IP Telephony circuit pack security
Issue 3.4.1 June 2005
199
FTP
An FTP service exists, but is disabled by default. Communication Manager must enable the
FTP service, and only does so for firmware downloads. Once the FTP service is started,
Communication Manager initiates the client-side of the FTP protocol, and then transfers a new
firmware file to the IPSI. Once the transfer is complete, the FTP service is automatically
disabled. A 5-minute time-out is enforced to guard against cases where the firmware download
is started but terminated prematurely. When time-out occurs, the FTP service is disabled until a
new command from Communication Manager enables it again.
DHCP
In S8700 Multi-Connect systems only, the IPSI has the ability to receive its IP address
information from the S8700 server through DHCP. This DHCP service only runs on the control
network, and does not connect to a customer’s LAN. Avaya has also implemented mechanisms
for restricting this DHCP service, so that non-IPSIs do not receive an IP address and IPSIs do
not receive an address from a non-S8700 server.
Control link
In order to communicate with the S8700 server, the IPSI establishes a control link. This link is
encrypted through Triple-DES (3DES) by default, although AES is also available. The control
link is not open for communication to or from any other entity than the S8700 server.
TN2302 Media Processor (MedPro)
The TN2302 circuit pack is the interface to the audio gateway portion of IP Telephony. The
circuit pack:
●
Uses an isolated/proprietary operating system, so it is not susceptible to known viruses.
●
Runs independently of administrator traffic in order to maintain an isolated security
domain, protecting against attacks that exploit trusted relationships.
●
Establishes audio connections and only responds to a connection when a corresponding
signaling connection is established.
●
Successfully survives some Denial of Service (DoS) attacks, including SynFlood, and is
very resilient to flood-based attacks.
Because of the proprietary operating system, limited number of open ports, and reliance on
UDP sessions, the TN2302 is very secure, and is difficult to take out of service. Regardless, the
TN2302 is completely independent of the administration, maintenance, or reliability of the
Avaya Media Gateways, so it cannot be used a “jumping point” to the Media Gateways.
Summary of Contents for Application Solutions
Page 1: ...Avaya Application Solutions IP Telephony Deployment Guide 555 245 600 Issue 3 4 1 June 2005 ...
Page 20: ...About This Book 20 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 21: ...Issue 3 4 1 June 2005 21 Section 1 Avaya Application Solutions product guide ...
Page 22: ...22 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 106: ...Call processing 106 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 124: ...Avaya LAN switching products 124 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 139: ...Issue 3 4 1 June 2005 139 Section 2 Deploying IP Telephony ...
Page 140: ...140 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 186: ...Traffic engineering 186 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 204: ...Security 204 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 228: ...Avaya Integrated Management 228 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 274: ...Reliability and Recovery 274 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 275: ...Issue 3 4 1 June 2005 275 Section 3 Getting the IP network ready for telephony ...
Page 276: ...276 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 356: ...Network recovery 356 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 366: ...Network assessment offer 366 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 367: ...Issue 3 4 1 June 2005 367 Appendixes ...
Page 368: ...Appendixes 368 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 394: ...Access list 394 Avaya Application Solutions IP Telephony Deployment Guide ...
Page 414: ...DHCP TFTP 414 Avaya Application Solutions IP Telephony Deployment Guide ...