Establishing security

Active-FTP is beneficial to the FTP server administrator, but detrimental to the client side adman. If the FTP server attempts to make connections to random high ports on the client, these packets would almost certainly be blocked by a firewall on the client side. Passive-FTP is beneficial to the client, but detrimental to the FTP server adman. Even if the client makes both connections to the server, the one random high port would almost certainly be blocked by a firewall on the server side. Typically, administrators running FTP servers will need to make their servers accessible to the greatest number of clients, so they will almost certainly need to support passive-FTP. Applications do not consistently use passive-FTP or active-FTP. Modern FTP clients and Internet browsers support a variety of choices.

There are additional problems when the FTP client and FTP server are located on opposite sides of a NAT gateway. Active-FTP clients attempting to gain access to FTP servers from behind a NAT gateway will fail because the data connection received from the FTP server has no address mapping. For example, FTP server attempts to connect to external address of NAT gateway.

Security Gateways and FTP

Two different approaches are available for supporting FTP within the SG environment. One allows the administrator to individually manage each control/data connection through the firewall (FTP-Ctrl, Active-FTP, Passive-FTP services). The other, recommended, uses the FTP-Proxy service.

The first approach allows the administrator to restrict the direction, inbound/outbound, and types of allowed FTP traffic, but does have the potential to expose a large number of ports behind the firewall to outside snooping. An example of a fairly safe configuration would be that of allowing FTP clients on the private zone network to perform passive-FTP. For example, two outbound firewall permit rules, one for FTP-Ctrl and the other for Passive-FTP. Both control and data connection are initiated from within the protected network. An unsafe configuration would be to allow unprotected, external, FTP servers to initiate Active-FTP connections (one outbound FTP-Ctrl firewall permit rule, and one inbound Active-FTP firewall permit rule); in this case Active-FTP allows the full range of ports within the protected network to be accessed by the outside network.

FTP-Proxy service can be incorporated into a firewall rule to concurrently support both passive/ active-FTP for protected FTP clients or FTP servers. Configuring an FTP-Proxy rule actually creates one firewall rule to allow the initial FTP control connection and a second redirection rule for the FTP control channel. Upon receiving FTP traffic, the proxy intercepts the control channel exchanges and discovers the type of data connection to be established. It then dynamically creates the appropriate firewall pinhole rule to restrict the protected network ports to which a data connection can be established. The firewall pinholes are removed within a short period of time after the data connection. Thus, FTP-Proxy significantly improves network security as compared to the Passive-FTP (protected FTP server) or Active-FTP (protected FTP client) service cases. It is important to remember that the FTP-Proxy service is applied to a specific zone interface. If network address translation or filter rules are applied to other zone interfaces on the SG that are the source or destination of the FTP traffic, these rules can impact the ability of the proxy to function.

168 Avaya VPNmanager Configuration Guide Release 3.7

Page 168
Image 168
Avaya 3.7 manual Security Gateways and FTP

3.7 specifications

Avaya 3.7 represents a significant evolution in unified communications technology, designed to enhance collaboration and streamline communication workflows for organizations of all sizes. As a cornerstone of Avaya's offerings, this version incorporates a range of features and improvements that cater to contemporary business needs, emphasizing flexibility, reliability, and seamless integration.

One of the most notable features of Avaya 3.7 is its robust call management capabilities. The platform allows users to manage calls effectively through a user-friendly interface, enabling intuitive functionalities such as drag-and-drop call handling, call forwarding, and conference calling. These features help employees stay connected, facilitating better communication and teamwork across departments.

In terms of mobility, Avaya 3.7 supports mobile applications that allow users to access the system remotely. This is particularly advantageous for businesses with a workforce that relies on remote or hybrid work models. The mobile integration ensures users can make and receive calls, check voicemail, and manage their schedules directly from their smartphones, maintaining productivity regardless of location.

The system also embraces advanced collaboration tools, such as video conferencing and instant messaging. These features promote a more dynamic interaction environment, fostering real-time communication among team members. Video conferencing capabilities allow for high-definition video quality and reliable connectivity, making virtual meetings more engaging and effective.

Security is another critical characteristic of Avaya 3.7. The platform includes enhanced encryption protocols to protect sensitive communications and ensure data integrity. With cybersecurity remaining a top concern for businesses, Avaya has prioritized the security of its communications solutions, safeguarding organizations' information against potential threats.

Furthermore, Avaya 3.7 benefits from the incorporation of AI and analytics. These technologies provide businesses with valuable insights into communication patterns and user behavior, enabling them to optimize their processes. The analytics can help identify areas for improvement and drive informed decision-making, thus enhancing overall efficiency.

Interoperability with existing systems is another hallmark of Avaya 3.7. The platform easily integrates with various applications and services, allowing businesses to leverage their current technology investments and create a cohesive communication ecosystem.

In summary, Avaya 3.7 stands out as a comprehensive communication solution that addresses the modern demands of the workplace. With its advanced call management features, mobility support, collaboration tools, strong security measures, and integration capabilities, Avaya 3.7 positions itself as a vital asset for organizations aiming to enhance their communication strategies and drive business success.