Snmpv3 Support; Other Security Equipment - Avaya 8800 Planning And Engineering

SNMPv3 support

SNMP version 1 and version 2 are not secure because communities are not encrypted.
Avaya recommends that you use SNMP version 3. SNMPv3 provides stronger authentication
services and the encryption of data traffic for network management.

Other security equipment

Avaya offers other devices that increase the security of your network.
For sophisticated state-aware packet filtering (Real Stateful Inspection), you can add an
external firewall to the architecture. State-aware firewalls can recognize and track application
flows that use not only static TCP and UDP ports, like Telnet or http, but also applications that
create and use dynamic ports, such as FTP, and audio and video streaming. For every packet,
the state-aware firewall finds a matching flow and conversation.
The following figure shows a typical configuration used in firewall load balancing.
Figure 128: Firewall load balancing configuration
Use this configuration to redirect incoming and outgoing traffic to a group of firewalls and to
automatic load balance across multiple firewalls. The WSM can also filter packets at the ingress
port so that firewalls see only relevant packets.The benefits of such a configuration are:
• increased firewall performance
• reduced response time
• redundant firewalls ensure Internet access
Virtual private networks (VPN) replace the physical connection between the remote client and
access server with an encrypted tunnel over a public network. VPN technology employs IP
Security (IPSec) and Secure Sockets Layer (SSL) services.
Several Avaya products support IPSec and SSL. Contivity and the Services Edge Router
support IPSEC. Contivity supports up to 5000 IPSEC tunnels, and scales easily to support
operational requirements. The Services Edge Router can support up to 30 000 tunnels.
Planning and Engineering — Network Design
Control plane security
November 2010 271