- Advisory services
- Consultations
- Network and technology policies
- Network and technology service docs
- Using Jisc community
- Network and technology service docs
- Domain name registration
- How to sign up
- Janet Support Manual
- Janet CSIRT
- Back-up services
- eduroam
- Backup Web Hosting
- Certificate Service
- Connection timeline
- Eligibility
- Janet 3G Buyer's Guide
- Janet 3G eduroam interoperablity authentication methods
- Janet Mail Services
- Janet Network Charges
- Janet Reach
- Janet Videoconferencing Feedback results
- Primary connections
- Supporting Business Continuity
- Business and Community Engagement (BCE) using Janet
- Cost
- Interconnect connections
- Connecting student accommodation
- Customer-owned routing equipment
- Obtaining a Janet IP Address Range
- Terms for the Provision of the Janet Service
- Upgrading your existing bandwidth and Janet router
- Fault reporting
- IP address assignment
- Janet Aurora
- Janet Netsight
- Janet txt
- Routers
- Network set-up
- Guest access
- Network time service
- Training
- Contact
- Primary Nameserver Service
- Secondary Nameserver Service
- Vscene
- Vscene
- Vscene updates and revisions
- Login Options
- Jisc and Ajenta partnership FAQ
- Learn more about Vscene
- Vscene Help and user guides
- Videoconferencing service policies
- ISDN
- Content providers
- Technical documentation
- Technical details
- Technical documentation
- Archive
- NAT, Firewalls and videoconferencing - H.323 Border Traversals
- Security guide for H.323
- Guide to reliable campus H.323 networks
- Configuring a Gatekeeper to use with Janet VideoConferencing
- Videoconferencing standards
- Video Displays, Signals and Formats
- Videoconferencing Quality
- Janet Videoconferencing Service check
- ISDN Dialup
- IP Videoconferencing
- Datasharing on Janet VideoConferencing Service
- Global Dialing Scheme explained
- Registering a Gatekeeper with the Global Dialing Service
- Joining a Vscene session to a 3rd party MCU
- Security guide for H.323
- H.323 security in perspective
- From ISDN to IP
- Overview of H.323 security issues
- H.323 site deployment
- H.323 device security
- Call snooping, recording and unwanted guests
- Encryption, IP security (IPsec) and VPNs
- Firewalls and proxies
- Summary of site setup recommendations
- Conclusion
- References
- Appendix A - Deployment Security Checklist
Appendix A - Deployment Security Checklist
Download as PDFThis checklist is intended as a guide for site administrators. It may not be an exhaustive list of issues (this will vary depending on the site security policy, for example), but should be of assistance as a starting point.
| Task | Note |
| Plan deployment topology for H.323 equipment. | |
| Check H.323 capabilities of the site firewall. | |
| Establish security policy for H.323 equipment and implement on site firewall. |
|
|
Determine if an H.323 proxy is to be used for either policy or technical reasons (e.g. is NAT used inside the site for H.323 terminal addresses?). |
|
| Establish access methods for the H.323 terminal location, whether by lock and key, or under supervision. | |
| Prevent H.323 terminal users from altering configuration settings on the terminal during a session. | |
| Run port scanner against site’s H.323 equipment to understand open services, and remove unnecessary services. | |
| Turn off gatekeeper IP multicast discovery if not used (where gatekeeper deployed). | |
|
Ensure topology from campus border router and from any management stations to the H.323 terminal is run over dedicated connections or switched Ethernet paths. |
|
| Check and change default user names and passwords on H.323 equipment. | |
|
Schedule checks for software and firmware updates, and subscribe to appropriate security-related mailing lists foryour H.323 equipment. |
|
|
Use source IP addresses to control participants that can connect to MCU devices (the JVCS-IP service connects out to participants from the MCUs). |
