- 29 -

MAS administration and security

RDP is separated from other traffic by using a virtual local area network (VLAN). A VLAN is added through the Broadcom Advanced Control Suite. A virtual adapter is created for each VLAN added. The VLAN for RDP is identified as the Management VLAN. The VLAN for all other network traffic is identified as the Service VLAN.

The only protocol assigned to the Mgmt VLAN in this release is RDP.

Only accept RDP connections on the Mgmt VLAN

IPSEC configuration

IPSec is used to encrypt and authenticate communications between servers. Each IPSec policy is made for both the source IP and for the destination.

There are three IPSec encryption algorithms available:

DES (56bit key)

AES (128bit key)

3DES (168bit key)

IPSec can be used to protect communications with servers outside of the trusted system.

For detailed information about configuring IPSec, see Media Application Server 6.0 for AS 5300 Commissioning (NN44470-301).

Security tools

This section details the security tools included with the MAS 6.0 for AS 5300 platform install. To preserve system security and file integrity, Nortel recommends that the security tools are run continuously or periodically by the onsite System Administrator to monitor potential security breaches.

Virus Protection using McAfee VirusScan Enterprise Edition 8.5

The virus protection software must be installed and configured to run automatically on a weekly basis on every server. The McAfee VirusScan Command Line Scanner software is included with the OS during installation and comes preconfigured to run a scheduled scan once per week and to scan the entire file system (excluding configured system directories) for potential problems due to viruses.

When a virus scan is completed, the status is reported to the system log. Any problems found are logged as critical in the system log and full details of the error are then placed in the security log. Any files with suspected virus infection are moved to a configured quarantine location. It is the responsibility of a System Security Administrator to remove these files manually.

Nortel Media Application Server 6.0 for AS 5300

Fundamentals

NN44470-100 01.01 Standard

Release 6.0 03 June 2008

Copyright © 2008, Nortel Networks

Page 29
Image 29
Nortel Networks NN44470-100 manual Ipsec configuration, Security tools