3Com® VCX V7111 VoIP Gateway User Guide 345Recommended PracticesTo improve network security, the following guidelines are recommended when configuringthe V7111 gateway: Set the password of the primary web user account (see Configuring the Web UserAccounts) to a unique, hard-to-hack string. Do not use the same password for severaldevices as a single compromise may lead to others. Keep this password safe at all timesand change it frequently. If possible, use a RADIUS server for authentication. RADIUS allows you to set differentpasswords for different users of the V7111 gateway, with centralized management of thepassword database. Both Web and Telnet interfaces support RADIUS authentication(see SRTP). If the number of users that access the Web and Telnet interfaces is limited, you can usethe Web and Telnet Access List to define up to ten IP addresses that are permitted toaccess these interfaces. Access from an undefined IP address is denied (seeConfiguring the Web and Telnet Access List). Use IPSec to secure traffic to all management and control hosts. Since IPSec encryptsall traffic, hackers cannot capture sensitive data transmitted on the network, andmalicious intrusions are severely limited. Use HTTPS when accessing the Web interface. Set HTTPSOnly to 1 to allow onlyHTTPS traffic (and block port 80). If you don't need the Web interface, disable the Webserver (DisableWebTask). If you use Telnet, do not use the default port (23). Use SSL mode to protect Telnet trafficfrom network sniffing. If you use SNMP, do not leave the community strings at their default values as they canbe easily guessed by hackers (see SNMP Community Names). Use a firewall to protect your VoIP network from external attacks. Network robustnessmay be compromised if the network is exposed to Denial of Service (DoS) attacks. DoSattacks are mitigated by Stateful firewalls. Do not allow unauthorized traffic to reach theV7111 gateway.Legal NoticeBy default, the V7111 gateway supports export-grade (40-bit and 56-bit) encryption due toUS government restrictions on the export of security technologies. To enable 128-bit and256-bit encryption on your device, contact your 3Com representative.This product includes software developed by the OpenSSL Project for use in the OpenSSLToolkit (www.openssl.org)This product includes cryptographic software written by Eric Young' (eay@cryptsoft.com).