. Thus it is recommended to deploy the STM along with the
PBX/Gateway deployment as given in the following scenarios based on what is applicable in
the user’s setup.
Deployment Scenario 1
Note:
Some of the PBX/Gateway devices may have an exclusive LAN/Mgmt Interface for device
management purpose other than the Data Interface (also referred as WAN/Public Interface).
In such cases LAN port of the STM should be connected to the Data Interface (WAN/Public
Interface).
Deployment Scenario 2
In the case of PBX deployed in the LAN Setup, the following setup is recommended as it
would help to protect against the threats from both Internal Network as well as the threats
from the Public Cloud penetrated the Non SIP aware Corporate Firewall.
STM – Initial Setup
4
User Manual v2.0
www.allo.com
2. Initial Setup & Configuration
1. Unpack the items from the box
2. Check that you have all the items listed in the package content.
3. Connect the appliance to the power socket using the USB power cable.
4. Connect the LAN port of the STM to the PBX/VOIP Gateway.
5. Connect the WAN port of the STM to the untrusted/public network.
6. The device will take about a minute to come up & will be fully functional with the
default configuration.
Note:
Some of the PBX/Gateway devices may have an exclusive LAN/Mgmt Interface for device
management purpose other than the Data Interface (also referred as WAN/Public Interface).
In such cases LAN port of the STM should be connected to the Data Interface (aka
WAN/Public Interface).
The device operates as transparent bridging firewall with Deep Packet Inspection enabled
on the SIP traffic. By default, the appliance has been made to acquire the IP Address via
DHCP.
The device has been made to be fully functional with the default configuration. However if
the user needs to tune the device settings & the DPI policies, user can tune the configuration
via the Device WebUI.
2.2. Default Configuration
The device operates as transparent bridging firewall with Deep Packet Inspection enabled
on the SIP traffic. By default, the appliance has been made to acquire the IP Address via
DHCP.
The device has been made to be fully functional with the default configuration. However if
the user needs to tune the device settings & the DPI policies, He/She can tune the
configuration via the Device WebUI.
The device all provides the command line interface accessible via SSH, which will allow to
configure the basic settings and view device status.
Management Access Login Credentials
WebUI admin/admin
SSH CLI admin/stmadmin
STM – Initial Setup
5
User Manual v2.0
www.allo.com
2.3. Accessing the WebUI
To access the device WebUI,
1. Connect the serial console the serial port of STM device.
2. Use the following serial console settings to access the 'Shield' CLI
i. Speed : 38400
ii. Parity : None
iii. Data : 8
iv. Stopbits : 1
v. Flowcontrol : No
3. From the 'Shield' command prompt, execute the following command to view the IP
Address acquired by the device.
shield>show ip
Now you can access the device from the browser using the URL as given below
https://<device-ip>
Note:
The WebUI has been made accessible only via HTTPS. The Device WebUI Server has been
made to use Self signed PKI Certificate, Thus the browser will prompt to accept the self
signed certificate generated by the device on accessing the WebUI.
The recommended browser for accessing STM WebUI is Mozilla Firefox.
Note:
If you are not running the dhcp server in your deployment OR device fails to acquire the ip
address, set the ip address from the console CLI using the command line
shield>set ip <ipaddress> <mask> <gateway>
Verify the address using the ‘show ip’ command. Then use this IP address, to access the
WebUI/SSH to configure the device configuration further.
On launching the STM WebUI, the web application will prompt enter the administrator
credentials to login.
STM – Initial Setup
6
User Manual v2.0
www.allo.com
The WebUI login session has been made to time out and if the user does not enter the login
credentials for 30 seconds and will redirect to the informational page. The user can click the
hyperlink named as ‘login’ appearing on the information page, to visit the login page again.
If somebody is already logged in to STM WebUI session, the subsequent attempts to login
will notify the details previous login session as illustrated below and will prompt the user to
override the previous session and continue OR to discard the attempt the login.
Autres manuels pour STM
1
Table des matières
Autres manuels Allo.com Accessoires pour téléphone
