Filter
Top Products
Issue 6 January 2008 227
Security
This chapter discusses the security design and features for Avaya Communication Manager,
and how to operate Avaya systems securely.
Note:
Note: Because this information is valuable both to those who want to protect the system
and to those who seek to “hack” into those systems, the information in this
section is deliberately incomplete. For example, we discuss the use of one-time
passwords for user authentication, but not the mechanism of how this feature
works.
Earlier systems did not interface with the data network and were neither susceptible to the types
of attacks that are prevalent on those networks, nor provided a gateway into such networks
from which an attack might be launched. With the convergence of voice (IP Telephony) and data
over corporate enterprise networks, this is no longer true.
The main topics included in this chapter are:
● Your security policy
● Avaya Communication Manager and Servers
● IP Telephony circuit pack security
● Toll fraud
For additional information about IP Telephony security, see Security Design and Implementation
for Avaya Voice over IP, 03-601973.
Your security policy
System security does not begin with the system itself, but with the people and the organizations
that operate or use the system. One of the most important tools for securing a system is to have
a written, published, and enforceable security policy. Your security policy should clearly address
these questions:
● What are you trying to protect?
● What are you protecting it from?
● How likely is a threat against these assets?