Alcatel-Lucent Enterprise Communication Solutions 2013 Offers Standard Offer Chapter 15 Security. October 2013 Offer- Ed.01 Ref.

Size: px
Start display at page:

Download "Alcatel-Lucent Enterprise Communication Solutions 2013 Offers Standard Offer Chapter 15 Security. October 2013 Offer- Ed.01 Ref."

Transcription

1 Alcatel-Lucent Enterprise Communication Solutions 2013 Offers Standard Offer Chapter 15 Security - Ed.01 Ref.: ENT_MLE_015926

2 Copyright Alcatel-Lucent All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel-Lucent. Notice: While reasonable effort is made to ensure that the information in this document is complete and accurate at the time of printing, we can not assume responsibility for any errors. Changes and/or corrections to the information contained in this document may be incorporated into future issues. This document introduces the Alcatel-Lucent OpenTouch and OmniPCX Enterprise Communication Server, their products and features. All documents associated to this introduction cover most of the aspects for designing offers based on current manufacturers and business partner agreements. They include introductory explanations to position the offer in relation to client needs. References to indepth documentation are indicated to direct you to product descriptions or product sites. Who Should Use this Document? As an introductory offer, this document can be used by Alcatel-Lucent vendors, clients, partners and associates involved with the implementation of Alcatel-Lucent systems. 2/75 Alcatel-Lucent Enterprise Communication Solutions

3 Table of content 1 Global security view The user-centric security blueprint Applying the security blueprint Perimeter security Network access control Identity management Application security Mobile security Security management 9 2 PBX and applications security: core platforms Security features list overview Com server Linux OS advantages Linux: customized for the OmniPCX Enterprise VLAN segmentation Defense actions Access controls (passwords, filters, etc.) Internal security Network time protocol Log and Syslog files Media gateway Resistance against DoS attacks Separation of TDM and IP traffic Binaries signature check Voice mail application OmniVista Password policy enforcement Back up and disaster recovery process Sending PKI (public key infrastructure) Alcatel-Lucent OmniTouch 8400 Instant Communications Suite Authentication High availability IP terminals Business continuity Anti-ARP spoofing Anti-ARP cache poisoning Protection against DHCP server intrusion Anti-MAC spoofing TFTP request check Connect message filtering Verification of binaries MMI protections PC port and traffic isolation X 24 3/75 Alcatel-Lucent Enterprise Communication Solutions

4 SIP/TLS and SRTP 25 3 Network security VoIP firewall THALES TeoZ (Alcatel-Lucent Applications Partner Program) Reverse proxy Blue Coat (Alcatel-Lucent Applications Partner Program) OpenTouch Session Border Controller Introduction Features/Benefits Solutions OpenTouch SBC Physical Description Architecture OpenTouch SBC Functionality OpenTouch SBC Non-Functionality Aspects 47 4 Security of configuration and management Authentication Communication server authentication OmniVista 8770 authentication OmniTouch 8400 ICS authentication Securing management exchanges Secured SNMP Secured shell (SSH) Secured HTTP (HTTP over SSL) Secured legacy remote management 57 5 Communication security Protection against theft of service (Toll fraud) Transfer protection Forwarding protection Protection on internal phones External call restriction Restricted access to a phone set Out of service option Discrimination calendar for external calls DISA (direct inward system access) protection Control Calling line identification Call monitoring feature IP Touch security Encryption architecture Security modules MGSec Signaling and voice encryption on IP media gateway): SoftMSM IP Touch security in an ABC network Encryption compatibilities SIP/TLS support Verticals certification Payment card industry data security standard Health insurance portability and accountability 74 6 Antivirus software 75 4/75 Alcatel-Lucent Enterprise Communication Solutions

5 6.1 Antivirus software and the OmniPCX Enterprise OmniVista 8770-specific recommendations for anti-virus 75 5/75 Alcatel-Lucent Enterprise Communication Solutions

