Marcos Hernandez, SMB Technical Marketing Engineer

Slides:

Advertisements

Similar presentations

Cisco Device Hardening Disabling Unused Cisco Router Network Services and Interfaces.

Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.

Implementing a Highly Available Network

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.

CCNA 2 v3.1 Module 2.

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.

S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.

NOC TOOLS syslog AfNOG Cairo, SI-E, 2 of 5 Sunday Folayan.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.

Ch. 5 – Access Points. Overview Access Point Connection.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public TSHOOT v6 Chapter 1 1 Chapter 1: Planning Maintenance for Complex Networks CCNP TSHOOT:

V 0.1Slide 1 Security – System Configuration How to configure WebSAMS? Access Control Other Information Configuration  system customization  system configuration.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 Version 3.0 Module 11 TCP Application and Transport.

Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 EDCS- Call Accounting and Call Detail Record Collection for UC500 Marcos.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.

Chapter 3: Authentication, Authorization, and Accounting

Cisco Router Forensics Thomas Akin, CISSP Director, Southeast Cybercrime Institute Kennesaw State University BlackHat Briefings, USA, 2002.

Agilent Technologies Copyright 1999 H7211A+221 v Capture Filters, Logging, and Subnets: Module Objectives Create capture filters that control whether.

1 Router Fundamentals (Ref. CCNA5 Introduction to Networks 2.1, 6.3)

Jose Luis Flores / Amel Walkinshaw

Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.

Configuring AAA Kamyar Miremadi Laila Sherif Summer 2005.

RADIUS What it is Remote Authentication Dial-In User Service

+ Routing Concepts 1 st semester Objectives  Describe the primary functions and features of a router.  Explain how routers use information.

Role of Router. The Router as a Perimeter Device  Usually the main function of a router is considered as the forwarding of packets between two network.

HC+ Backup and Restore v1.00 Revision 1. Change Log Build 1 - Initial Build  Initial Release Supporting Telnet and SSH via IPv4. Build 2-3  Releases.

Cisco Exam Questions IMPLEMENTING CISCO IOS NETWORK SECURITY (IINS V2.0) VERSION: Presents: 1.

Managing a Cisco Devices Internetwork

Device Infrastructure

Welcome to the CardSaver VoIP Billing & Call Management Demonstration

100% Exam Passing Guarantee & Money Back Assurance

Working at a Small-to-Medium Business or ISP – Chapter 8

Munix for Education Content Filter, Bandwidth Control, Location Mapping, Movement Analysis, User Self Management Portal, Time Analysis, and much more ….

CCNA Routing and Switching Routing and Switching Essentials v6.0

Module Overview Installing and Configuring a Network Policy Server

Information Security Professionals

Instructor Materials Chapter 9: Testing and Troubleshooting

Implementing Network Access Protection

Securing the Network Perimeter with ISA 2004

AAA Introduction Chalk Talk

Chapter 10: Device Discovery, Management, and Maintenance

CCNA Routing and Switching Routing and Switching Essentials v6.0

Chapter 6: Network Layer

NAT , Device Discovery Chapter 9 , chapter 10.

Cisco Real Exam Dumps IT-Dumps

Valid 2018 Cisco Exam Dumps Questions Braindumps DumpsProfessor

– Chapter 3 – Device Security (B)

Chapter 10: Device Discovery, Management, and Maintenance

Understanding Cisco Router Security

Ch. 7 Network Management CIS 187 Multilayer Switched Networks CCNP version 7 Rick Graziani Spring 2016.

Chapter 8: Monitoring the Network

– Chapter 3 – Device Security (B)

Cisco networking CNET-448

Review - week 4 Basic device access security

Chapter 7 Network Applications

Features Overview.

Agenda Comware 5 and Comware 7 device based AAA:

Presentation transcript:

Marcos Hernandez, SMB Technical Marketing Engineer EDCS-<EDCS number> Call Accounting and Call Detail Record Collection for UC500 Marcos Hernandez, SMB Technical Marketing Engineer December 2008

Call Accounting Options for SBCS Call Detail Records sent to a Syslog Server Call Detail Records sent to an FTP Server Call Detail Records sent to a Radius Server

