Suggestions for Installation and Configuration

Security

In VoIP, physical wire is replaced with an IP connection. The connection is more mobile. Unauthorized relocation of the IP telephone allows unauthorized users to send and receive calls as the valid owner. For further details on toll fraud, see the DEFINITY® or Avaya Communication Manager documents mentioned in Related Documents on page 15.

Any equipment on a data network, including a 4600 Series IP Telephone, can be the target of a Denial of Service attack. Usually, such an attack consists of flooding the network with so many messages that the equipment either:

spends so much time processing the messages that legitimate tasks are not processed, or

the equipment overloads and fails.

The 4600 Series IP Telephones cannot guarantee resistance to all Denial of Service attacks. However, each Release has increasing checks and protections to resist such attacks while maintaining appropriate service to legitimate users.

All 4600 Series IP Telephones that have WML Web applications and run R2.2 software support Transport Layer Security (TLS). This standard allows the phone to establish a secure connection to a HTTPS server, in which the phone’s upgrade and settings file can reside. This setup adds security over the TFTP alternative.

You also have a variety of optional capabilities to restrict or remove how crucial network information is displayed or used. These capabilities are covered in more detail in Chapter 4: Server Administration, and include:

As of Release 2.0, restricting the 4600 Series IP Telephone’s response to SNMP queries to only IP Addresses on a list you specify.

As of Release 2.0, specifying an SNMP community string for all SNMP messages sent by the telephone.

As of Release 1.8, restricting dialpad access to Local Administration Procedures, such as specifying IP Addresses, with a password.

Removing dialpad access to most Local Administration Procedures.

Restricting the end user’s ability to use a telephone Options application to view network data.

Issue 2.2 April 2005 33

Page 33
Image 33
Avaya 4600 manual Security