Card acts as the mediation servers external edge

Info icon This preview shows pages 49–51. Sign up to view the full content.

View Full Document Right Arrow Icon
card acts as the Mediation Server’s external edge, listening for TCP traffic from the media gateway. Using two dedicated listening addresses ensures the clear separation between trusted traffic originating in the Lync Server 2010 network and untrusted traffic from the PSTN. For details about the necessity for two dedicated, non-routed subnets, see Communications Server Mediation Server: Dual NIC Issue at http://go.microsoft.com/fwlink/?LinkId=214403 In This Section Best Practices for Securing Enterprise Voice in Lync Server 2010 Limiting Calls from Gateways for Lync Server 2010 45
Image of page 49

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Microsoft Lync Server 2010 Security Guide Media Security for Lync Server 2010 Assigning Call Privileges for Lync Server 2010 Exchange Unified Messaging Security Levels Survivable Branch Appliance Security Best Practices for Securing Enterprise Voice in Lync Server 2010 Install the Mediation Server on a computer with two network adapter cards. Note: Even if you configure the link between the Mediation Server and the media gateway for TLS, it is still good practice to further enhance security by configuring the Mediation Server with two network interface cards to separate its internal and external edges. Configure the internal edge of a Mediation Server to correspond to a unique static route that is described by an IP address and a port number. The default port is 5061. Configure the external edge of a Mediation Server as the internal next hop proxy for the media gateway. The external edge should be identified by a unique combination of IP address and port number. The IP address should not be the same as that of the internal edge; the default port is 5068. Limiting Calls from Gateways for Lync Server 2010 Each gateway is configured with a maximum number of failed call attempts before traffic to the gateway is limited. The default number of attempts is ten. Limiting call attempts discourages malicious efforts to tie up incoming lines. For a particular call, a given gateway cannot be attempted more than once. If all gateways that serve a particular route are marked as unavailable, the server drops the call and notifies the client. You can also configure a gateway to be removed from the selection logic for some period of time. The unresponsive gateway is removed from the list of available gateways for increasing periods of time, up to a maximum of 60 minutes, during which time the server repeatedly attempts to elicit a positive response. After receiving a positive response, the server returns the gateway to the list of available gateways. Media Security for Lync Server 2010 Signaling for incoming phone calls from the PSTN flows through the media gateway to the Mediation Server, where it is translated to SIP for internal call routing. The media portion follows the same route to the Mediation Server. From the Mediation Server, the call is routed directly to the endpoint if the direct connection is available.
Image of page 50
Image of page 51
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern