- 30 -
MAS administration and security
The default scheduled time for a scan to run is on Sundays at 4:22 AM. A script is provided to allow the configuration of a different day and time for when the scan is executed, or to disable automatic scanning entirely if this is desired. Scanning the entire file system (excluding configured system directories) takes at least 20 minutes under no load. This should be taken into account when determining the day and time when the scanner is to be run.
Retrieving the latest virus definition files from McAfee and manually loading them on the system is the responsibility of the onsite System Security Administrator.
File system integrity and the fcheck tool
The file system integrity security tool allows an System Security Administrator create a baseline of cryptographic hashes for a subset of files on the file system. Once a baseline is created, future baselines can then be compared against previous baselines to give the System Security Administrator an indication of what files have changed on the system since the last time the tool was run. Depending on which files were changed, added, or deleted since the last baseline was taken, the System Security Administrator can determine whether or not a security breach has occurred.
The file system integrity tool fcheck is the baselining tool used in this process, and is included with the OS installation. The fcheck tool must be run manually by an onsite System Security Administrator and must not be scheduled to run automatically by the system. The System Security Administrator must determine how frequently (weekly, for example) and under what conditions a baseline should be taken.
The purpose of the file security integrity tool is to track files that should not change very often. The tool allows a list of excluded directories and files to be used.
Usage instructions and documentation are included in the default directory location (C:\fcheck).
Certificate management
MAS 6.0 for AS 5300 uses the X.509 certificate type, that contains the public key for a server and a signature from the certification authority (CA). A certification authority is a trusted entity that issues, renews, and revokes certificates.
A server uses a certificate to identify itself. A TLS or SSL connection or an IPSec channel between two servers is established after two servers exchange certificates and authentication is completed when the certificates are verified.
Nortel Media Application Server 6.0 for AS 5300
Fundamentals
Release 6.0 03 June 2008
Copyright © 2008, Nortel Networks
