Filter
Top Products
Overview of Voice over IP (VoIP) and Network Protocols
44 4600 Series IP Telephone LAN Administrator Guide
Security
In VoIP, physical wire is replaced with an IP connection. The connection is more mobile.
Unauthorized relocation of the IP telephone allows unauthorized users to send and receive calls
as the valid owner. For further details on toll fraud, see the DEFINITY
®
or Avaya
Communication Manager documents mentioned in Related Documents
on page 18.
Any equipment on a data network, including a 4600 Series IP Telephone, can be the target of a
Denial of Service attack. Usually, such an attack consists of flooding the network with so many
messages that the equipment either:
● spends so much time processing the messages that legitimate tasks are not processed, or
● the equipment overloads and fails.
The 4600 Series IP Telephones cannot guarantee resistance to all Denial of Service attacks.
However, each Release has increasing checks and protections to resist such attacks while
maintaining appropriate service to legitimate users.
All 4600 Series IP Telephones that have WML Web applications and run R2.2 or greater
software support Transport Layer Security (TLS). This standard allows the telephone to
establish a secure connection to a HTTPS server, in which the telephone’s upgrade and
settings file can reside. This setup adds security over the TFTP alternative.
You also have a variety of optional capabilities to restrict or remove how crucial network
information is displayed or used. These capabilities are covered in more detail in
Chapter 4:
Server Administration, and include:
● As of Release 2.6, SNMP is disabled by default. You must enable SNMP through DHCP or
the 46xxsettings file.
● As of Release 2.6, the 4602SW+, 4610SW, 4620SW, 4621SW, and 4622SW IP
Telephones support IEEE 802.1X as a Supplicant with the EAP-MD5 authentication
method. The modes supported are as follows:
- Unicast Supplicant operation only with PAE multicast pass-through, with and without
proxy Logoff, and
- Unicast or multicast Supplicant operation without PAE multicast pass-through or proxy
Logoff.
Note:
Note: The 4601 and 4601+ IP Telephones do not support 802.1X as a Supplicant.
● As of Release 2.3, 4600 Series H.323 IP Telephones support signaling channel encryption
while registering, and when registered, with appropriately administered Avaya Media
Servers.
● As of Release 2.0, a 4600 Series IP Telephone’s response to SNMP queries is restricted to
only IP addresses on a list you specify.