V6100 and V7122 User Guide 3496002, 6012and up - T.38 traffic Always adjacent to the RTCP port number5060 5060 SIP Configurable (LocalSIPPort [UDP],TCPLocalSIPPort [TCP]).5061 5061 SIP over TLS (SIPS) Configurable (TLSLocalSIPPort)(random) >32767 514 Syslog Disabled by default (EnableSyslog).(random) >32767 - Syslog ICMP Disabled by default (EnableSyslog).(random) >32767 - ARP listener(random) >32767 162 SNMP Traps Can be disabled (DisableSNMP)(random) >32767 - DNS clientRecommended PracticesTo improve network security, the following guidelines are recommended when configuringthe V7122: Set the password of the primary web user account (see Configuring the Web UserAccounts) to a unique, hard-to-hack string. Do not use the same password for severaldevices as a single compromise may lead to others. Keep this password safe at all timesand change it frequently. If possible, use a RADIUS server for authentication. RADIUS allows you to set differentpasswords for different users of the V7122, with centralized management of thepassword database. Both Web and Telnet interfaces support RADIUS authentication(see SRTP). If the number of users that access the Web and Telnet interfaces is limited, you can usethe ‘Web and Telnet Access List’ to define up to ten IP addresses that are permitted toaccess these interfaces. Access from an undefined IP address is denied (seeConfiguring the Web and Telnet Access List). Use IPSec to secure traffic to all management and control hosts. Since IPSec encryptsall traffic, hackers cannot capture sensitive data transmitted on the network, andmalicious intrusions are severely limited. Use HTTPS when accessing the Web interface. Set HTTPSOnly to 1 to allow onlyHTTPS traffic (and block port 80). If you don't need the Web interface, disable the Webserver (DisableWebTask). If you use Telnet, do not use the default port (23). Use SSL mode to protect Telnet trafficfrom network sniffing.