Appendix A - Deployment Security Checklist

Download as PDFDownload as PDF

This checklist is intended as a guide for site administrators. It may not be an exhaustive list of issues (this will vary depending on the site security policy, for example), but should be of assistance as a starting point.

Task Note
Plan deployment topology for H.323 equipment.  
Check H.323 capabilities of the site firewall.  
Establish security policy for H.323 equipment and
implement on site firewall.

Determine if an H.323 proxy is to be used for either policy or technical reasons (e.g. is NAT used inside the site for H.323

terminal addresses?).

Establish access methods for the H.323 terminal location, whether by lock and key, or under supervision.  
Prevent H.323 terminal users from altering configuration settings on the terminal during a session.  
Run port scanner against site’s H.323 equipment to understand open services, and remove unnecessary services.  
Turn off gatekeeper IP multicast discovery if not used (where gatekeeper deployed).  

Ensure topology from campus border router and from any management stations to the H.323 terminal is run over dedicated

connections or switched Ethernet paths.

Check and change default user names and passwords on H.323 equipment.  

Schedule checks for software and firmware updates, and subscribe to appropriate security-related mailing lists foryour H.323



Use source IP addresses to control participants that can connect to MCU devices (the JVCS-IP service connects out to participants

from the MCUs).