Access Security Gateway - Avaya Communication Manager Administrator's Manual

Access Security Gateway

Access Security Gateway (ASG) prevents unauthorized access by requiring the use of the ASG Key for
logging into the system. The ASG Key can be:
•
a hand-held device, or
•
a software module you load on the PC you use for accessing the system.
Detailed Description
Authentication is successful only when Communication Manager and ASG communicate with a
compatible key. The challenge/response negotiation starts after establishing an RS-232 session and you
enter a valid Communication Manager login ID. The authentication transaction consists of a challenge,
issued by Communication Manager and based on the login ID entered by you, followed by the expected
response, again entered by you. The core of this transaction is a secret key, which is
information-possessed by both the lock (ASG) and the key. Interception of either the challenge or
response during transmission does not compromise the security of the system. The relevance of the
authentication token used to perform the challenge/response is limited to the current challenge/response
exchange (session).
NOTE:
ASG does not protect login access to a Multiple Application Platform for DEFINITY
(MAPD).
The supported key consists of a hand-held encryption-generating device (ASG Key). The key (response
generator) device is pre-programmed with the appropriate secret key to communicate with corresponding
ASG protected login IDs on Avaya Communication Manager.
The Avaya Products Security Handbook contains information about:
•
toll fraud and what you can do to prevent it.
•
methods people use to gain access to your system, how to detect toll fraud, and what to do if you
suspect that your system has been compromised.
•
security information for many Avaya products, so you can be sure that all of your
telecommunications equipment is secure.
•
security checklists for each of these products. You should go through these with your Avaya
representative for each piece of equipment you use.
Interactions
•
Customer Access to Initialization and Administration System (INADS) Port
If access to the INADS port is disabled on a system-wide basis, administering access to the
SYSAM-RMT or INADS port, through ASG, does not override the INADS port restriction.
Administration does not prohibit assignment of ASG to the SYSAM-RMT or INADS port.
However, in a configuration where this method of access is blocked, you will be denied access to
the system through the SYSAM-RMT or INADS port even if you attempt to access the port using
a valid ASG login ID.
If access to the INADS port has been disabled on a login basis, administering access to the
SYSAM-RMT or INADS port, via ASG, will not override the INADS port restriction.
Administrator's Guide for Avaya Communication Manager
November 2003
Feature Reference
Access Security Gateway
1347