Security
190 Avaya Application Solutions IP Telephony Deployment Guide
Avaya capitalizes on Linux’ security advantage
The Avaya S8700 and S8300 Media Servers run under the Linux operating system that has two
important security features:
●
Built-in protection against certain types of Denial of Service (DOS) attack, such as SYN
floods, ping floods, malformed packets, oversized packets, sequence number spoofing,
ping/finger of death, etc. Attacks are recognized at the lower levels of the software and
their effect is blunted. (It is not possible for a target system to always provide service
during a DOS attack. Rather, the protection is to automatically resume service as soon as
the attack is removed.)
●
The Linux kernel is compiled with a set of options to precisely tailor its operation to
maximize security consistent with required operation of the system. These include a
number of built-in firewall and filtering options. All file and directory permissions are set to
minimize access as much as possible consistent with proper system operation. The disk
drives of the S8700 and the S8300 servers contain multiple partitions, each of which is
restricted according to the type of data that it contains. All unneeded services are disabled
either permanently or through administration for those services. Disabled services and
capabilities include NFS, SMB, X-windows, rcp, rlogin, and rexec. The system
administrator has additional control of which services are visible from the multiple Ethernet
interfaces that are connected to the enterprise LAN. Other Ethernet interfaces are
permanently configured to restrict services.
One-time passwords
Standard login accounts use static passwords that can be used multiple times to log in to a
system. Anyone who can monitor the login messages can also capture passwords, and use the
passwords to gain access. You can administer the S8700 and the S8300 servers for one-time
passwords that have a fixed-user name but not a fixed password. In this case, users must
supply a unique, one-time password for each session, and even if the password is
compromised, it cannot be reused. When a system is covered by an Avaya service contract, all
logins that are accessed by Avaya Services technicians are protected by one-time passwords.
Shell access
Access to a “shell” from which arbitrary commands can be executed is not granted by default to
a login on an S8700 or an S8300 server. When a login is created, the system administrator can
specify whether or not the account is permitted to have shell access. Accounts that are denied
shell access can either log in to an Avaya Communication Manager administration screen or a
Web page upon successful login. In both cases, the operations that these logins can perform
are restricted. Generally, only people who perform hardware maintenance or software
maintenance on the server need shell access permissions administered in their login accounts.
Содержание Application Solutions
Страница 1: ...Avaya Application Solutions IP Telephony Deployment Guide 555 245 600 Issue 3 4 1 June 2005 ...
Страница 20: ...About This Book 20 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 21: ...Issue 3 4 1 June 2005 21 Section 1 Avaya Application Solutions product guide ...
Страница 22: ...22 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 74: ...Avaya Application Solutions platforms 74 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 106: ...Call processing 106 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 124: ...Avaya LAN switching products 124 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 139: ...Issue 3 4 1 June 2005 139 Section 2 Deploying IP Telephony ...
Страница 140: ...140 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 186: ...Traffic engineering 186 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 204: ...Security 204 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 214: ...Voice quality network requirements 214 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 228: ...Avaya Integrated Management 228 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 239: ...Reliability Issue 3 4 1 June 2005 239 Figure 69 S8700 Media Server in a high reliability configuration ...
Страница 274: ...Reliability and Recovery 274 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 275: ...Issue 3 4 1 June 2005 275 Section 3 Getting the IP network ready for telephony ...
Страница 276: ...276 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 350: ...Implementing Communication Manager on a data network 350 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 356: ...Network recovery 356 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 366: ...Network assessment offer 366 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 367: ...Issue 3 4 1 June 2005 367 Appendixes ...
Страница 368: ...Appendixes 368 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 394: ...Access list 394 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 414: ...DHCP TFTP 414 Avaya Application Solutions IP Telephony Deployment Guide ...