6 1 Global security view Securing communications for all voice and data applications as well as employee mobility is the key to supporting new business models and enabling a trusted dynamic enterprise that competes effectively in today s business environment. Security must become a positive enabler to drive business performance. To achieve this objective, enterprises must have a corporate-wide strategy a security blueprint that allows the enterprise to be open for business and, at the same time, provide a trusted environment. This requires a shift to a user-centric approach to security, delivered from within the network to protect networks, people, processes and knowledge. 1.1 The user-centric security blueprint A user-centric security blueprint can enable a powerful shift to a trusted, dynamic enterprise. At the same time, enterprises manage risk, protect private data, and maintain compliance. With a security blueprint, enterprises can keep satisfying the demands of employees, business partners, and customers for always-on, always available voice and data applications, that can be accessed from anywhere and at any time. The blueprint looks at security for the enterprise as being delivered from within the network to protect networks, people, processes and knowledge. If abiding by the blueprint, the enterprise benefits from: A network that is user-aware and provides security for voice, data and mobility, and enables compliance with policy enforcement and audit People securely collaborating across organizational boundaries, leveraging business-tobusiness relationships, Web 2.0, and cloud computing without security-imposed human productivity barriers Processes that are agile, automated and always secured Knowledge in the form of protected private data, as well as secured knowledge sharing The user-centric security blueprint prescribes a global, corporate-wide security infrastructure that provides a consistent and corporate-wide application of security. 1.2 Applying the security blueprint If following a user centric security blueprint, enterprises are positioned to leverage new business models made possible by Web 2.0, cloud computing and mobile communications technology. Applying this security blueprint for a trusted, dynamic enterprise, requires an end-to-end approach to security. Enterprises must move beyond looking at point solutions that address specific security requirements for one area of the enterprise, to integrated solutions that enable the user centric security blueprint. figure: User-centric security deployment offers a visual representation of the solution map that meets these objectives. Deploying solutions complying with the user centric security blueprint starts with gaining an understanding of what perimeter security exists within the enterprise. Moving along the path laid out by the blueprint, the next step is to examine the need for network access control solutions to ensure that adequate controls are in place to allow a user and or a device onto the network. Fine grained controls may be required to enable users to access the network resources and applications they want access to, once they have been accepted onto the network. 6/75 Alcatel-Lucent Enterprise Communication Solutions

7 Once the voice and data fabric are secured and appropriate fine grained controls are in place, the next consideration is to target directly specific applications that require extra special treatment. This is followed by solutions to protect the mobile user and mobile assets of the corporation, such as laptops Perimeter security Choosing a perimeter security solution usually implies different choices according to the various types of enterprises. It is also greatly dependent on security strategy. If an enterprise prefers to follow a best-of-breed approach to threat management - then separate solutions are required for firewall/vpn, anti-virus, anti-malware and web filtering. If an integrated approach to threat management is preferred, then a unified threat management and firewall solution is attractive. If an enterprise has many independent branch offices, an integrated solution which includes routing functionality, referred to as a security router, is an approach to be considered. In today s network, a web application firewall is a must to protect web servers and web-facing applications. One overall consideration in controlling security operations costs is scalability and manageability of the perimeter solution chosen, especially for enterprises with many locations to protect. 7/75 Alcatel-Lucent Enterprise Communication Solutions

