Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for Allo.com Shield STM
Summary of Contents for Allo.com Shield STM
- Page 2 User Manual Shield STM Appliance 1.0 Version 1.0...
-
Page 3: Table Of Contents
Table of Contents 1. Introduction ......................1 1.1. Overview: ........................1 1.2. STM Deployment Considerations ................3 2. Initial Setup & Configuration ................4 2.2. Default Configuration ....................4 2.3. Accessing the WebUI ....................5 2.4 WebUI Session timeout ....................7 2.5 WebUI Settings ...................... - Page 4 6.4. Traceroute ......................... 22 6.5.Troubleshooting ......................22 6.6. Firmware Upgrade ..................... 23 User Manual v1.0 www.shield.com...
-
Page 5: Introduction
1. Introduction 1.1. Overview: Shield STM is an appliance based VoIP threat prevention solution dedicated to protect the SIP based PBX/Telecom Gateway/IP Phones/Mobile devices deployments. The appliance runs the Real time Deep Packet Inspection on the SIP traffic to identify the VOIP attack vectors and prevents the threats impacting the SIP based devices. -
Page 6: Technical Specifications
STM- Introduction • Web/SSL based Device Management Access which will allow managing the device anywhere from the Cloud. • Ability to restrict the device management access to specific IP/Network. • Provide System Status/Security events logging option to remote syslog server. •... -
Page 7: Stm Deployment Considerations
STM- Introduction 1.2. STM Deployment Considerations The STM has been made to protect the SIP based PBX/Gateway Servers against SIP based network threats and anomalies. Thus it is recommended to deploy the STM along with the PBX/Gateway deployment as given in the following scenarios based on what is applicable in the user’s setup. -
Page 8: Initial Setup & Configuration
STM – Initial Setup 2. Initial Setup & Configuration 1. Unpack the items from the box 2. Check that you have all the items listed in the package content. 3. Connect the appliance to the power socket using the USB power cable. 4. -
Page 9: Accessing The Webui
STM – Initial Setup The device all provides the command line interface accessible via SSH, which will allow to configure the basic settings and view device status. Management Access Login Credentials WebUI admin/admin SSH CLI admin/stmadmin 2.3. Accessing the WebUI To access the device WebUI, 1. - Page 10 STM – Initial Setup Verify the address using the ‘show ip’ command.Then use this IP address, to access the WebUI/SSH to configure the device configuration further. On launching the STM WebUI, the web application will prompt enter the administrator credentials to login. The WebUI login session has been made to time out and if the user does not enter the login credentials for 30 seconds and will redirect to the informational page.
-
Page 11: Webui Session Timeout
STM – Initial Setup 2.4 WebUI Session timeout After logging into the WebUI, if there is no activity until the WebUI session timeout period ( By default, the WebUI session timeout is set to 900 seconds ), then the login session will automatically terminated and browser will be redirected to login page again. -
Page 12: Dashboard
STM – Initial Setup 2.4 Dashboard On logging into the STM WebUI, the dashboard will be shown. The user can visit dashboard page from the any configuration page in the STM WebUI, by clicking the STM Product Icon that appears in the left corner of the Top panel. The status panel that appears below the top panel shows the time settings on the device and STM firmware version, Page refresh icon and Setting icon. -
Page 13: Configuring The Device
STM- Device Configuration 3. Configuring the Device Configuration pages of the STM WebUI have been made as self- intuitive and easy to configure. All the configuration pages have been made to work with the two-phase commit model. Note: The two-phase commit model is not applicable to time settings and signature update settings. -
Page 14: General Settings
STM- Device Configuration In case if the user want abandon the configuration changes made, he can click the Ignore Changes button. On clicking the ‘Ignore Changes’ button, the configuration changes stored in the temporary buffer location will be discarded. Note: On applying the configuration changes, the ‘Ignore Changes’... -
Page 15: Time Settings
STM- SIP Security Policy Configuration 3.2. Time Settings The administrator can choose to set the manual time settings on the device or configure the device to sync the time settings from a ntp server. Appropriate time settings/timezone should be set on the device for the correct timestamp to appear on the SIP security alerts generated by the device. -
Page 16: Signature Update
