Security - Avaya 4600 Series Administrator's Manual

Ip telephone

Hide thumbs Also See for 4600 Series:

Installation manual (344 pages)

Administrator's manual (188 pages)

Connecting (14 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

Table of Contents

Overview of Voice over IP (VoIP) and Network Protocols

Security

In VoIP, physical wire is replaced with an IP connection. The connection is more mobile.

Unauthorized relocation of the IP telephone allows unauthorized users to send and receive calls

as the valid owner. For further details on toll fraud, see the DEFINITY

Communication Manager documents mentioned in

Any equipment on a data network, including a 4600 Series IP Telephone, can be the target of a

Denial of Service attack. Usually, such an attack consists of flooding the network with so many

messages that the equipment either:

spends so much time processing the messages that legitimate tasks are not processed, or

●

the equipment overloads and fails.

●

The 4600 Series IP Telephones cannot guarantee resistance to all Denial of Service attacks.

However, each Release has increasing checks and protections to resist such attacks while

maintaining appropriate service to legitimate users.

All 4600 Series IP Telephones that run R2.2 or greater software support Transport Layer

Security (TLS). This standard allows the telephone to establish a secure connection to a HTTPS

server, in which the telephone's upgrade and settings file can reside. This setup adds security

over the TFTP alternative.

You also have a variety of optional capabilities to restrict or remove how crucial network

information is displayed or used. These capabilities are covered in more detail in

Chapter 4: Server

As of Release 2.8, 4600 Series IP Telephones use IP source address filtering to improve

●

their resiliency to denial of service attacks when only services that require messages from

known IP Addresses are enabled (i.e., when ICMPDU is 0, where RTCPMON is null, when

CNASRVR is null, when CTISTAT is 0, and when SNMPSTRING is null or when

SNMPSTRING and SNMPADDR are both non-null).

Additional IP source addresses can be explicitly excluded from filtering, if necessary,

through use of the

As of Release 2.8, 4600 Series IP Telephones require that any DNS names used as

●

values of TPSLIST be fully-qualified to improve the security of the Push feature. For more

details on the Push feature,

As of Release 2.8, 4600 Series IP Telephones support IETF RFC 1948 (Defending Against

●

Sequence Number Attacks).

As of Release 2.7, the 4602SW+ and 4625SW IP Telephones support IEEE 802.1X as a

●

Supplicant with the EAP-MD5 authentication method. The functionality is identical to other

4600 Series SW IP Telephones supporting this feature.

46 4600 Series IP Telephone LAN Administrator Guide

Administration, and include:

FILTERLIST

parameter, which is also new in Release 2.8.

Appendix E: The Push

or Avaya

Security - Avaya 4600 Series Administrator's Manual

Security

Troubleshooting

Related Manuals for Avaya 4600 Series

Related Content for Avaya 4600 Series

Table of Contents