8 1.2.2 Network access control Identity management Network access control can be achieved by looking at several categories of solutions. Starting with IP address management that offers the ability to provide an address to devices connected to the network, followed by host integrity check solutions that ensure that it is safe to allow a device on the network, ending with role-based access control solutions. Host integrity check solutions will determine if a device is configured in accordance with enterprise policy and that it contains no malware before the device is allowed onto the network. It is a must in any wireless environment where users connect devices to the network at will. Enterprises that have a stringent need to protect certain servers and applications or are in highly regulated industries, should consider role-based access control solutions to provide the required controls with audit. These solutions can be deployed without having to re-configure networks on a physical level to achieve security requirements. Identity management is essential to user-centric security and starts with an enterprise-wide password management platform and directory server farm. Many organizations today will consider the move to some form of strong authentication based on certificates coupled with two factor-identifications of end users and devices. Providing a rich set of interface and control points to the voice and data fabric of the enterprise is key to the deployment of an Authentication, Authorization and Accounting (AAA) infrastructure. Of course, an enterprise-wide single sign-on capability is also important to provide an internal secured environment that remains enabling for employees. With the move to Web 2.0 and cloud computing the addition of a federated identity management capability may be necessary Application security The deployment of new applications such as VoIP, the adoption of new business models leveraging Web 2.0 and the Cloud, and new compliance regulations create the need for security solutions that protect user activity with an understanding for the application being used by the end user. With the deployment of VoIP, it is important that the existing enterprise security can ensure that the new virtualized perimeter defense and possibly encryption requirements for VoIP are met. In the case of Web 2.0 and the Cloud, solutions that secure individual Web services and can act as a trusted intermediary with the Cloud are becoming a must have for protecting enterprises. Solutions ensuring that enterprises are compliant with regulation in the processing of monetary transactions and control the cost of being compliant are important to many enterprises. 8/75 Alcatel-Lucent Enterprise Communication Solutions

9 Security enabling the reliability of IP telephony Alcatel-Lucent is partnered with Thales, a major security player in the domain of Defense and Enterprises, in order to provide a high performance encryption solution responding to real time voice criteria (delay and commutation time). The IP Touch security solution brings: Secure download of binaries and configuration files in IP Phones and IP Media gateways The integrity of call control signaling (ensuring that messages have not been modified) The capability to encrypt call control signaling and voice flows The equipment concerned with encryption includes: The range of communications servers (IPAS, IPRS, IPCS) and passive communication servers (PCS) The Media Gateways IP range (Common Hardware or Crystal) The IP Touch range (Alcatel-Lucent 8 series) IP Desktop Softphone application (software emulation of Alcatel-Lucent IP Touch 4068 Phone set) OmniTouch 8600 MIC client (softphone) OmniTouch 8400 ICS servers (application servers and media servers) IP Touch security is a commercial option of Alcatel-Lucent OmniPCX Enterprise Communication Server (both hardware and software) Mobile security Many enterprises today have employees that spend much of their working hours outside the enterprise perimeter using mobile computing devices such as laptops. Solutions for securing mobile laptops must address the concern of private information stored on them risking being lost or stolen and also address the need to be able to configure laptops at any time Security management Security management requires a number of platform choices covering performance and event management, patch management, vulnerability detection and compliance management. Solutions deployed for performance and event management must be able to install in a global enterprise, collect a rich set of data from the voice and data fabric, and provide a robust event response and 9/75 Alcatel-Lucent Enterprise Communication Solutions

10 escalation engine. Solutions for patch management must be able to integrate with enterprise platforms that manage mobility. 10/75 Alcatel-Lucent Enterprise Communication Solutions

11 2 PBX and applications security: core platforms Alcatel-Lucent provides mechanisms, tools and protocols to ensure a secure fully-fledged global solution. In-depth defenses Global security of the information system within a company is based on: An individualized perception of the hardening of each component of the system (networks, servers, Com Servers, media gateway ) supporting client applications Secure access to this system and filtering of the traffic going through the system (type of traffic expected, concepts of bandwidths allocated by reservation or by prioritization of the applications) Protection of the configuration of these elements (restricted access, definition of administrator rights) Protection of critical applications (confidentiality, integrity, availability) In order to protect the core of the information system, company security is deployed on several levels. Each level, from the physical element to the deployed application, implements a specific function delaying access to confidential information for non-authorized parties. The OmniPCX Enterprise products and solutions are part of the global Alcatel-Lucent security polices and best practices framework (security-by-default strategy). 2.1 Security features list overview Authentication IPBX server management o o Local authentication database (password policy enforcement) Remote authentication (RADIUS) Client/device (IP Touch) network access o IEEE 802.1X (MD5 and TLS) Traffic filtering IPBX server o Trusted hosts file o TCP wrapper function Client/device (IP Touch) o ARP spoofing protection o PC port switch VLAN filtering Encryption IPBX server configuration mode 11/75 Alcatel-Lucent Enterprise Communication Solutions

