The System Security Management offers a possibility of managing the global security levels, running the system security diagnostics program and receiving complete reports on the QX1000 configuration security. It includes three pages- the System Security Settings page, the System Security Diagnostics page and the SIP IDS Settings page.
The System Security Settings page includes the following components
The Security Level table - allows selecting the Security Level defining requirements to the IP Lines' password strength and the Security Report granularity. The security levels are as follows:
Low - There are no specific restrictions on the strength of the saved password. Only the critical warnings on the Call Routing Rules to PSTN and IP-PSTN, disabled Firewall and IDS will be generated in Security Report.
Medium - The minimum strength of the IP Line passwords should be "good". The Security Report will generate warnings on all unsecured Call Routing rules, IP Line passwords, Firewall level (if it is set to lower than "Medium") and disabled IDS.
High - The minimum strength of the IP Line passwords should be "strong". The Security Report will generate warnings on the IP Line passwords, disabled IDS, unsecured SIP, and unsecured Routing Rules to SIP, PSTN and IP-PSTN and also regarding the Firewall level if it is set to lower than "High".
The System Security Diagnostics page allows running the security audit and getting the security reports. The Start Security Audit functional button is used for running the security audit. The QX1000 Security Audit is a security reporting system, which generates the warnings regarding the QX1000's weaknesses relative to the selected Security Level. The warnings may vary depending on the selected global Security Level. The Security Audit will detect the security related configuration issues in Firewall, IDS, IP Line passwords, Call Routing and extension settings.
The Show the latest security report link allows to display the last security audit report.
This page also contains the following useful links to adjust the system security
The SIP IDS Settings page includes the following components:
The Enable SIP IDS checkbox - allows to enable the preventing of SIP attacks.
The Add the IP address into the Blocked IP list in Firewall checkbox - allows to block SIP attacker's IP address. SIP attacker's IP address will be blocked by QX1000 Firewall and will be added on the Firewall Blocked IP List table.
The Discard SIP messages from IP address for checkbox - allows to discard the accumulated SIP messages from the QX1000 SIP cash after defined timeout (default timeout value of "Discard SIP messages from IP address for" service is 32 seconds).
Please note: Refer to the QX1000 admin guide regarding the security related configuration options on the QX1000.