Table of Contents
Advertisement
Data encryption
Attacks against a system are not limited to attempts to find holes in the access structure. Avaya
S8700 and S8300 servers store backup copies of critical configuration information, including
authentication and account information, on external systems. If this information is stored in clear
text, and the file server on which it is stored is compromised, the servers also can be
compromised. S8700 and S8300 servers can encrypt all backup data, and thus make use of the
data impossible, even if access to it is possible. The user is responsible for remembering the
encryption key, because Avaya cannot assist you if you forget it. Avaya also cryptographically
signs all new software or firmware media to prevent malicious modification in transit. If the
system detects a modification, the installation is aborted.
LAN isolation configurations
S8700 with Avaya MCC1 or
SCC1 Media Gateways
An Avaya S8700 Media Server contains multiple Ethernet Network Interfaces (NICs):
Each Avaya S8700 Media Server with Avaya MCC1 or SCC1 Media Gateway has five
Ethernet interfaces (NICs), each dedicated to these specific functions:
- The two control LANs are only used to connect between the servers and the port
networks (PNs). These two LANs must be private LANs, and carry no other traffic.
- The duplication interface is a point-to-point LAN that is only used to send information
between the two servers.
- The laptop computer interface is a point-to-point LAN that is used only for local
administration and carries no other type of traffic.
- The enterprise LAN is used for administration and time synchronization. Telephony traffic
does not use this LAN. However, in this case, it is possible to subvert this security
measure by interconnecting the enterprise LAN NIC with one of the other LANs shown.
PNs contain additional Ethernet interfaces.
Figure 63: Avaya S8700 Media Server with an Avaya MCC1 or an SCC1 Media Gateway
page 194 shows the different LANs that are possible on an S8700 server that is configured with
Avaya MCC1 or SCC1 Media Gateways along with some of the common adjuncts. The
enterprise LAN, adjunct LANs, and agent's LAN can all be connected together to form one
network. Or these LANs can be kept physically separate for either traffic reasons or security
reasons.
Avaya Communication Manager and Media Servers
Issue 3.4.1 June 2005
on
193
Advertisement
Table of Contents