12 o SSHv2 for secure sessions (Telnet, FTP, etc.) o SSLv2/v3 for secure HTTP session o SNMP v1/v2c/v3 for complete NMS integration Client/device (hardphone and softphone) confidentiality (signaling protocol and media) o IPSEC and Secure RTP (AES 128 bits) o SIP TLS and Secure RTP (AES 128 bits) for NOE/SIP Integrity Media gateway and IP Touch binaries signatures System maintenance and access o Dual port (hot standby mode) o Local and remote logging (Syslog) o Serial console port for local and remote (call back modem dialup) access o Network time protocol (NTP) server and client for network-wide time synchronization User authorization to communication services Call monitoring feature with OmniVista 8770 for a better protection against Toll fraud Internal Toll fraud protection by using class of services Definition of PIN codes for business or personal call Restricted access for transfer/forwarding barring categories against Toll fraud Secure access to direct inward system access (DISA) function 2.2 Com server The operating system used by the Alcatel-Lucent OmniPCX Enterprise Communication Server is based on Linux (kernel ). Historically, the open nature of the Linux source code has allowed the Linux community to audit operating system development and solve potential security problems before they become actual problems on customer systems. Alcatel-Lucent has invested the time and effort to further harden the Linux operating system environment for OmniPCX Enterprise use Linux OS advantages The advantages that make Linux one of the most stable and secure operating systems available as a free operating system include: A source code fully open in terms of kernel and utilities - there is no "security by obscurity" A large and active developer base that ensures constant security auditing of the source code The massive worldwide user base for Linux ensures that each aspect of Linux security is tested within a vast range of different computing environments on all kinds of hardware 12/75 Alcatel-Lucent Enterprise Communication Solutions

13 The on-going development of Linux ensures that it stays on the cutting edge of many Unix security developments Linux: customized for the OmniPCX Enterprise As part of Alcatel-Lucent hardening of the Linux operating system, all non-essential software has been removed from the Alcatel-Lucent customized version of the OS. The advantages include reducing: The provided distribution size (the Alcatel-Lucent package is 50 MB while the public version is 700 MB) The potential security risks imposed by the excess software Although Alcatel-Lucent has eliminated over 85% of the standard Linux core distribution, several optional features remain within the Alcatel-Lucent distribution. Only those services that are vital for operation are enabled by default. For example telnet remains within the Alcatel-Lucent distribution of Linux, but is disabled by default because it is unsecured, and replaced by SSH. There are no Graphic User Interface (GUI) environments such as X11, KDE or Gnome. There are no resource tools for remote file and print sharing available in the Alcatel-Lucent distribution. Features such as LPR, NFS and Samba (Microsoft compatible) are not present in any format VLAN segmentation For the highest possible levels of security, Alcatel-Lucent strongly recommends segmentation between voice and data networks. In this way, strong security methodologies and perimeter controls can be used to ensure the integrity of both environments. For Quality of Service, ease of management and security reasons; voice and data traffic should be logically separated. From a security perspective, separating traffic into differing Ethernet broadcast domains provides for better DoS resilience and allows for the establishment of strong boundary security practices. In addition to the VLAN segmentation, and if information exchanges are necessary between the different logical networks, a security policy should be deployed to control the flows between VLANs using Access Control List. This security policy can be based on addresses end-users and IP flows used by these end-users or VLAN identities. For more information about VLAN segmentation and descriptions about assignment, see module More Information - Additional IP Services - Automatic VLAN Assignment (AVA) Defense actions Defenses against Denial-of-Service DoS attacks The Com Server is hardened to resist attacks by broadcast flooding. An internal defense mechanism allows for a minimum reservation of processor power to the primary function of the Com Server: Call Handling. For each release, test campaigns are systematically carried out to address all categories of attack. Alcatel-Lucent Enterprise Solutions Division has implemented the set of security tools recommended by the Corporate Alcatel-Lucent Network Security Group to audit, test and harden the products, and track potential issues. Defenses against erroneous data attacks, tools (generating Teardrop) 13/75 Alcatel-Lucent Enterprise Communication Solutions

