Avaya Communication Manager and Servers
Data encryption
Attacks against a system are not limited to attempts to find holes in the access structure. Avaya servers store backup copies of critical configuration information, including authentication and account information, on external systems. If this information is stored in clear text, and the file server on which it is stored is compromised, the servers also can be compromised. S8700 and S8300 servers can encrypt all backup data, and thus make use of the data impossible, even if access to it is possible. The user is responsible for remembering the encryption key, because Avaya cannot assist you if you forget it. Avaya also cryptographically signs all new software or firmware media to prevent malicious modification in transit. If the system detects a modification, the installation is aborted.
LAN isolation configurations
S8700 with Avaya MCC1 or
SCC1 Media Gateways
An Avaya
●Each Avaya
-The two control LANs are only used to connect between the servers and the port networks (PNs). These two LANs must be private LANs, and carry no other traffic.
-The duplication interface is a
-The laptop computer interface is a
-The enterprise LAN is used for administration and time synchronization. Telephony traffic does not use this LAN. However, in this case, it is possible to subvert this security measure by interconnecting the enterprise LAN NIC with one of the other LANs shown.
●PNs contain additional Ethernet interfaces.
Figure 72: Avaya S8700-series Server with an Avaya MCC1 or an SCC1 Media Gateway on page 234 shows the different LANs that are possible on an S8700-series Server that is configured with Avaya MCC1 or SCC1 Media Gateways along with some of the common adjuncts. The enterprise LAN, adjunct LANs, and agent's LAN can all be connected together to form one network. Or these LANs can be kept physically separate for either traffic reasons or security reasons.
Issue 6 January 2008 233
