Nortel Networks NN44470-100 Certificate management, File system integrity and the fcheck tool

Page 30

- 30 -

MAS administration and security

The default scheduled time for a scan to run is on Sundays at 4:22 AM. A script is provided to allow the configuration of a different day and time for when the scan is executed, or to disable automatic scanning entirely if this is desired. Scanning the entire file system (excluding configured system directories) takes at least 20 minutes under no load. This should be taken into account when determining the day and time when the scanner is to be run.

Retrieving the latest virus definition files from McAfee and manually loading them on the system is the responsibility of the onsite System Security Administrator.

File system integrity and the fcheck tool

The file system integrity security tool allows an System Security Administrator create a baseline of cryptographic hashes for a subset of files on the file system. Once a baseline is created, future baselines can then be compared against previous baselines to give the System Security Administrator an indication of what files have changed on the system since the last time the tool was run. Depending on which files were changed, added, or deleted since the last baseline was taken, the System Security Administrator can determine whether or not a security breach has occurred.

The file system integrity tool fcheck is the baselining tool used in this process, and is included with the OS installation. The fcheck tool must be run manually by an onsite System Security Administrator and must not be scheduled to run automatically by the system. The System Security Administrator must determine how frequently (weekly, for example) and under what conditions a baseline should be taken.

The purpose of the file security integrity tool is to track files that should not change very often. The tool allows a list of excluded directories and files to be used.

Usage instructions and documentation are included in the default directory location (C:\fcheck).

Certificate management

MAS 6.0 for AS 5300 uses the X.509 certificate type, that contains the public key for a server and a signature from the certification authority (CA). A certification authority is a trusted entity that issues, renews, and revokes certificates.

A server uses a certificate to identify itself. A TLS or SSL connection or an IPSec channel between two servers is established after two servers exchange certificates and authentication is completed when the certificates are verified.

Nortel Media Application Server 6.0 for AS 5300

Fundamentals

NN44470-100 01.01 Standard

Release 6.0 03 June 2008

Copyright © 2008, Nortel Networks

Page 29 Page 31
Image 30
Page 29 Page 31
Contents Fundamentals Page Contents Nortel MAS Console Navigation FeaturesNew in this release Other changesIntroduction System architecture MAS installationArchitecture and supported hardware and software Network architectureSIP Multimedia Conductor Sipmc Session controllerVxml browser Multimedia ControllerIVR media processor Ivrmp Multimedia Content StoreMAS installation Conference media processorOptions for MAS application deployment Announcements Application deployment optionsMusic On Hold Unified CommunicationsCo-resident Application Deployment including Meet Me Maintenance ReleasesCo-resident deployment Co-resident Application Deployment excluding Meet MeAS 5300 commissioning for MAS Packaged application installation and licensingMAS commissioning Packaged applicationsConfiguration data MAS clustersOperational state Persistent content storage Controller Peer Ring SIP signaling SIP propertiesSIP domains SIP routes SIP accountsSIP trusted nodes SIP proxy serversBasic conferencing algorithm Media conferencingSIP registrar servers Premium conferencing algorithmMixing different codecs Video codecs Media settingsAudio codecs Digit relayQuality of Service ConferencingQoS properties Property Description Continuous streaming Directory providerRSS provider RSS 2.0 sample document MAS administration and security Access security setupUser accounts Security Auditor SAApplication Administrator AA Remote Desktop ProtocolLogon banners Ipsec configuration Security toolsCertificate management File system integrity and the fcheck toolService and configuration data backup Automatic and manual backupsService data Backup of configuration data Service data Content Store dataRestrictions System maintenance BackupsEvent logs MAS performance management MAS fault management Fault management architecturePolling management data Snmp management Supported MIBsSyslog Event logsSecurity Logs Field DescriptionAlarms MAS Console security logsField Description Generic Nortel MAS Console Counters & GaugesNortel MAS Console IP InterfacesAdvanced Settings SignalingMedia Settings LoggingConfiguration properties Dialog boxesTranslation properties Translation Properties dialog box SIP domain properties SIP Domain Properties dialog boxSIP account properties SIP Trusted Nodes properties SIP route propertiesModify SIP Route dialog box Audio codec configuration Video codec configuration Video Codec Configuration dialog box Digit relay configuration Users properties User Properties dialog box Terminology Management Information Base Differentiated Services Code PointDual-tone multi-frequency Media Application ServerSession Information Protocol Redundant Array of Independent DisksSession Description Protocol Simple Network Management ProtocolVideo codec Universal Resource IndicatorUser Datagram Protocol Voice Extensible Markup LanguagePage Fundamentals
Top Page Image Contents