14 Timeout, Land, Ping of Death) and Nessus suite are used to address the most famous denial of service (DoS) attacks. Part of the test campaign is also based on tools (built by companies like Codenomicom) for verifying the implementation and the resilience of protocols such as H323, SIP, etc. Regarding the storm packets or flooding attacks, various tools generating TCP flood, SYN, ACK, FIN, URG, RST, PSH-Ping flood, Echo Reply flood, Bad TTL flood, and broadcast storm are used. All audit results are analyzed by the Alcatel-Lucent R&D department. For instance, critical issues reported in Nessus results are corrected in maintenance releases of the OmniPCX Enterprise. Independent consultants (Miercom) have already tested our solutions, including the security aspects. For example, using similar tools they confirmed Alcatel-Lucent s results concerning DoS attacks. For more information in connection with the Media Gateway, see Media gateway For more information about IP terminal protection, see IP terminals Access controls (passwords, filters, etc.) Our ToIP application is installed on a customized Linux system. The number of generic system accounts is reduced to the minimum and some specific system accounts used to access functions of our application are automatically created at installation. The following table provides a summary of available system accounts after installation: Name Function Origin Creation Login FTP Root superadmin account Linux by default YES (console only) NO Bin Owner of several binaries Linux by default NO NO Daemon Owner of /var/spool/at Linux by default NO NO Ftp Anonymous FTP access Linux by default NO YES Httpd HTTP owner Linux by default NO NO Nobody Owner of TFTP daemon Linux by default NO NO Ppp Setup IP link on V24 Linux by default NO YES Swinst Software installation and configuration Alcatel- Lucent by default YES (console only) YES Mtcl Maintenance and configuration Alcatel- Lucent by default YES YES Adfexc File transfer with OmniVista 8770 Alcatel- Lucent by default NO YES Client Limited maintenance access Alcatel- optional YES YES 14/75 Alcatel-Lucent Enterprise Communication Solutions

15 Name Function Origin Creation Login FTP Lucent The "client" account, not present by default, can be optionally created. Shell access and FTP access are restricted to some accounts. Only the system accounts present in this table are available. No new account can be created. As a result, the use of shared system Ids for logging to the Com Server is mandatory. Note: Certain accounts that were available in previous releases, but are unnecessary for system operations, have been suppressed in order to restrict unauthorized access by a backdoor. These accounts include mtch, adm, halt, sync, shutdown and install Security by default design During the initial installation of the product, security is activated and password configuration in the system (accounts access) is forced into operation by default. The customer takes the responsibility for changing the user passwords (root, mctl, swinst, and adfexc) Expiring passwords The expiration of passwords is activated. The "time to live" of passwords can be configured with a maximum of 999 days before access to the account is blocked by the system. Five days before the expiration date, a warning stating that "the password will expire in x days" is displayed at each login Password policy Minimum length Comparison between the new password and previous ones Maximum useful life Warning before expiration time Maximum number of failed authentication attempts The new password must be made of a minimum of 8 digits (lower or upper case, figures, punctuation signs) The new password must be different from the last three passwords. At least half of the digits must be different from the last used password From 11 to 999 days 5 days (for each login) 3 Note: It is not possible to use the "root" access directly from telnet. Access is only available via a direct console port, and the user must be physically on the site Disabling account A quarantine mechanism can be configured by the administrator to block access to a system account for a short period of time (15 seconds) when the maximum number of failed authentication attempts (3 by default) is reached. This mechanism is a protection against brutal force attacks. Note: At login, if there is no user action for 300 seconds, the session is stopped. 15/75 Alcatel-Lucent Enterprise Communication Solutions

