Security
This chapter discusses the security design and features for Avaya Communication Manager, and how to operate Avaya systems securely.
Note:
Because this information is valuable both to those who want to protect the system and to those who seek to “hack” into those systems, the information in this section is deliberately incomplete. For example, we discuss the use of
Earlier systems did not interface with the data network and were neither susceptible to the types of attacks that are prevalent on those networks, nor provided a gateway into such networks from which an attack might be launched. With the convergence of voice (IP Telephony) and data over corporate enterprise networks, this is no longer true.
The main topics included in this chapter are:
●Your security policy
●Avaya Communication Manager and Servers
●IP Telephony circuit pack security
●Toll fraud
For additional information about IP Telephony security, see Security Design and Implementation for Avaya Voice over IP,
Your security policy
System security does not begin with the system itself, but with the people and the organizations that operate or use the system. One of the most important tools for securing a system is to have a written, published, and enforceable security policy. Your security policy should clearly address these questions:
●What are you trying to protect?
●What are you protecting it from?
●How likely is a threat against these assets?
Issue 6 January 2008 227