Recommended Practices; Legal Notice - 3Com VCX v7111 User Manual

Recommended Practices

To improve network security, the following guidelines are recommended when configuring
the V7111 gateway:
Set the password of the primary web user account (see
Accounts) to a unique, hard-to-hack string. Do not use the same password for several
devices as a single compromise may lead to others. Keep this password safe at all times
and change it frequently.
If possible, use a RADIUS server for authentication. RADIUS allows you to set different
passwords for different users of the V7111 gateway, with centralized management of the
password database. Both Web and Telnet interfaces support RADIUS authentication
(see SRTP).
If the number of users that access the Web and Telnet interfaces is limited, you can use
the Web and Telnet Access List to define up to ten IP addresses that are permitted to
access these interfaces. Access from an undefined IP address is denied (see
Configuring the Web and Telnet Access
Use IPSec to secure traffic to all management and control hosts. Since IPSec encrypts
all traffic, hackers cannot capture sensitive data transmitted on the network, and
malicious intrusions are severely limited.
Use HTTPS when accessing the Web interface. Set HTTPSOnly to 1 to allow only
HTTPS traffic (and block port 80). If you don't need the Web interface, disable the Web
server (DisableWebTask).
If you use Telnet, do not use the default port (23). Use SSL mode to protect Telnet traffic
from network sniffing.
If you use SNMP, do not leave the community strings at their default values as they can
be easily guessed by hackers (see
Use a firewall to protect your VoIP network from external attacks. Network robustness
may be compromised if the network is exposed to Denial of Service (DoS) attacks. DoS
attacks are mitigated by Stateful firewalls. Do not allow unauthorized traffic to reach the
V7111 gateway.

Legal Notice

By default, the V7111 gateway supports export-grade (40-bit and 56-bit) encryption due to
US government restrictions on the export of security technologies. To enable 128-bit and
256-bit encryption on your device, contact your 3Com representative.
This product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit (www.openssl.org)
This product includes cryptographic software written by Eric Young' (eay@cryptsoft.com).
®
3Com VCX V7111 VoIP Gateway User Guide
Configuring the Web User
List).
SNMP Community Names).
345