Nortel Networks NN44470-100 manual Ipsec configuration, Security tools

Page 29

- 29 -

MAS administration and security

RDP is separated from other traffic by using a virtual local area network (VLAN). A VLAN is added through the Broadcom Advanced Control Suite. A virtual adapter is created for each VLAN added. The VLAN for RDP is identified as the Management VLAN. The VLAN for all other network traffic is identified as the Service VLAN.

The only protocol assigned to the Mgmt VLAN in this release is RDP.

Only accept RDP connections on the Mgmt VLAN

IPSEC configuration

IPSec is used to encrypt and authenticate communications between servers. Each IPSec policy is made for both the source IP and for the destination.

There are three IPSec encryption algorithms available:

DES (56bit key)

AES (128bit key)

3DES (168bit key)

IPSec can be used to protect communications with servers outside of the trusted system.

For detailed information about configuring IPSec, see Media Application Server 6.0 for AS 5300 Commissioning (NN44470-301).

Security tools

This section details the security tools included with the MAS 6.0 for AS 5300 platform install. To preserve system security and file integrity, Nortel recommends that the security tools are run continuously or periodically by the onsite System Administrator to monitor potential security breaches.

Virus Protection using McAfee VirusScan Enterprise Edition 8.5

The virus protection software must be installed and configured to run automatically on a weekly basis on every server. The McAfee VirusScan Command Line Scanner software is included with the OS during installation and comes preconfigured to run a scheduled scan once per week and to scan the entire file system (excluding configured system directories) for potential problems due to viruses.

When a virus scan is completed, the status is reported to the system log. Any problems found are logged as critical in the system log and full details of the error are then placed in the security log. Any files with suspected virus infection are moved to a configured quarantine location. It is the responsibility of a System Security Administrator to remove these files manually.

Nortel Media Application Server 6.0 for AS 5300

Fundamentals

NN44470-100 01.01 Standard

Release 6.0 03 June 2008

Copyright © 2008, Nortel Networks

Page 28 Page 30
Image 29
Page 28 Page 30
Contents Fundamentals Page Contents Nortel MAS Console New in this release FeaturesNavigation Other changesIntroduction Architecture and supported hardware and software MAS installationSystem architecture Network architectureVxml browser Session controllerSIP Multimedia Conductor Sipmc Multimedia ControllerMAS installation Multimedia Content StoreIVR media processor Ivrmp Conference media processorOptions for MAS application deployment Music On Hold Application deployment optionsAnnouncements Unified CommunicationsCo-resident deployment Maintenance ReleasesCo-resident Application Deployment including Meet Me Co-resident Application Deployment excluding Meet MeMAS commissioning Packaged application installation and licensingAS 5300 commissioning for MAS Packaged applicationsOperational state Configuration dataMAS clusters Persistent content storage Controller Peer Ring SIP domains SIP signalingSIP properties SIP trusted nodes SIP accountsSIP routes SIP proxy serversSIP registrar servers Media conferencingBasic conferencing algorithm Premium conferencing algorithmMixing different codecs Audio codecs Media settingsVideo codecs Digit relayConferencing Quality of ServiceQoS properties Property Description RSS provider Continuous streamingDirectory provider RSS 2.0 sample document Access security setup MAS administration and securitySecurity Auditor SA User accountsLogon banners Application Administrator AARemote Desktop Protocol Security tools Ipsec configurationFile system integrity and the fcheck tool Certificate managementService data Service and configuration data backupAutomatic and manual backups Restrictions Backup of configuration dataService data Content Store data Event logs System maintenanceBackups MAS performance management Polling management data MAS fault managementFault management architecture Supported MIBs Snmp managementEvent logs SyslogField Description Security LogsMAS Console security logs AlarmsField Description Generic Counters & Gauges Nortel MAS ConsoleIP Interfaces Nortel MAS ConsoleMedia Settings SignalingAdvanced Settings LoggingDialog boxes Configuration propertiesTranslation properties Translation Properties dialog box SIP Domain Properties dialog box SIP domain propertiesSIP account properties SIP route properties SIP Trusted Nodes propertiesModify SIP Route dialog box Audio codec configuration Video codec configuration Video Codec Configuration dialog box Digit relay configuration Users properties User Properties dialog box Terminology Dual-tone multi-frequency Differentiated Services Code PointManagement Information Base Media Application ServerSession Description Protocol Redundant Array of Independent DisksSession Information Protocol Simple Network Management ProtocolUser Datagram Protocol Universal Resource IndicatorVideo codec Voice Extensible Markup LanguagePage Fundamentals
Top Page Image Contents