Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for Allo.com STM
Summary of Contents for Allo.com STM
- Page 1 STM User Manual www.allo.com Version 1.0...
- Page 2 Proprietary Rights The information in this document is Confidential to Allo.com and is legally privileged. The information and this document are intended solely for the addressee. Use of this document by anyone else for any other purpose is unauthorized.
-
Page 3: About This Manual
STM User Manual About this manual This manual describes the Allo product application and explains how to work and use it major features. It serves as a means to describe the user interface and how to use it to accomplish common tasks. -
Page 4: Table Of Contents
Support Information ......................3 1. Introduction ......................... 7 . Overview........................7 1.1.1. Notification LEDs (On the Front Panel of the STM) ..........9 1.1.2. STM Rear View: ....................... 10 1.1.3. STM Deployment Considerations ................10 2. Initial Setup & Configuration ..................13 .Default Configuration .................... - Page 5 STM User Manual 4. Security Settings ......................27 4.1. SIP Attacks Detection ....................27 4.2. SIP Servers ........................33 4.3. SIP Settings ........................34 4.4. SIP Monitoring ......................38 4.5. Call Blocker Rules ......................38 4.6. Firewall Rules ....................... 41 4.7.
- Page 6 6.7. Logs Archive ......................... 58 7. Frequently Asked Questions (FAQs) ................59 8. Glossary ........................60 9. Appendix A – Using Console Access ................64 10. Appendix B – Configuring STM IP Address via Console ..........65 www.allo.com Version 1.0...
-
Page 7: Introduction
1. Introduction 1.1 . Overview This User manual describes the steps involved in setting up the allo STM Appliance. Allo STM is an appliance based VoIP threat prevention solution dedicated to protect the SIP based PBX/Telecom Gateway/IP Phones/Mobile device deployments. The appliance runs the Real time Deep Packet Inspection on the SIP traffic to identify the VOIP attack vectors and prevents the threats impacting the SIP based devices. - Page 8 STM User Manual Attack response includes the option for quietly dropping malicious SIP packets to help prevent continued attacks Dynamic Blacklist Update service for VOIP, SIP PBX/Gateway Threats Configurability of Blacklist/White list/Firewall rules. Support for Geo Location based blocking.
-
Page 9: Notification Leds (On The Front Panel Of The Stm)
Primary Storage 16 MB Flash 64MB Secondary Storage USB Storage devices support for logging ( Optional) Interfaces Two Fast Ethernet Interfaces. 1.1.1. Notification LEDs (On the Front Panel of the STM) Figure 1: Front Panel LED Notifications www.allo.com Version 1.0... -
Page 10: Stm Rear View
Figure 2: STM Rear View 1.1.3. STM Deployment Considerations The STM has been made to protect the SIP based PBX/Gateway Servers against SIP based network threats and anomalies. Thus it is recommended to deploy the STM along with the PBX/Gateway deployment as given in the following scenarios based on what is applicable in the user’s setup. - Page 11 Some of the PBX/Gateway devices may have an exclusive LAN/Mgmt Interface for device management purpose other than the Data Interface (also referred as WAN/Public Interface). In such cases LAN Port of the STM should be connected to the Data Interface (WAN/Public Interface). Deployment Scenario 2...
- Page 12 STM User Manual Figure 5: Scenario3 www.allo.com Version 1.0...
-
Page 13: Initial Setup & Configuration
Some of the PBX/Gateway devices may have an exclusive LAN/Mgmt Interface for device management purpose other than the Data Interface (also referred as WAN/ public Interface). In such cases LAN port of the STM should be connected to the Data Interface (WAN/ Public Interface). -
Page 14: Accessing The Webui
Configure the STM Device IP Address from the “Device Settings” Page as per your local network range. Verify the IP address set to STM from the dashboard page. Once the user assigns the STM Device IP Address successfully, he can access the device using that IP address further. - Page 15 Alternatively the user can access the device via the static IP 10.0.0.1 and configure the network settings during first time installation. Connect a PC to the LAN port of the STM and assign the IP address 10.0.0.100/255.255.255.0 to the PC. Now you can access the device from the browser using the URL https://<10.0.0.1>...
-
Page 16: Webui Session Timeout
STM User Manual Figure 7: Timeout Message If somebody is already logged in to STM WebUI session, the subsequent attempts to login will notify the details previous login session as illustrated below and will prompt the user to override the previous session and continue OR to discard the attempt the login. -
Page 17: Dashboard
On logging into the STM WebUI, the dashboard will be shown. The user can visit the dashboard page from the any configuration page in the STM WebUI, by clicking the STM Product Icon that appears in the left corner of the Top panel. - Page 18 System Status Panel shows Device up time, Memory Usage, Flash Usage & CPU Usage. Sig Update Version Panel shows the STM Signature version and Release State. Network Status Panel shows IP, LAN MAC, WAN MAC and Gateway of the device.
-
Page 19: Device Configuration
Device Settings 3. Device Configuration Configuration pages of the STM WebUI have been made as self- intuitive and easy to configure. All the configuration pages have been made to work with the two-phase commit model. The two-phase commit model is not applicable to time settings and signature update settings. -
Page 20: General Settings
The page also allows to enable/disable the SSH Access to the device. The ‘Allow ICMP’ option will configure the device to respond to the ICMP ping messages sent to STM appliances or not. By the SSH Access and ICMP Ping messages are allowed to the STM appliance. - Page 21 It allows user to specify the Host name for general settings. IP Configuration User can configure IP to be static or DHCP. IP Addr/Mask It specifies the IP address and Netmask of STM General Settings. Gateway It specifies the Gateway IP of the STM device. E.g. 10.0.0.254 or 10.0.0.1...
-
Page 22: Time Settings
3.3. Management Access Navigate through Device> Management Access The access the STM Device management (SSH CLI / WebUI Access) can be restricted with the management access filters. By default, the access has been allowed to any global address and www.allo.com... - Page 23 STM User Manual management Vlan network configurations on the device. The administrator can override these settings. Figure 14: Create Management Access Rule Name Enter the name of the Management access for user reference. IP Type User can select the appropriate IP type from the drop down list.
-
Page 24: Signature Update
STM User Manual Figure 15: Management Access Results 3.4. Signature Update Navigate through Device> Signature Update To enable the automatic signature update, select the checkbox ‘enable update’ on the device and configure the signature update schedule. The valid subscription key and correct signature update URL should be configured for the signature update to happen. -
Page 25: Logging
Time Schedule It schedule signature update at Configured time in UI. When the user buys the STM appliance, the device will be shipped with the SIP signatures that will help in protecting against the SIP based attacks known as of date. - Page 26 STM User Manual Remote Logging It allows user to configure Remote Log Server settings. Syslog Server User can configure the remote Syslog server where it gets log from the STM device. www.allo.com Version 1.0...
-
Page 27: Security Settings
The possible actions that the STM can execute are logging the alert, block the packets containing the attack vector and blacklist the attacker IP for the given duration. The blocking duration of how long the attacker up needs to be blocked is also configured per category level. - Page 28 STM User Manual User Configurable Category Description options This can be considered as the first step of attacking any system or a network. In this hacker tries to learn information about our network typically conducts a ping sweep of the target network to determine which IP addresses are alive.
- Page 29 Maximum Dialog within a session, SIP Ports and its Protocol. The SIP Deep packet inspection engine running the STM appliance has been made to inspect the SIP traffic with the SIP Security Compliance rules in built into the SIP DPI engine.
- Page 30 STM User Manual protocol anomaly conditions and take the action configured by the administrator. Configuring inappropriate values these parameters can result to the disruptive impact in the VOIP deployment. Administrators with more in-depth understanding with the SIP Protocol can choose to tune these parameters for their specific deployment needs.
- Page 31 STM User Manual data. This refers to illegally trying to access the resources of the SIP device like its memory Buffer overflow address for which it does not have the Attacks authenticate permissions leading data corruption of this address along with its adjacent address.
- Page 32 STM User Manual This refers to flooding the device with general UDP No of UDP Packet within packet on any port where legitimate users are UDP Flood specified duration barred from availing the Device resources after some interval of time.
-
Page 33: Sip Servers
STM User Manual 4.2. SIP Servers Navigate through Security Settings > SIP Servers User can configure all these parameters to avoid IP spoofing attack. In IP spoofing attacker will sniff your IP address and make your system Vulnerable. Figure 19: SIP Servers... -
Page 34: Sip Settings
It allows user to configure SIP compliance settings and SIP media Port Configuration. The SIP Deep packet inspection engine running the STM appliance has been made to inspect the SIP traffic with the SIP Security Compliance rules in built into the SIP DPI engine. - Page 35 STM User Manual Figure 21: SIP Protocol Compliance SIP Protocol Compliance Settings Max_sessions A SIP session is the application level connection setup created between the SIP server and SIP client for exchanging the audio/video messages with each other. The max_sessions parameter defines the maximum number session that SIP deep packet inspection engine can keep track of.
- Page 36 STM User Manual specifies the maximum Request URI field size. The Default is set to 256. The allowed range for this option is 1 - 65535. Max_call_id_len The Call-ID header field in SIP message acts as a unique identifier that relates to sequence of messages exchanged between SIP client and server.
- Page 37 It is used to store and deliver information or data over communication medium. Media may be TCP based or UDP based communications. STM media settings allows user to choose the communication medium of the SIP traffic. It supports TCP, UDP or Both as communication media for SIP Communications. Media ports allow user to configure media ports like 1024-65535.
-
Page 38: Sip Monitoring
Navigate through Security Settings > Call Blocker Rules A user can block the calls statically by making use of "Call Blocker Rules" feature in STM. This feature will block the calls by various viable options such as Phone number, Phone number prefix, Phone Extension, Phone Extension Prefix, IP address and User Agent. - Page 39 STM User Manual Block Anonymous Calls – User cannot able to make call for unknown numbers. Figure 23: Call Blocker Rules Click Add New button, to create Call Blocker Rule. Figure 24: Create Call Blocker Rule Name Specify the name for the Call Blocker Rule for user’s reference.
- Page 40 User can select the appropriate Call Blocker type from the drop down list. It allows user to block the calls that reaching to PBX system i.e. protected by the STM. E.g. 1. Phone number: User can block the SIP communication which is originated from any phone number.
-
Page 41: Firewall Rules
STM User Manual (optional) 4.6. Firewall Rules Navigate through Security Settings > Firewall Rules The firewall rules configuration will allow the administrator in configuring what traffic should be allowed to protect SIP PBX/Gateway network from an untrusted wan zone, besides DPI enabled SIP traffic and RTP traffic. -
Page 42: Firewall Settings
STM User Manual Dst Address User can configure and apply the Firewall rule to particular destination Address (Dst Address). E.g.:192.168.0.8 Protocol Protocols specify interactions between communicating entities. User can select the type of protocol whether it is TCP or UDP from the drop down list. -
Page 43: Whitelist Ip Addresses
This page allows to configure the white listed IP addresses in the untrusted wan zone from which the access to communicate with the protected SIP network will be allowed by the STM. This page will also allow configuring whether the white rules take precedence over the blacklist rules (both static and dynamic) configured on the device at any instant. - Page 44 STM User Manual Figure 28: Create White list Rule Name Specify the name for the White list Rules for user’s reference. The user can choose any name to recognize the White list Rules. IP Type User can select the appropriate IP type from the drop down list.
-
Page 45: Blacklist Ip Addresses
This page allows to configure the blacklisted IP addresses in the untrusted wan zone from which the access to communicate with the protected SIP network will be blocked by the STM. This page will also allow configuring whether the white rules take precedence over the blacklist rules (both static and dynamic) configured on the device at any instant. -
Page 46: Dynamic Blacklist Ip Addresses
4.10. Dynamic Blacklist IP Addresses Navigate through Security Settings > Dynamic Blacklist IP Addresses The dynamic blacklist IP Addresses are the blocking rules added by the STM deep packet inspection engine to block the traffic from attacker IP addresses for the blocking duration configured in the rules category, on detecting the attack. - Page 47 STM User Manual Figure 33: Geo IP Filters www.allo.com Version 1.0...
-
Page 48: Logs
5.1. Security Alerts Navigate through Logs> Security Alerts The status alerts page shows the list of alerts pertaining to the SIP attacks detected the STM Deep packet inspection engine at any instant. The administrator can choose to set log viewer page refresh interval in this page. It also chooses to configure the device to send email notifications summary about the security alerts generated by the device. - Page 49 STM User Manual This feature allows user to send the generated alerts in STM to the specified user. Figure 35: Edit Email Server Settings Enable E-mail User can either enable or disable this email notification. Notification Server IP/Port User can specify the Email server IP address and Server port.