16 Shadow passwords On a Linux system without the Shadow Suite installed, user information (including passwords) is stored in clear in the typical /etc/passwd file. With the Shadow Suite, the MD5 algorithm hashes all passwords and stores them in a specific file /etc/shadow with restricted access rights. Although not altogether impossible, it is very difficult to take a randomly encoded password and recover the original one Internal security Internal security measures include: Shadow passwords Trusted Hosts TCP Wrapper Trusted hosts The trusted hosts function isolates the OmniPCX Enterprise network interface of the LAN. When an IP device is not explicitly registered no dialog (incoming or outgoing) is allowed between this IP device on the network and the Com Server via Ethernet. All IP routes are deleted, including default routes. When the trusted hosts function is configured to cater for several trusted IP devices, an IP static route is created for each IP device. The trusted hosts are the IP phones, media gateways, network management stations, etc. The hostname field contains the name of the trusted hosts from which remote access is possible. Enabled by default, this security feature allows the customer to deny remote access for unfamiliar IP devices to the CPU supporting the Com Server. There are two trusted hosts groups: those connected to Ethernet interfaces and those connected to other links (SLIP, PPP). Configuration is performed using a specific menu (within the Netadmin tool) which specifies a list of trusted hosts (and their IP addresses). On Linux operating systems, the file /etc/hosts.equiv lists the hosts of the network trusted by your computer; this is your trusted hosts file. This file consists of one column with the hostname or the IP address of each trusted device. It is possible to declare a range of IP addresses (for IP phones) in the trusted hosts file TCP Wrapper TCP Wrapper is a public domain tool that provides filtering services for Linux or Unix servers. When an unprotected Linux computer is connected to a network, the computer's system is exposed to other computer users connected to the network. A hacker can determine which users are logged on to a given server, and may also be able to find out the identities of individual computers. The hacker can then determine when a workstation is likely to be idle, and access and use that workstation while it is unattended. TCP Wrapper Firewall Capability TCP Wrapper operates by intercepting and filtering incoming requests for the network services. For example, if an external host attempts to use the FTP service, TCP Wrapper checks to see if that external entity is authorized to transfer files. If it is authorized, then access is permitted; if not, access is denied. 16/75 Alcatel-Lucent Enterprise Communication Solutions

17 TCP Wrapper IP Security TCP Wrapper, embedded on our system, provides enhanced security IP services. It will log and control access for many IP services (such as FTP, telnet, shell, login, and TFTP) and services relating to the OmniPCX Enterprise (save-restore, audit, etc.). For each IP device defined in the list of trusted hosts, the customer must specify each IP application that is allowed remote access. It is possible to assign a profile that contains a minimum list of services for use in the OmniPCX Enterprise. The available profiles are: VoIP resources (IP-Phone, INTIPA/INTIPB, GA, GD, and LIOE): only TFTP is allowed 47XX (management): FTP, Telnet, Netaccess, Saverrest are allowed CPU: Shell, FTP, Telnet, TFTP, Rlis, Saverrest, Builddistant, Loaddistant are allowed Router: no service is allowed Only the "super user" is allowed to configure TCP Wrapper. When configuring security parameters, the manager must login as "root". Note: Unlike TCP-wrapper, the trusted hosts function is not available with a PPP link. Alcatel-Lucent recommends that telnet and login services are inhibited via TCP-wrapper to avoid reaching a host on the LAN Network time protocol The need for synchronized time is critical for today s network environments. As organizations grow and the network services they provide continue to increase, the challenges involved with providing accurate time to their systems and applications also increase. Every aspect of managing, securing and debugging a network involves determining when events occur. Time is the critical element that allows an event on one network node to be mapped to a corresponding event on another by using a log. In many cases, these challenges can be overcome by deployment of the NTP Service. The NTP (RFC 1305) is an Internet protocol used to synchronize the clocks of devices to a designated time reference, providing the benefits of a standard based time and the synchronization of logs and traps. The clocking information is synchronized via UTC (Universal Time Coordinated). NTP service is based on client-server architecture where a server provides clocking information to multiple clients over an IP network. The OmniPCX Enterprise can operate as an NTP server or client in order to provide or get clocking information Log and Syslog files Log Files Log files are available for several OmniPCX Enterprise applications/system operations: Storage of all management operations performed on the Com Server (Syslog mechanism) Storage of telephonic database updating Storage of communication costs 17/75 Alcatel-Lucent Enterprise Communication Solutions

