Avaya

Message Networking Help
Home | Search  
Print | Back | Fwd | Close  
Getting Started Admin Maintenance Reference
Home > Getting started > Concepts and features > System security > Security of system adjuncts

Security of system adjuncts

This topic provides information about the security of Message Networking system adjuncts.

Access Security Gateway (ASG)

The Access Security Gateway (ASG) feature is an optional authentication interface you can use to secure the sa login on the Message Networking system. Whenever a dial-up port user begins a session on the system for purposes of administration or maintenance, the user must enter a valid login ID. If the ASG interface is activated, the system issues a numerical challenge. In order for the user to access the Message Networking administration and maintenance features, the user must enter the correct numerical response. By activating the ASG feature, you can reduce the possibility of unauthorized remote access to the system.

You administer ASG parameters to specify whether access to the system requires ASG authentication. You can assign this protection to all system administration maintenance ports or to a subset of those ports. If the port or login being used is not protected by ASG, the user can enter the system with the standard Message Networking login and password.

The following procedure describes how the ASG interface works:

  1. At the beginning of a login session, a message asks the user to enter a login ID.
  2. Upon receipt of the login ID, ASG generates a number based upon the system ASG secret key number and presents this 7-digit number as a challenge.
  3. The user must have a handheld device, called the ASG Key. The ASG Key must be set with an ASG secret key number that matches that of the user's ASG secret key number in the Message Networking system.
  4. The user enters the PIN and challenge number into the ASG Key.
  5. The ASG Key generates and displays a unique, 7-digit numerical response that corresponds to the challenge number.
  6. The user enters the response number at the response: prompt.
  7. If the response supplied by the user corresponds to the numerical response expected by the Message Networking system, the authentication is successful and the user is logged in to the system.
  8. If the response does not correspond, the user is not authenticated and is denied access to the system. Also, the failed authentication attempt is recorded in the system history log.

    Note: The system administrator determines how many login attempts are permitted. If the user is not authenticated after that number of attempts, the system displays the message INVALID LOGIN and terminates the session.

To administer ASG on Message Networking, see Administering the Access Security Gateway (ASG).

LDAP Client

Message Networking supports the use of LDAP client machines to extract information from and perform administration of the Message Networking system.

LDAP clients connect to Message Networking through a trusted server connection on the Message Networking system. The machine running the LDAP client must be administered as an LDAP client remote machine. An LDAP password is used to for security Make sure that the password is at least eight characters long and is not composed of easily guessed words or numeric combinations.

It is advisable that all logins to the LDAP client should be password protected. It is important that you do not leave any desktop or laptop machine that has an LDAP client installed unattended, even for a little while. Make sure that you lock your computer every time you are not working on it. This will prevent any unauthorized access to the LDAP client. It is also advisable to change the passwords on a regular basis as unauthorized people may obtain documentation copies of your system and adjuncts and circulate the administrative passwords to gain entry into your systems.

Top of page
Home | Search | Print | Back | Fwd | Close
©2006 Avaya Inc. All rights reserved.
Last modified 11 January, 2006