13 Appendix
This chapter describes the Appendix for DSR.
13.1 Secure Deployment Checklist
Enter a short description of your topic here (optional).
The following security checklist helps you secure Oracle Communications Diameter Signaling Router (DSR) and its components:
- Change default passwords
- Utilize LDAP for authentication purposes
- Utilize authorized IP addresses feature
- Use TLS or IPSEC
- Enforce strong password management
- Restrict admin functions to the required few administrator groups
- Configure community strings and traps explained in Other Optional Configurations chapter
- Restrict network access by enabling the DSR firewall feature
- Enforce iLO to use strong encryption
- Available Ciphers for SSH and HTTPS/SSL
The DSR system has been preconfigured to require modern strong ciphers for both SSH and
TLS. The supported ciphers/MACs for SSH connections
are:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha2-512,hmac-sha2-256This is configured in
/etc/ssh/sshd_conf. The supported cipher set
(using openssl notation) for HTTPS/TLS
is:ECDH+AES128:ECDH+AESGCM:ECDH+AES256:DH+AES:DH+AESGCM:DH+AES256:RSA+AES:RSA+AESGCM:!aNULL:!MD5:!DSS:!SSLv3:!3DESFor the default TLS (https) connection, this is configured in
/etc/httpd/conf.d/ssl.conf. For certificates loaded via the
GUI, this is configured in
/var/TKLK/appworks/etc/https.template.
For detailed information on importing HTTPS or SSL Certificate into VNFM, see the DSR VNFM Installation and User Guide.