- 28 -
MAS administration and security
Application Administrator (AA)
The Application Administrator (AA) performs administrative functions that relate to the operation of applications on the MAS system, and can perform all operations within the MAS Console. The Application Administrator can install MAS software patches, but cannot access Event Viewer Security Logs.
Logon banners
A logon banner is a message screen that is displayed to users before a logon to the system is attempted.
The logon banner does the following:
•informs users that they are logging onto a secure and private system, and warns unauthorized users that unless they are authorized they should not proceed.
•warns both authorized and unauthorized users that they are subject to monitoring to detect unauthorized use.
A logon banner can be displayed to users before the login screen for the MAS platform is displayed. Using a logon banner is optional. The banner title and text values can be configured to display information for the system. The logon banner is configured with default values when system is installed. After installation, the customer is responsible for modifying the logon banner settings if the default banner is not sufficient for their system.
Remote Desktop Protocol
Existing administrative access to the MAS is accomplished using the Microsoft Remote Desktop Connection Client. This client is based on the Remote Desktop Protocol (RDP) that provides for separate virtual channels. IPSEC policy (with preshared key) is used to secure RDP. The RDP feature for MAS 6.0 for AS 5300 continues to leverage IPSEC policy, however replaces the preshared key with a TLS certificate
The following requirements apply to the MAS 6.0 for AS 5300 release:
•Management access control is restricted to a limited number of authorized IP addresses. The number of IP addresses must be equal to or less than the number of network administrators. A valid username and password is required for access to the MAS.
•A timeout feature, set to 15 minutes, is used to disconnect idle connections.
•Management ports that receive three consecutive failed logon attempts are unavailable for at least 60 seconds (port 3389 for RDP).
•Network connected management ports drop a connection or session that is interrupted for any reason within 15 seconds.
Nortel Media Application Server 6.0 for AS 5300
Fundamentals
Release 6.0 03 June 2008
Copyright © 2008, Nortel Networks