Security

For information about toll fraud, see the respective call server documents on the Avaya support Web site. The 9600 Series IP Telephones cannot guarantee resistance to all Denial of Service attacks. However, there are checks and protections to resist such attacks while maintaining appropriate service to legitimate users.

All 9600 Series IP Telephones that have WML Web applications support Transport Layer Security (TLS). This standard allows the telephone to establish a secure connection to a HTTPS server, in which the upgrade and settings file can reside. This setup adds security over another alternative.

You also have a variety of optional capabilities to restrict or remove how crucial network information is displayed or used. These capabilities are covered in more detail in
Chapter 5: Server Administration.

• Support signaling channel encryption while registering, and when registered, with appropriately administered Avaya Media Servers.

NOTE: Signaling and audio are not encrypted when unnamed registration is effective.

• Restricting the response of the 9600 Series IP Telephones to SNMP queries to only IP Addresses on a list you specify.
• Specifying an SNMP community string for all SNMP messages the telephone sends.
• Restricting dialpad access to Local Administration Procedures, such as specifying IP Addresses, with a password.
• Restricting dialpad access to Craft Local Procedures to experienced installers and technicians.
• Restricting the end user’s ability to use a telephone Options application to view network data.
• As of Release 1.5, 9600 Series IP Telephones are fully compliant with IETF RFC 1948 Defending Against Sequence Number Attacks, May 1996, by S. Bellovin.
• As of Release 1.5, three existing security-related parameters can be administered on the call server and downloaded with encrypted signaling, in addition to unencrypted HTTP or encrypted HTTPS. Those parameters are SNMP community string, SNMP Source IP Addresses, and Craft Access Code (PROCPSWD)).