Avaya

Message Networking Help
Home | Search  
Print | Back | Fwd | Close  
Getting Started Admin Maintenance Reference
Home > Getting started > Concepts and features > System security

System security

The telecommunication industry faces a growing threat of theft of customer services. Securing the telecommunications system and its networked equipment is and should be of prime importance to an organization. Diligent attention to system management and security can help reduce such risks considerably. The security information provided here informs owners of the steps that Avaya has taken to secure the Message Networking system. It describes how to use the system administration tools to minimize unauthorized intrusions and provides safeguards and measures that you should take to ensure that the Message Networking system operates in a secure manner.

Your responsibility for the security of your system

No telecommunication system can be entirely free from the risk of unauthorized use. Customers have ultimate control over the configuration and use of the product and are solely responsible for ensuring the security of their systems. Customers who administer and use the system can tailor the system to meet their unique needs and are in the best position to ensure that the system is secure to the fullest extent possible. Customers are responsible for keeping themselves informed of the latest relevant information for configuring their systems to prevent unauthorized use. System managers and administrators are also responsible for reading all the recommendations, installation instructions, and system administration documents provided with the product so that they can understand the features that can introduce risk and the steps that need to be taken to reduce that risk.

Avaya does not guarantee that this product is immune from or will prevent unauthorized use of telecommunication services or facilities accessed through or connected to it. Avaya will not be responsible for any damages or charges that result from either unauthorized use or from incorrect installations of the security patches that are made available from time to time. To aid in combating such crimes, Avaya intends to strengthen relationships with its customers and continue to support law enforcement officials in apprehending and successfully prosecuting those responsible.

Suspected security vulnerabilities with Avaya products should be reported to Avaya by sending e-mail to [email protected]. Reported vulnerabilities are prioritized and investigated. Any corrective action resulting from the vulnerability investigation are posted at http://support.avaya.com/security. Whether or not immediate support is required, please report all toll fraud incidents perpetrated on Avaya services to Avaya Corporate Security. Avaya Corporate Security is available for product issue consultation, investigation support, law enforcement, and education programs.

The following table contains a list of security concerns addressed in this documentation. Click on the topics for more information.

Topic

Description
Security overview

 Provides an overview of the Message Networking system and describes the major areas in which the customer-premises-based systems are vulnerable. It provides information on the general security measures that can be taken to discourage unauthorized usage.
Feature security Provides an overview of security for Message Networking system features.
Physical security

 Provides information on maintaining the security of the hardware components, preventing unauthorized access to the system console and documentation, and on running backups and securing backup media.
Telecommunication service thefts

 Provides information on various toll fraud issues, such as toll fraud types, toll fraud occurrences, unauthorized system usages, fraudulent call transfers, voice mail fraud, automated attendant security. Also provides information on the steps that should be taken to prevent and minimize the occurrence of these types of frauds.
Adjuncts

 Provides information on adjuncts such as Access Security Gateway (ASG) and Mailbox Manager and preventive measures to limit the risk of unauthorized usages of the system through these adjuncts.
Network security

 Provides information on networking security of the Message Networking system.
Password administration

 Provides information on password standards, password setting and naming conventions, and password administration.
Access mechanisms

 Provides information on the various ways that you can access the Message Networking system and describes the security measures for these access mechanisms.
Virus and worm protection

 Provides information on the recommended security measures against viruses and worms.
Security policy

 Provides information on the security policy and the recommended best practices.
Security maintenance

 Provides information on the security related maintenance activities for your system.
References

 Provides information on the Avaya Toll Fraud Helplines and Security information on the Internet.

The Avaya Statement of Direction

To help customers make the best possible security-related decisions, Avaya commits to the following:

  • Avaya products and services will offer the widest range of options available in the industry to help customers secure their communications systems in ways consistent with their telecommunications needs.

  • Avaya is committed to develop and offer services that, for a fee, reduce or eliminate customer liability for PBX toll fraud, provided the customer implements prescribed security requirements in its telecommunications systems.

  • Avaya's product and service literature, marketing information, and contractual documents address, wherever practical, the security features of our offerings and their limitations, and the responsibility our customers have for preventing fraudulent use of their Avaya products and services.

  • Avaya sales and service people are the best informed in the industry on how to help customers manage their systems securely. In ongoing contacts with customers, they will provide the latest and the most effective security-related information.

  • Avaya trains its sales, installation and maintenance, and technical support people to focus customers on known toll fraud risks, to describe mechanisms that reduce those risks, to discuss the tradeoffs between enhanced security and diminished ease of use and flexibility, and to ensure that customers understand their role in the decision making process and their corresponding financial responsibility for fraudulent use of their telecommunications system.

  • Avaya provides education programs to keep customers and Avaya employees apprised of emerging technologies, trends, and options in the area of telecommunications fraud.

  • Avaya promptly initiates ways to impede new fraudulent schemes as they are developed, share our learning with our customers, and work with law enforcement officials to identify and prosecute fraudulent users whenever possible.

  • Avaya intends to meet and exceed customer expectations, and provide services and products that are easy to use and that are of high value. This fundamental principle drives our renewed assault on fraudulent usage by third parties of our customers' communications services and products.

Top of page
Home | Search | Print | Back | Fwd | Close
©2006 Avaya Inc. All rights reserved.
Last modified 8 February, 2006