CDRs sent to a Syslog Server –Quick and Easy UC500 Configuration service timestamps log datetime msec localtime ! aaa new-model aaa authentication login default none aaa accounting connection h323 start-stop radius gw-accounting syslog logging <LAN IP Address of the Syslog Server> Pros: Easy to Configure Low Cost Quick Deployment Easy to interpret (CSV format) Multiple servers Cons: Syslog works over UDP LAN deployment only No local CDR backup Important: Make sure that clock settings are accurate, for proper time stamping. NTP is recommended. PSTN/VoIP Syslog Server

CDR’s sent to Syslog Server - Details service timestamps log datetime msec localtime !--- Ensures that the records are timestamped with an accurate value. aaa new-model aaa authentication login default none !--- Enables AAA to prevent Telnet authentication via AAA. aaa accounting connection h323 start-stop radius !--- Generates the H.323 call start/stop CDRs. gw-accounting syslog !--- Sends the H.323 CDRs to the syslog server. logging 192.168.10.12 !--- The IP address of the syslog server. Multiple syslog servers !--- can be specified for redundancy.

CDRs sent to a FTP Server – Quick and Reliable Need IOS 12.4(20)T or higher UC500 Configuration service timestamps log datetime msec localtime ! gw-accounting aaa gw-accounting file primary ftp <FTP Server IP Address> username <username> password <password> secondary ifs flash:cdr maximum buffer-size 15 maximum retry-count 3 maximum fileclose-timer 300 maximum cdrflush-timer 245 Pros: Easy to Configure Low Cost Quick Deployment Easy to interpret (CSV format) Reliable transport (TCP) CDR’s can be backed up to flash (make sure you have enough space) Cons: CPU intensive on busy systems (timers might need to be tweaked) Important: Make sure that clock settings are accurate, for proper time stamping. NTP is recommended. PSTN/VoIP FTP Server

CDR’s sent to FTP Server - Details gw-accounting file !---Enables the file method of accounting primary {ftp path/filename username username password password | ifs device:filename} !---Sets the primary location for storing the CDRs generated for !---file accounting. secondary {ftp path/filename username username password password | ifs device:filename} !---Sets the backup location for storing CDRs if the primary location !---becomes unavailable. maximum retry-count number !---Sets the maximum number of times the router attempts to connect !---to the primary file device before switching to the secondary device. maximum buffer-size kbytes !---Sets the maximum size of the file accounting buffer. maximum fileclose-timer minutes !---Sets the maximum time for writing records to an accounting file !---before closing it and creating a new file. maximum cdrflush-timer minutes !---Sets the maximum time to hold call records in the buffer before !---appending the records to the accounting file.

CDRs sent to a Radius Server - Advanced UC500 Configuration service timestamps log datetime msec localtime ! aaa new-model aaa accounting connection h323 start-stop broadcast group radius aaa session-id common radius-server host <IP of RADIUS Server> radius-server vsa send accounting radius-server vsa send authentication gw-accounting aaa Pros: More reliable accounting Vendor Specific Attributes (VSA) Customized records Specific captures can be stored in flash (templates) Multiple servers Cons: More configuration/customization Requires RADIUS infrastructure (typically deployed on the WAN) Important: Make sure that clock settings are accurate, for proper time stamping. NTP is recommended. PSTN Internet RADIUS Server Important: Radius CDR’s are currently the only records that include both forced and non-forced authorization and accounting codes.

CDR’s sent to Radius - Details aaa new-model !---Enables AAA aaa authentication login h323 group radius !---Creates a named list that checks the RADIUS server for authentication details !---for H.323 calls. aaa authorization exec h323 group radius !---Creates named lists that configure RADIUS as the method for H.323 authorization. aaa accounting connection h323 start-stop radius !---Specifies use of connection-based accounting and H.323. radius-server host <IP Address of Radius Server> !---Specifies a RADIUS server host. radius-server host non-standard !---Identifies that the security server is using a vendor-proprietary implementation !---of RADIUS. radius-server key !---Sets the password (key) to use for authenticating to the RADIUS server.

Additional Information and Troubleshooting CDR Logging Configuration with Syslog Servers and Cisco IOS Gateways http://www.cisco.com/en/US/tech/tk1077/technologies_tech_note09186a0080094e72.shtml Configuring File Accounting http://www.cisco.com/en/US/docs/ios/voice/cdr/developer/guide/cdrcsv.html Configuring RADIUS Accounting http://www.cisco.com/en/US/docs/ios/voice/cdr/developer/guide/cdradius.html#wp1057753 For questions: www.cisco.com/go/smallbizsupport