The telecommunication industry faces a growing threat of theft
of customer services. Securing the telecommunications system and
its networked equipment is and should be of prime importance to
an organization. Diligent attention to system management and security
can help reduce such risks considerably. Avaya Modular Messaging
is a mission critical system for your internet messaging and communications
network. The security documentation provided here, informs owners
of the steps that Avaya has taken to secure the Modular Messaging
system. It describes how to use the system administration tools
to minimize unauthorized intrusions and provides safeguards and
measures that you should take to ensure that the Modular Messaging
servers operate in a secure manner.
Your responsibility for the security of your system
No telecommunication system can be entirely free from the risk
of unauthorized use. Customers have ultimate control over the configuration
and use of the product and are solely responsible for ensuring the
security of their systems. Customers who administer and use the
system can tailor the system to meet their unique needs and are
in the best position to ensure that the system is secure to the
fullest extent possible. Customers are responsible for keeping themselves
informed of the latest information, such as security patches, anti-virus
updates, and other relevant information for configuring their systems
to prevent unauthorized use. System managers and administrators
are also responsible for reading all the recommendations, installation
instructions, and system administration documents provided with
the product so that they can understand the features that can introduce
risk of toll fraud and the steps that need to be taken to reduce
that risk.
Avaya does not guarantee that this product is immune from or will
prevent unauthorized use of telecommunication services or facilities
accessed through or connected to it. Avaya will not be responsible
for any damages or charges that result from either unauthorized
use or from incorrect installations of the security patches that
are made available from time to time. To aid in combating such crimes,
Avaya intends to strengthen relationships with its customers and
continue to support law enforcement officials in apprehending and
successfully prosecuting those responsible.
Suspected security vulnerabilities with Avaya products should be
reported to Avaya by sending e-mail to [email protected].
Reported vulnerabilities are prioritized and investigated. Any corrective
action resulting from the vulnerability investigation are posted
at http://support.avaya.com/security.
Whether or not immediate support is required, please report all
toll fraud incidents perpetrated on Avaya services to Avaya Corporate
Security. Avaya Corporate Security is available for product issue
consultation, investigation support, law enforcement, and education
programs.
The following table contains a list of security concerns addressed
in this documentation. Click on the topics for more information.
Topic |
Description |
Security overview |
An overview of the Modular Messaging system and describes
the major areas in which the customer-premises-based systems
are vulnerable. It provides information on the general security
measures that can be taken to discourage unauthorized usage. |
System hardening |
Information on the system hardening practices followed
by Avaya to make the Modular Messaging system less susceptible
to unauthorized access. It also informs you of the various
tools that you can use to ensure that any new security holes
in the system are tracked and corrective actions taken to
secure these vulnerabilities. |
Physical security |
Information on maintaining the security of the hardware
components, such as servers; preventing unauthorized access
to the system console and documentation; and on running backups
and securing backup media. |
Telecommunication service thefts |
Information on various toll fraud issues, such as toll
fraud types, toll fraud occurrences, unauthorized system usages,
fraudulent call transfers, voice mail fraud, automated attendant
security. Also provides information on the steps that should
be taken to prevent and minimize the occurrence of these types
of frauds. |
Adjuncts |
Information on adjuncts such as Access Security Gateway
(ASG) and Mailbox Manager and preventive measures to limit
the risk of unauthorized usages of the system through these
adjuncts. |
Network security |
Information on networking security of the Modular Messaging
system, MAS-MSS trusted server security, and intrusion detection
systems. |
Password and mailbox administration |
Information on mailbox administration, password standards,
password setting and naming conventions, trusted server passwords,
subscriber password security, and password administration. |
Access mechanisms |
Information on the various ways that you can access Modular
Messaging servers and on the encryption and authentication
mechanisms that can used for a secured access. |
PBX security |
Information on the security measures in the PBX to prevent
fraudulent calls and unauthorized access. |
Virus, worm and spam protection |
Information on the recommended security measures against
viruses and worms. |
Security policy |
Information on the security policy and the recommended
best practices. |
Security-related maintenance |
Information on the security related maintenance activities
for your system. |
References |
Information on the Avaya Toll Fraud Helplines and Security
information on the Internet. |
The Avaya Statement of Direction
To help customers make the best possible security-related decisions,
Avaya commits to the following:
-
Avaya products and services will offer the widest range of
options available in the industry to help customers secure their
communications systems in ways consistent with their telecommunications
needs.
-
Avaya is committed to develop and offer services that, for
a fee, reduce or eliminate customer liability for PBX toll fraud,
provided the customer implements prescribed security requirements
in its telecommunications systems.
-
Avaya's product and service literature, marketing information,
and contractual documents address, wherever practical, the security
features of our offerings and their limitations, and the responsibility
our customers have for preventing fraudulent use of their Avaya
products and services.
-
Avaya sales and service people are the best informed in the
industry on how to help customers manage their systems securely.
In ongoing contacts with customers, they will provide the latest
and the most effective security-related information.
-
Avaya trains its sales, installation and maintenance, and technical
support people to focus customers on known toll fraud risks,
to describe mechanisms that reduce those risks, to discuss the
trade-offs between enhanced security and diminished ease of
use and flexibility, and to ensure that customers understand
their role in the decision making process and their corresponding
financial responsibility for fraudulent use of their telecommunications
system.
-
Avaya provides education programs to keep customers and Avaya
employees apprised of emerging technologies, trends, and options
in the area of telecommunications fraud.
-
Avaya promptly initiates ways to impede new fraudulent schemes
as they are developed, share our learning with our customers,
and work with law enforcement officials to identify and prosecute
fraudulent users whenever possible.
-
Avaya intends to meet and exceed customer expectations, and
provide services and products that are easy to use and that
are of high value. This fundamental principle drives our renewed
assault on fraudulent usage by third parties of our customers'
communications services and products.
Top of page
|