-
Page 50: Call Blocker Logs
STM User Manual 5.2. Call Blocker Logs Navigate through Logs> Call Blocker Logs You can see the logs for the call blocker rule which you have configured at call blocker module. It shows the, source timestamp IP address, source port which tries to make that call attempt. -
Page 51: System Logs
STM User Manual Update Refresh Interval- Users can Update & Refresh the page interval. Refresh- click refresh button, to update the displayed messages and to reflect the most recent changes to a SIP monitoring logs being viewed. Download Logs- User can have the option to download the security alerts shown in this page in CSV format is available on the page. - Page 52 STM User Manual Search- You can check the Log messages that you have created and also search by mentioning the system log names in the search tab. Particular log can search by making use of Search field. Figure 38: System Logs www.allo.com...
-
Page 53: Tools
The STM appliances support taking the configuration backup and restore the configuration later. Figure 39: Administration The configuration backup will contain the lastly persisted configuration, if there are any transient changes that are yet to be applied while taking the backup;... -
Page 54: Diagnostics
The diagnostics page will allow the administrator to gather the troubleshooting logs which will help allo Support team in debugging any issues faced with STM deployment setup. To run the utility on the device, the administrator needs to click the ‘Run diagnostics’ button. -
Page 55: Ping
The administrator can troubleshoot the network connectivity issues with running ping from the STM device. The administrator needs to enter the IP address that needs to be pinged from the STM appliance/ping count and click the ‘Ping’ button to run the task. The ping results will be displayed in the text area once the ping task is complete. -
Page 56: Troubleshooting
STM User Manual Figure 43: Trace route 6.5. Troubleshooting Navigate through Tools> Troubleshooting This page will allow disable/enable the DPI on the STM appliance for troubleshooting purposes. Figure 44: Troubleshooting www.allo.com Version 1.0... -
Page 57: Firmware Upgrade
Download the STM firmware update package from allo website and keep it your local system. From the browser on your local system, login to STM WebUI and launch the STM firmware upgrade page. Click the ‘Browse’ in the firmware page and select the STM firmware update package file that you saved on your local system. -
Page 58: Logs Archive
Navigate through Tools> Logs Archive If the USB storage device attached to STM, the device will attempt to archive older logs in the USB storage device. The summary information on the logs stored on the archive will be shown on the Logs Archive Page. -
Page 59: Frequently Asked Questions (Faqs)
7. Frequently Asked Questions (FAQs) What are SIP Threat Management (STM) devices? SIP threat management (STM) is an approach to security management that allows an administrator to monitor and manage a wide variety of security-related applications and infrastructure components through a single management console. SIP Threat Management (STM) devices combine an Intrusion Prevention System (IPS), Firewall into a single hardware platform. -
Page 60: Glossary
STM User Manual Glossary 8. Glossary Term Definition (Denial DoS are an attempt to make a machine or network resource unavailable to Service) its intended users. DDos (Distributed DDOS is a type of DOS attack where multiple compromised systems which... - Page 61 STM User Manual Term Definition structured text that uses logical links (hyperlinks) between nodes containing text. HTTPS -Hyper Text It makes more difficult for hackers, the NSA, and others to track users. The Transport protocol makes sure the data isn't being transmitted in plain-text format, Protocol over Secure which is much easier to eaves drop on.
- Page 62 STM User Manual Term Definition Secure This is the standard security technology for establishing an encrypted link Socket Layer between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
- Page 63 STM User Manual Term Definition Protocol (TCP) and, together with IP, is sometimes referred to as UDP/IP. TCP/IP- This is the suite of communications protocols used to connect hosts on the Transmission Internet. TCP/IP uses several protocols, the two main ones being TCP and IP.
-
Page 64: Appendix A - Using Console Access
STM User Manual Appendix 9. Appendix A – Using Console Access 1. Connect the serial console the serial port of STM device. 2. Use the following serial console settings to access the 'allo' CLI i. Speed : 38400 ii. Parity : None iii. -
Page 65: Appendix B - Configuring Stm Ip Address Via Console
STM User Manual 10. Appendix B – Configuring STM IP Address via Console The user can choose to view/set the IP address of the STM device allo>show IP Now you can access the device from the browser using the URL https://<device-ip>... - Page 66 STM User Manual www.allo.com Version 1.0...
Need help?
Do you have a question about the STM and is the answer not in the manual?
Questions and answers