
- 29 -
MAS administration and security
•RDP is separated from other traffic by using a virtual local area network (VLAN). A VLAN is added through the Broadcom Advanced Control Suite. A virtual adapter is created for each VLAN added. The VLAN for RDP is identified as the Management VLAN. The VLAN for all other network traffic is identified as the Service VLAN.
•The only protocol assigned to the Mgmt VLAN in this release is RDP.
•Only accept RDP connections on the Mgmt VLAN
IPSEC configuration
IPSec is used to encrypt and authenticate communications between servers. Each IPSec policy is made for both the source IP and for the destination.
There are three IPSec encryption algorithms available:
•DES (56bit key)
•AES (128bit key)
•3DES (168bit key)
IPSec can be used to protect communications with servers outside of the trusted system.
For detailed information about configuring IPSec, see Media Application Server 6.0 for AS 5300 Commissioning
Security tools
This section details the security tools included with the MAS 6.0 for AS 5300 platform install. To preserve system security and file integrity, Nortel recommends that the security tools are run continuously or periodically by the onsite System Administrator to monitor potential security breaches.
Virus Protection using McAfee VirusScan Enterprise Edition 8.5
The virus protection software must be installed and configured to run automatically on a weekly basis on every server. The McAfee VirusScan Command Line Scanner software is included with the OS during installation and comes preconfigured to run a scheduled scan once per week and to scan the entire file system (excluding configured system directories) for potential problems due to viruses.
When a virus scan is completed, the status is reported to the system log. Any problems found are logged as critical in the system log and full details of the error are then placed in the security log. Any files with suspected virus infection are moved to a configured quarantine location. It is the responsibility of a System Security Administrator to remove these files manually.
Nortel Media Application Server 6.0 for AS 5300
Fundamentals
Release 6.0 03 June 2008
Copyright © 2008, Nortel Networks