18 Storage of OmniPCX Enterprise applications "incidents" Syslog file for intrusion management With the security-by-default mechanism, Syslog support is enabled on the Com Server. It registers all network events, as part of the process to prevent security issues. All events, regarding the kernel, the network interface, login, etc. monitored by the Linux system are distributed by origin and severity in files located in the directory /var/log (ex: messages, secure, auth.log, etc.). The Syslog files keep records or logs relating to: Connections (who is connected, and at what time) Unauthorized attempts to enter the system History of the system commands used Kernel and registration of the daemons used on devices No user interface is available via swinst or netadmin to access these files. The only way to read or modify them is via Linux commands such as vi or more. To avoid congestion on the disc caused by these files, an automatic mechanism rotates log files. They are compressed and renamed by this mechanism. The rotational schedule is weekly and/or when the file exceeds 500 Kb (before compression). 2.3 Media gateway Resistance against DoS attacks There is no Operating System that can be exploited to this purpose on interface boards or media gateway controllers. These include only function specific LINUX micro-kernels. Flood Limiting is similar to the protection provided by Alcatel-Lucent IP Phones. The TSC-LIOE, LIOE, INTIP, IOIP, GD and GA boards are designed to identify excessive Ethernet broadcast traffic rates, and ignore all broadcast traffic in excess of 300 pps. If an OmniPCX Enterprise IPMG interface receives traffic in excess of 300pps, only the first 300 packets will be accepted Separation of TDM and IP traffic IP networking functions are completely isolated from voice and signaling transport contamination. No service has been implemented (by Alcatel-Lucent or any third party) in OmniPCX Enterprise media gateway devices that would allow user access from TDM resources (ISDN, PSTN, analogue trunk, etc.) to IP networking resources within the IP Media Gateway. The only services supported through the TDM trunking interfaces to IP are: Tunneling of trunk signaling protocols Tunneling of trunk signaling protocols (ISDN, CAS, etc.) is handled via the Com Server through IP, where they are processed by the call handling application. Call processing of the Com Server is an automated function dedicated to specific signaling packets. All the packets that are not in strict compliance with the Alcatel-Lucent specification are discarded. Media (voice) is encapsulated into RTP streams 18/75 Alcatel-Lucent Enterprise Communication Solutions

19 The destination of RTP streams is under the control of the Com Server and can only reach RTP compliant devices, which excludes standard PCs (with the possible exception of IP softphones). e-remote Maintenance application The e-remote Maintenance application provides network administrators with the ability to access and manipulate IPMG resources remotely. This optional feature can terminate inbound calls to the local console interface, but does not allow for any PPP/SLIP type of remote access. Primary IPMG Functions: In addition to the above, it is important to remember the primary functions performed by IPMG: IP Media Gateways can host Public and Private TDM trunking interfaces (e.g. PRA boards) which are capable of only processing signaling protocols (ISDN, QSIG, etc.) and transferring Voice streams to and from the TDM backplanes of the IPMG. IP Media Gateways can host VoIP interface/resource boards that are solely able to process signaling protocols (H323, H245, H225, SIP, RAS, etc.) and transfer Voice streams to and from the LAN. Hard barrier between TDM and IP within the IPMG The Linux micro-kernels of Alcatel-Lucent IP Media Gateway VoIP boards offer a link between the circuit-switched and packet-switched realms. This means that a hard barrier exists between the TDM and IP halves of the IPMG which only voice media and call control signaling can go through, only in the form of payload, and not as an interactive element of the communication. There is no IP routing, IP forwarding, or ICMP redirect between the TDM and IP portions of the IPMG. For security reasons, remote IP console (telnet) sessions to GD boards of IP Media Gateways are only available from the Com Server. Vulnerability advisories Security is not only a set of features in a product but also a continuous corporate process to track vulnerabilities. Alcatel-Lucent is a founding and active member of CERT-IST) and mailing lists such as Bugtraq. A Corporate-level Incident Response Team is in charge of tracking vulnerabilities issued by the CERT community The Incident Response Team also ensures that proper actions have been taken at the product-line level to analyze, evaluate impact on products, fix vulnerabilities and to keep distributors and customers informed. For example, in 2006 approximately 546 alerts were brought to our R&D for the whole group of our enterprise products. Logging and Accounting All management operations performed by an administrator are stored in a dedicated log file. This ensures traceability and accountability required by many official rules (e.g. Sarbanes-Oxley in finance business). Thanks to an external RADIUS authentication, the administrator is identified by its corporate identity that will be carried out into the log file. All logs are timed with the Network Time Protocol (NTP) service. Information in the log files can therefore be cross-matched between several systems. It is also possible to activate an on the fly transmission of the log files to an external secured server. For more information about NTP, see Network time protocol 19/75 Alcatel-Lucent Enterprise Communication Solutions

