The telecommunication industry faces a growing threat of theft
of customer services. Securing the telecommunications system and
its networked equipment is and should be of prime importance to
an organization. Diligent attention to system management and security
can help reduce such risks considerably. Avaya Modular Messaging
is a mission critical system that acts as the backbone of your internet
messaging and communications network. The security documentation
provided here, informs owners of the steps that Avaya has taken
to secure the Modular Messaging system. It describes how to use
the system administration tools to minimize unauthorized intrusions
and provides safeguards and measures that you should take to ensure
that the Modular Messaging servers operate in a secure manner.
Your responsibility for the Security of Your System
No telecommunication system can be entirely free from the risk
of unauthorized use. Customers have ultimate control over the configuration
and use of the product and are solely responsible for ensuring the
security of their systems. Customers who administer and use the
system can tailor the system to meet their unique needs and are
in the best position to ensure that the system is secure to the
fullest extent possible. Customers are responsible for keeping themselves
informed of the latest information, such as security patches, anti-virus
updates, and other relevant information for configuring their systems
to prevent unauthorized use. System managers and administrators
are also responsible for reading all the recommendations, installation
instructions, and system administration documents provided with
the product so that they can understand the features that can introduce
risk of toll fraud and the steps that need to be taken to reduce
that risk.
Avaya does not guarantee that this product is immune from or will
prevent unauthorized use of telecommunication services or facilities
accessed through or connected to it. Avaya will not be responsible
for any damages or charges that result from either unauthorized
use or from incorrect installations of the security patches that
are made available from time to time. To aid in combating such crimes,
Avaya intends to strengthen relationships with its customers and
continue to support law enforcement officials in apprehending and
successfully prosecuting those responsible.
Suspected security vulnerabilities with Avaya products should be
reported to Avaya by sending e-mail to [email protected].
Reported vulnerabilities are prioritized and investigated. Any corrective
action resulting from the vulnerability investigation are posted
at http://support.avaya.com/security.
Whether or not immediate support is required, please report all
toll fraud incidents perpetrated on Avaya services to Avaya Corporate
Security. Avaya Corporate Security is available for product issue
consultation, investigation support, law enforcement, and education
programs.
The following table contains a list of security concerns addressed
in this documentation. Click on the topics for more information.
Topic |
Description |
Security overview |
Provides an overview of the Modular Messaging system and
describes the major areas in which the customer-premises-based
systems are vulnerable. It provides information on the general
security measures that can be taken to discourage unauthorized
usage. |
System Hardening |
Provides information on the system hardening practices
followed by Avaya to make the Modular Messaging system less
susceptible to unauthorized access. It also informs you of
the various tools that you can use to ensure that any new
security holes in the system are tracked and corrective actions
taken to secure these vulnerabilities. |
Physical Security |
Provides information on maintaining the security of the
hardware components, such as servers; preventing unauthorized
access to the system console and documentation; and on running
backups and securing backup media. |
Telecommunication service thefts |
Provides information on various toll fraud issues, such
as toll fraud types, toll fraud occurrences, unauthorized
system usages, fraudulent call transfers, voice mail fraud,
automated attendant security. Also provides information on
the steps that should be taken to prevent and minimize the
occurrence of these types of frauds. |
Adjuncts |
Provides information on adjuncts such as Access Security
Gateway (ASG) and Mailbox Manager and preventive measures
to limit the risk of unauthorized usages of the system through
these adjuncts. |
Network Security |
Provides information on networking security of the Modular
Messaging system, MAS-MSS trusted server security, and intrusion
detection systems. |
Password and mailbox administration |
Provides information on mailbox administration, password
standards, password setting and naming conventions, trusted
server passwords, subscriber password security, and password
administration. |
Port administration |
Provides port information on Modular Messaging servers
and on the encryption and authentication mechanisms that can
used for a secured access. |
Access mechanisms |
Provides information on the various ways that you can access
the Modular Messaging system and describes the security measures
for these access mechanisms. |
PBX Security |
Provides information on the security measures in the PBX
to prevent fraudulent calls and unauthorized access. |
Virus and Worm protection |
Provides information on the recommended security measures
against viruses and worms. |
Security Policy |
Provides information on the security policy and the recommended
best practices. |
Security Maintenance |
Provides information on the security related maintenance
activities for your system. |
References |
Provides information on the Avaya Toll Fraud Helplines
and Security information on the Internet. |
The Avaya Statement of Direction
To help customers make the best possible security-related decisions,
Avaya commits to the following:
-
Avaya products and services will offer the widest range of
options available in the industry to help customers secure their
communications systems in ways consistent with their telecommunications
needs.
-
Avaya is committed to develop and offer services that, for
a fee, reduce or eliminate customer liability for PBX toll fraud,
provided the customer implements prescribed security requirements
in its telecommunications systems.
-
Avaya's product and service literature, marketing information,
and contractual documents address, wherever practical, the security
features of our offerings and their limitations, and the responsibility
our customers have for preventing fraudulent use of their Avaya
products and services.
-
Avaya sales and service people are the best informed in the
industry on how to help customers manage their systems securely.
In ongoing contacts with customers, they will provide the latest
and the most effective security-related information.
-
Avaya trains its sales, installation and maintenance, and technical
support people to focus customers on known toll fraud risks,
to describe mechanisms that reduce those risks, to discuss the
trade-offs between enhanced security and diminished ease of
use and flexibility, and to ensure that customers understand
their role in the decision making process and their corresponding
financial responsibility for fraudulent use of their telecommunications
system.
-
Avaya provides education programs to keep customers and Avaya
employees apprised of emerging technologies, trends, and options
in the area of telecommunications fraud.
-
Avaya promptly initiates ways to impede new fraudulent schemes
as they are developed, share our learning with our customers,
and work with law enforcement officials to identify and prosecute
fraudulent users whenever possible.
-
Avaya intends to meet and exceed customer expectations, and
provide services and products that are easy to use and that
are of high value. This fundamental principle drives our renewed
assault on fraudulent usage by third parties of our customers'
communications services and products.
Top of page
|
