Avaya

Modular Messaging Help

Home | Search | Site Index
Print | Back | Fwd | Legal | Close

 Getting Started 
 Installation 
 Administration 
 Maintenance 
 Reference 
Home > Getting started > Modular Messaging and security > System hardening

System hardening

Topics in this section include:

System hardening overview

System hardening identifies the uses of a particular computer such as a Web server, an e-mail or a voice mail server, or an Internet server. System hardening also disables or removes all components that are not required. The components allowed on the system are specific to the functions that the system performs. System hardening tightens system security by limiting the number of users, setting password policies, and creating access control lists.

System hardening must be well defined in the information security guidelines. The process of hardening a system depends on your operating system. You must ensure that you perform the following tasks:

  • Disable unnecessary services. The default installation can include more services than you need. Disable the services or features that you do not need to make the system more secure and to provide better performance. For more information about Modular Messaging services, see the installation guide for your configuration. For more information about Windows services, contact your Avaya representative for a complete list of Windows services.

  • Patch the system. Install all service packs, security patches, and hot fixes, especially those that pertain to the security of the system. Once they are installed, validate all the hardening procedures to ensure that the hardening settings are unchanged. Verify that the service packs did not roll back the configuration settings. For more information, see Patching.

  • Configure file system, directory, and registry settings. Review and enforce access rights to the file system, directory service, and registry. Global read and write access to key directories can lead to a security exposure. In most cases, this level of permission is unnecessary.

  • Configure and tune logging. Configure the system to log more detail and security-relevant information. One of the best ways to learn about attempted and successful security breaches is to monitor system logs regularly.

  • Ensure physical security. Ensure that the system is physically secure from unauthorized access. Physical security enforces strong security controls and system hardening.

  • Choose strong passwords for administration accounts. Select the passwords for administration accounts according to the specified guidelines. The administrator passwords must be the most closely guarded passwords on the network.

  • Install virus-detection software. Use anti-virus products to monitor, identify, and secure your systems from viruses and worms. For more information, see Virus, worm, and spam protection.

  • Verify all security settings. After you configure the security settings on the host, check all the settings to ensure that they are intact. In many operating systems, when you apply security patches and make changes to settings, previously made changes are lost.

Modular Messaging and hardening

The Avaya Messaging Application Server (MAS) and Avaya Message Storage Server (MSS) are based on Windows Server 2003 and Linux operating systems, respectively.

Harden the MAS to reduce vulnerabilities to the system and to customer networks. Avaya disables all unnecessary services that are irrelevant to the operation of Modular Messaging.

Avaya follows standard Linux procedures for hardening the Linux-based MSS. On the MSS, Avaya deletes all the unnecessary executables and Red Hat Package Manager (RPM) formats.

For more information about Modular Messaging services, see the installation guide for your configuration.

Avaya follows the Microsoft checklist for Windows hardening to harden each messaging application server. Hardening also includes removing all unnecessary executables and registry entries. Avaya applies appropriately restrictive permissions to files, services, endpoints, and registry entries. There are some services on Windows that you cannot disable. For example, Modular Messaging requires the Remote Procedure Call (RPC) service. For more information about Windows services, contact your Avaya representative for a complete list of Windows services.

Once the system is hardened, Avaya uses a variety of common "attack tools" to find security holes on the system. Common tools that you can download from the Web include Nmap and Nessus. Avaya finds and fixes security problems found prior to the release of the product or update. The system is only as secure as the security knowledge base at the time of the release. New vulnerabilities are possible.

Neither one of the UNIX, Linux, or Windows operating systems is inherently more secure than the other. Each operating system is not secure out of the box. Each can be made more secure by enforcing a good security policy. The security policy includes proper administration, configuration, and diligent application of vendor updates when security problems are discovered. For current information about hardening and security, see the Microsoft Security Home Page Web site.

Top of page

Home | Search | Site Index | Print | Back | Fwd | Legal | Close

©2007 Avaya Inc. All rights reserved. Last modified: