|
This section discusses security in Modular Messaging systems with Avaya Messaging Application
Server (MAS) or with Avaya Message Storage Server (MSS).
Topics in this section include:
IP security
An IP telephony server is an important asset in an organization.
You must take enough care to prevent unauthorized users from accessing
these systems. Use firewalls, routers, and passwords correctly to reduce the possibility
of fraud.
Firewalls and routing
A firewall is a barrier that keeps potentially harmful elements
away from your systems. Company-managed firewalls and routers can help restrict access to administrative services to specific
parts of the network or particular IP addresses. Restrict access to firewalls,
routers, and switches.
Avaya recommends that the customer talk to their software specialist or their business partner to discuss Modular Messaging local area network (LAN) port usage. Customers must know how to best configure their firewall.
Password protection
Passwords help you to protect your system. Avaya recommends that you use passwords that contain at least six characters. Include a combination of alphanumeric
and special characters in your passwords as such passwords are difficult
to crack. Never share your passwords with anybody, and change them
regularly.
Unauthorized system use
The MSS provides two accounts for customer administration: system administrator (sa) and voice mail administrator (vm). The sa account provides access to all customer-accessible system functions. The vm account provides access to all subscriber-management functions.
You can minimize the risk of unauthorized people accessing your system. For both administration accounts, use the following guidelines:
You can also
use the trusted server feature. A trusted server has direct access
to the MSS and its functionality. Use the same guidelines of trusted server passwords
as for administration passwords.
Trusted server security
This topic discusses trusted servers for Modular Messaging systems with Avaya Message Storage Server (MSS).
A trusted server can be a computer or a software application
that has privileged access to the MSS. The server uses its
own login and password to access the MSS. The MSS
verifies that IP packets come from the administered
IP address for the trusted server. An example of a trusted server is the Mailbox Manager (MBM) software.
Securing a system that allows access from another domain involves
a two-way approach. Consider security from an
external and an internal perspective. External security involves
administration to prevent access from an unauthorized source. Internal security
focuses on preventing or recovering from damage if a breach occurs. An example of a breach is a virus that is transmitted in a message component, such
as an attached software file.
External security
The trusted server can do everything to a user mailbox
that an MSS administrator can do. Administer
a password that the trusted server application must use to request a
connection to the MSS. Additionally, administer a password for the trusted server to prevent
unauthorized access to your system from an external source. The trusted
server must use the password to connect to the MSS. This
password is a secondary layer of security in addition to
the required trusted server password. Change
the password on a regular basis, and follow the standards for account
naming.
Internal security
The MSS allows transmission between domains
of message components, including .wav, .tif, and .txt file attachments. The
MSS supports access to standard e-mail clients. The main security
consideration is the delivery of a virus
that is embedded in a file attachment. This can occur in any
system that supports the delivery of file attachments. A user can infect client computers when starting the application that is associated with the software file.
MSS does not perform any virus
detection. You must carefully evaluate the security risks of file
attachments. Provide virus detection software on
computers that run an e-mail application and on each MAS. Consult your personal computer and LAN administrators
when planning for e-mail. Your administrators are experienced in detecting and preventing
transmission of software viruses. Tell your users to detach attachments from files and scan the attachments for viruses before opening the attachments.
Traffic reports
The MSS provides tracking of traffic data
over various time spans. You can use the tracing system to gather
information about the voice mail system activity. For more information, see VMSC - VMD - Tracing System Dialog Box. Review these
reports on a regular basis to check the traffic trends.
For more information, see Reporting Tool.
Security measures
Use the following security measures and security tips to reduce possible fraud and security risks:
Blocking calls
You cannot block
calls to selected telephone numbers on the MSS. The MSS is a subscriber database and message storage facility. The MAS provides some facility to control outbound calls to telephone numbers. The Voice Mail System Configuration (VMSC) administers the control of outbound calls.
Disabling transfer out of the system
You can disable transferring of calls out of your
system. However, if you do not need to transfer calls out, consider eliminating
this feature. If your automated attendant system uses transfer to
an extension, you cannot use this security measure. Use the Subscriber Options on the MAS to enable this feature.
Message delivery
The Call Me and Find
Me features deliver messages to subscriber-designated telephone numbers.
The Call Me feature places telephone calls to subscribers
at a designated number whenever the subscriber receives a message that meets
certain criteria. The feature invites the subscriber to log in to the
telephone user interface (TUI) and review the message. For more information, see VMSC - VMD - Call Me Dialog Box.
The Find Me feature enables your mailbox to redirect
unanswered calls to a list of telephone numbers. The system asks callers if they want the system to find the called subscriber. If the caller answers yes, the system asks the caller to speak his or her name and then records the name. The system dials each call in the sequence that the telephone number appears in the subscriber's list. If the subscriber does not answer the call, the system proceeds to the next number. If the subscriber answers the call, the system plays the name of the caller and asks if the subscriber wants to take the call. If the subscriber neither answers the call nor chooses to take the call, the system asks the caller to leave a message. For more information, see VMSC - VMD - Messaging - Offline Access Tab.
Changing your password
Passwords prevent misuse of your system. You can minimize the possibility
of fraud and misuse of your system by selecting an unique password.
For more information about password administration in MSS, see "Changing
the administrator account name and password" in the Installation and Upgrades
guide (pdf).
Passwords must be encrypted. Encryption prevents unauthorized users from
accessing the logins and passwords. All subscriber passwords that are stored in the Message Core Subscriber database are encrypted reversibly. Passwords that are stored in the MSS database are
encrypted reversibly through Triple Data Encryption Standard (3DES).
Top of page
|
