570
COMpact 5000/R - Firmware V6.6A - Installation, Operation and Configuration V05 03/2016
Settings
Internet Access
IP Blacklist and Whitelist as Protection Against Attacks from the Internet
1. Open the page
Administration > IP configuration
.
2. Select or clear the
Force HTTPS connection
check box under
IP configuration
.
IP Blacklist and Whitelist as Protection Against Attacks from the Internet
As soon as the PBX is connected to the Internet, it is at risk of being attacked, for example by
DoS (Denial of Service) attacks or attacks aimed at the internal SIP server, that come via the
Internet.
To prevent this, you can and should enable an IP blacklist. Such an IP blacklist can contain IP
addresses using the IPv4 format as well as IP addresses using the IPv6 format.
Note:
The administrator can view automatically configured restrictions, and if
necessary cancel them, in the IP blacklists.
The administrator can go to the IP whitelists and enter IP addresses that are
not to be blocked, even during times of high traffic.
An entry in the IP blacklist is logged (see
Monitoring > System messages
)
and a system e-mail is sent (see
Administration > System messages
).
Switching an IP Blacklist On/Off
If the PBX's IP blacklists are enabled, it then monitors and evaluates network-based access
attempts, such as the number of data packets per second or SIP authentication failures.
If traffic from a particular IP address is evaluated as being too high - and therefore probably
malicious- this IP address is blocked. This means that accesses from this IP address to the
PBX are initially prevented for one minute (single block by block time). The administrator is
informed about the block (
Monitoring > Status report
). During the block time the PBX
continues to monitor the traffic from this IP address. If the traffic from this IP address to the PBX
continues to be too high, the single block time is extended (block time restarts).
If the number of attacks from IP addresses over the Internet exceeds a threshold, all traffic
outside of the local network is blocked (global block). The local network is the network
configured for the CPU (
Administration > IP configuration
under
ETHERNET CONFIGU-
RATION
).
The administrator must then put in place appropriate measures to protect the PBX within its
infrastructure (e.g. using routers or bridges).