|
|
|
|
|
The following is a summary of the security enhancements introduced in Avaya Interactive Response Release 2.0:
The use of Solaris 10 as an OS provides additional security enhancements like password encryption, a cryptographic framework for data security, and improved user rights management. The use of Secure Shell (SSH) on Solaris 10 provides you with the ability to run Secure File Transfer Protocol (SFTP) service. The SFTP service is similar to File transfer Protocol (FTP), but performs all operations over an encrypted SSH transport link, thus gaining the features of public key encryption and compression. SSH is a secure replacement for Telnet, rlogin, rcp, rsh and provides secured TCP tunnels.
The SFTP service, in the context of Avaya IVR Designer 5.3 implements the client part of the SSH protocol, On IR systems using Solaris 10 as the operating system, SSH is provided by default. On IR systems using Solaris 8 as the operating system, SSH can be installed using the openSSH package (www.sunfreeware.com). Avaya IVR Designer Release 5.3 offers the option of using either FTP or SFTP.
A common misconception about SFTP is that SFTP is simply FTP run over SSH. However, SFTP is the service, which works above the SSH protocol. SFTP expects the underlying SSH protocol to secure authentication and security. Therefore, SFTP is most often associated with SSH. Compared to the earlier Secure Copy protocol (SCP), the SFTP protocol allows for many more operations on remote files, and functions like a remote file system protocol. SFTP also provides a more secure connection, as against using FTP or telnet because passwords are never transferred in clear text, preventing the possibility of capture of sensitive data, while eavesdropping on the connection. Data is also encrypted during the transfer, making it difficult to spy or modify the connection
The JDBC connection provides connectivity between the Avaya IR server and remote database servers. The JDBC connection supports connections for up to five different databases. Each database is accessed using a Data Interface Process (DIP) that has been configured with the appropriate administration information for that database. For IR R2.0, after configuring administration information, the provision has been introduced for you to store your database password in an encrypted format.
The encryption of VOIP media and signaling streams provides security to VOIP traffic transmitted between the IR and the MultiVantage switch, as well as any routers or other equipment that transmit IP traffic between the IR and the MultiVantage switch. This reduces the risk of eavesdropping and increases security for sensitive applications or data.
For IR R2.0, tape backup mechanism has been introduced, in addition to NFS (Network File System) backup already present. This enhancement provides you with increased data security.
For customers who purchase the complete Avaya IR system solution (that is, both the hardware and software), unneeded network services are disabled by default.
Customers who purchase the software-only solution can, if they wish, make their systems conform to these standards by running the disableServices utility. They may also consult the white paper, Avaya™ Interactive Response Security and follow the recommendations in that publication.
Note:
The disabling of network services towards heightened system security began with Release 1.2
To help you further protect your system, we have produced a white paper that details the steps and measures you can take to enhance the security of your system. We strongly recommend that you read and implement the practices described in the white paper, Avaya™ Interactive Response Security.
