• Advisory services
  • Consultations
  • Network and technology policies
  • Network and technology service docs
  • Using Jisc community
  • Network and technology service docs
  • Domain name registration
  • How to sign up
  • Janet Support Manual
  • Janet CSIRT
  • Back-up services
  • eduroam
  • Backup Web Hosting
  • Certificate Service
  • Connection timeline
  • Eligibility
  • Janet 3G Buyer's Guide
  • Janet 3G eduroam interoperablity authentication methods
  • Janet Mail Services
  • Janet Network Charges
  • Janet Reach
  • Janet Videoconferencing Feedback results
  • Primary connections
  • Supporting Business Continuity
  • Business and Community Engagement (BCE) using Janet
  • Cost
  • Interconnect connections
  • Connecting student accommodation
  • Customer-owned routing equipment
  • Obtaining a Janet IP Address Range
  • Terms for the Provision of the Janet Service
  • Upgrading your existing bandwidth and Janet router
  • Fault reporting
  • IP address assignment
  • Janet Aurora
  • Janet Netsight
  • Janet txt
  • Routers
  • Network set-up
  • Guest access
  • Network time service
  • Training
  • Contact
  • Primary Nameserver Service
  • Secondary Nameserver Service
  • Vscene
  • Vscene
  • Vscene updates and revisions
  • Login Options
  • Jisc and Ajenta partnership FAQ
  • Learn more about Vscene
  • Vscene Help and user guides
  • Videoconferencing service policies
  • ISDN
  • Content providers
  • Technical documentation
  • Technical details
  • Technical documentation
  • Archive
  • NAT, Firewalls and videoconferencing - H.323 Border Traversals
  • Security guide for H.323
  • Guide to reliable campus H.323 networks
  • Configuring a Gatekeeper to use with Janet VideoConferencing
  • Videoconferencing standards
  • Video Displays, Signals and Formats
  • Videoconferencing Quality
  • Janet Videoconferencing Service check
  • ISDN Dialup
  • IP Videoconferencing
  • Datasharing on Janet VideoConferencing Service
  • Global Dialing Scheme explained
  • Registering a Gatekeeper with the Global Dialing Service
  • Joining a Vscene session to a 3rd party MCU
  • Security guide for H.323
  • H.323 security in perspective
  • From ISDN to IP
  • Overview of H.323 security issues
  • H.323 site deployment
  • H.323 device security
  • Call snooping, recording and unwanted guests
  • Encryption, IP security (IPsec) and VPNs
  • Firewalls and proxies
  • Summary of site setup recommendations
  • Conclusion
  • References
  • Appendix A - Deployment Security Checklist

Appendix A - Deployment Security Checklist

Download as PDFDownload as PDF

This checklist is intended as a guide for site administrators. It may not be an exhaustive list of issues (this will vary depending on the site security policy, for example), but should be of assistance as a starting point.

Task Note
Plan deployment topology for H.323 equipment.  
Check H.323 capabilities of the site firewall.  
Establish security policy for H.323 equipment and
implement on site firewall.
 

Determine if an H.323 proxy is to be used for either policy or technical reasons (e.g. is NAT used inside the site for H.323

terminal addresses?).

 
Establish access methods for the H.323 terminal location, whether by lock and key, or under supervision.  
Prevent H.323 terminal users from altering configuration settings on the terminal during a session.  
Run port scanner against site’s H.323 equipment to understand open services, and remove unnecessary services.  
Turn off gatekeeper IP multicast discovery if not used (where gatekeeper deployed).  

Ensure topology from campus border router and from any management stations to the H.323 terminal is run over dedicated

connections or switched Ethernet paths.

 
Check and change default user names and passwords on H.323 equipment.  

Schedule checks for software and firmware updates, and subscribe to appropriate security-related mailing lists foryour H.323

equipment.

 

Use source IP addresses to control participants that can connect to MCU devices (the JVCS-IP service connects out to participants

from the MCUs).