Table of Contents
Advertisement
Security
This chapter discusses the security design and features for Avaya Communication Manager,
and how to operate Avaya systems securely.
Note:
Because this information is valuable both to those who want to protect the system
Note:
and to those who seek to "hack" into those systems, the information in this
section is deliberately incomplete. For example, we discuss the use of one-time
passwords for user authentication, but not the mechanism of how this feature
works.
Earlier systems did not interface with the data network and were neither susceptible to the types
of attacks that are prevalent on those networks, nor provided a gateway into such networks
from which an attack might be launched. With the convergence of voice (IP Telephony) and data
over corporate enterprise networks, this is no longer true.
The main topics included in this chapter are:
Your security policy
Avaya Communication Manager and Media Servers
IP Telephony circuit pack security
Toll fraud
Your security policy
System security does not begin with the system itself, but with the people and the organizations
that operate or use the system. One of the most important tools for securing a system is to have
a written, published, and enforceable security policy. Your security policy should clearly address
these questions:
What are you trying to protect?
What are you protecting it from?
How likely is a threat against these assets?
Issue 3.4.1 June 2005
187
Advertisement
Table of Contents
