Security
188 Avaya Application Solutions IP Telephony Deployment Guide
What are you trying to protect?
The security policy usually attempts to protect information, whether the information is in the
form of data (files) or conversations (digitized voice packets). Customers should assess the
value of those assets that require protection, and compare the true costs of security to the value
of those assets.
What are you protecting it from?
Most often, criminals, who are also called “hackers,” pose a significant threat to secure
information. However, do not forget to look internally. A significant number of attacks come from
within an enterprise. Your security policy should include rules about behavior, the
consequences of bad behavior, a path of escalation, and a person to contact with regard to
security issues.
How likely is a threat against these assets?
Security is always a trade-off. The more security, the more inconvenience and the more cost. To
avoid the necessary inconvenience, some users are likely to subvert the security policy. For
example, if you make passwords so complex so that the passwords are difficult to remember,
people will write the passwords down. Users prefer easy access without security. Having to log
on is inconvenient. However, everyone must endure some level of inconvenience if the system
is going to be secure against attacks. The security policy must define this level of inconvenience
to ensure that the security polity is not circumvented. In addition, management must support the
policy, and establish clear rules for its enforcement, including the consequences for violating it.
A security policy that does not establish consequences for violations quickly becomes
irrelevant.
Recommendations for your security policy
Avaya recommends that you continuously review your security policy, and keep up with new
threats and to make improvements each time a weakness is found. To effectively support your
security policy, your company must allocate long-term resources to the development,
implementation, and reassessment of the policy.
Summary of Contents for Application Solutions
Page 1: ...Avaya Application Solutions IP Telephony Deployment Guide 555 245 600 Issue 3 4 1 June 2005 ...
Page 20: ...About This Book 20 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 21: ...Issue 3 4 1 June 2005 21 Section 1 Avaya Application Solutions product guide ...
Page 22: ...22 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 106: ...Call processing 106 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 124: ...Avaya LAN switching products 124 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 139: ...Issue 3 4 1 June 2005 139 Section 2 Deploying IP Telephony ...
Page 140: ...140 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 186: ...Traffic engineering 186 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 204: ...Security 204 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 228: ...Avaya Integrated Management 228 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 274: ...Reliability and Recovery 274 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 275: ...Issue 3 4 1 June 2005 275 Section 3 Getting the IP network ready for telephony ...
Page 276: ...276 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 356: ...Network recovery 356 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 366: ...Network assessment offer 366 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 367: ...Issue 3 4 1 June 2005 367 Appendixes ...
Page 368: ...Appendixes 368 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 394: ...Access list 394 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 414: ...DHCP TFTP 414 Avaya Application Solutions IP Telephony Deployment Guide ...