STM- SIP Security Policy Configuration The administrator needs to configure the IP Address or the IP Network or the Range of IP Addresses from with management access to the device should be allowed in the management access filter rule. The IP Type ‘ANY’ indicates global network ( Any network/ip address ). -
Page 17: Logging
STM- SIP Security Policy Configuration 3.5. Logging The administrator can configure the STM appliance to send the security alerts generated on detecting the SIP based attacks, to the remote syslog server. The logging page will allow enable/disable the remote logging of security alerts and to which syslog server the security alerts are to be forwarded. -
Page 18: Configuring The Sip Security Policies
STM- SIP Security Policy Configuration 4. Configuring the SIP Security Policies 4.1. SIP Security Settings The SIP Deep packet inspection engine running the STM appliance has been made to inspect the SIP traffic with the SIP Security Compliance rules in built into the SIP DPI engine. - Page 19 STM- SIP Security Policy Configuration The table given below lists the SIP Deep packet Inspection rules categories supported in STM and configuration parameters in each category. Category Possible Actions User Configurable options SIP Reconnaissance Attacks Log the alert/Block the attack/Blacklist attacker ip SIP Devices Scanning Log the alert/Block the attack/Blacklist attacker ip...
-
Page 20: Firewall Rules
STM- SIP Security Policy Configuration 4.3. Firewall Rules The firewall rules configuration will allow the administrator in configuring what traffic should be allowed to protected SIP PBX/Gateway network from untrusted wan zone, besides DPI enabled SIP traffic and RTP traffic. The administrator needs to specify the source and destination networks and port numbers and protocol that will be used as the matching criteria in the filtering rule and action to be taken on matching the filtering rule. -
Page 21: Blacklist Rules (Static)
STM- SIP Security Policy Configuration 4.5. Blacklist Rules (Static) This page allows to configure the black listed ip addresses in the untrusted wan zone from which the access to communicate with the protected SIP network will be blocked by the STM firewall. -
Page 22: Dynamic Blacklist Rules
STM- SIP Security Policy Configuration 4.6. Dynamic Blacklist Rules The dynamic blacklist rules are the blocking rules added by the STM SIP deep packet inspection engine to block the traffic from attacker ip addresses for the blocking duration configured in the rules category, on detecting the attack. The dynamic blacklist rules will allow the administrator to see the dynamic blacklist rules currently configured on the device at any instant. -
Page 23: Status
STM- Status 5. Status 5.1. Security Alerts The status alerts page shows the list of alerts pertaining to the SIP attacks detected the STM SIP Deep packet inspection engine at any instant. The administrator can choose to set log viewer page refresh interval in this page. The option to download the security alerts shown in this page in CSV format is available in the page. -
Page 24: Device Administration
STM- Device Administration 6. Device Administration 6.1. Administration The Administration user interface page provides the option for running factory reset on the device, restarting the device, device reboot, device shutdown & Configuration backup/restore. Running factory-reset on the device requires reboot, thus the administrator will be redirected wait notification page on clicking the factory reset button and will be prompted login once the device comes up with the default configuration. -
Page 25: Ping
STM- Device Administration To run the utility on the device, the administrator needs to click the ‘Run diagnostics’ button. The device will run the diagnostics task in the backend and display the results once the task is complete. The administrator can download the reports by clicking the ‘Get Report’ button and send the report to Allo Shield Support team 6.3. -
Page 26: Traceroute
STM- Device Administration 6.4. Traceroute The administrator can troubleshoot the network connectivity issues with running traceroute from the STM device. The administrator needs to enter the IP address to which the route needs to be traced from the STM appliance/hop count and click the ‘Traceroute’ button to run the task. The traceroute results will be displayed in the text area once the traceroute task is complete. -
Page 27: Firmware Upgrade
• The device will verify the firmware uploaded and install. After install the device will reboot and administrator will be redirected the login page. Thanks for Choosing Shield STM. Any Technical assistance required, Kindly raise the support ticket at http://support.allo.com/ User Manual v1.0...
Need help?
Do you have a question about the Shield STM and is the answer not in the manual?
Questions and answers