Security Considerations
Secure Transports
For all communications between client and server that must be secure:
- HTTPS is used with SSL certificates from a trusted authority.
- For WebRTC, DTLS-SRTP is used.
- For Flash, RTMFP or RTMPT/S is used.
Note: Currently TLS and SRTP are not supported by MCU on the SIP-side.
Tools and Services
Fail2ban
To ban IP addresses that repeatedly have failed login attempts, Genesys recommends installing fail2ban. This rpm is shipped with the Common IP package in the extras folder.
You need root access to install this rpm:
sudo yum -y --nogpgcheck localinstall python-inotify-0.9.1-1.el6.noarch.rpm
sudo yum -y --nogpgcheck localinstall gamin-python-0.1.10-9.el6.x86_64.rpm
sudo yum -y --nogpgcheck localinstall fail2ban-0.8.14-1.el6.noarch.rpmThe default install will ban IP addresses after three failed attempts for 600 seconds.
Telnet and FTP
Telnet and FTP services have known security issues. Genesys recommends disabling these services on the Platform.
Xinetd
Run the following command:
sudo chkconfig xinetd offPort Usage
For port requirements, see Connection Map.
This page was last edited on June 16, 2016, at 20:37.
Comments or questions about this documentation? Contact us for support!