20 2.3.3 Binaries signature check Embedded in the OmniPCX Enterprise product, is a mechanism that can be used on IP Media Gateways to control the integrity of binaries received from the TFTP server at initialization. When a new binary is produced by Alcatel-Lucent for the IP Media Gateway, it is signed with a specific Alcatel-Lucent private key. When the IP Media Gateway receives its binary through TFTP, it first checks the integrity of the file with the corresponding Alcatel-Lucent public key (mechanism based on SHA1 and ECC 384 bits). If this control fails, the new binary is ignored and the IP Media Gateway starts with the previous verified binary stored in its flash memory. 2.4 Voice mail application The OmniTouch 8440 MS solution provides several security features to ensure protection of both system and user data managed by the system. The voice mail system is based on a hardened Red Hat Enterprise 5.0 Linux OS. It can be configured with the high availability feature (N+1 mode). Administrators can backup/restore system and user data. Administration is secured by a specific protocol (HTTPS). A verified authentication of users can be configured with an external authentication server (RADIUS). The OmniTouch 8440 MS solution is compatible with the IP Touch Security feature to provide encryption of user communications to voice mailboxes. Hardened password policy with: - Limit password attempts - Block mailbox on bad password tempts - Impose minimum password length - Disable outcell notification and callback sender by default 2.5 OmniVista 8770 OmniVista 8770 is designed to address specific security issues for administration applications. The architecture is based on a server/client model. The client is hosted on a PC to allow creation and modification of configuration settings. It connects to the server through secured IPSec channels Password policy enforcement Authentication of administrators and users (to access directory information for example) is required with a login and password. This is made more reliable by strictly conforming to standard security policies such as: Control on password minimum length, forbidding trivial passwords, remembering previous passwords, forcing the change of a password at first login Aging password (expiration time, minimum time, warning before expiration) Automatic blocking of a user account after several failed authentication attempts These features are available on the server of the OmniVista 8770 and are made by the Sun One directory. Password verification can also be performed with an external RADIUS server. 20/75 Alcatel-Lucent Enterprise Communication Solutions

Alcatel-Lucent Enterprise Communication Solutions 2012 Offers Standard Offer Chapter 15 Security. July 2012 - Ed.01 Ref.: 8AL020033236TCASA\15

Alcatel-Lucent Enterprise Communication Solutions 2012 Offers Standard Offer Chapter 15 Security. July 2012 - Ed.01 Ref.: 8AL020033236TCASA\15 Alcatel-Lucent Enterprise Communication Solutions 2012 Offers Standard Offer Chapter 15 Security July 2012 - Ed.01 Ref.: 8AL020033236TCASA\15 Copyright Alcatel-Lucent 2000-2012. All rights reserved. Passing

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Gigabit SSL VPN Security Router

Gigabit SSL VPN Security Router As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is the ideal to help the SMBs increase the

More information

Executive Summary and Purpose

Executive Summary and Purpose ver,1.0 Hardening and Securing Opengear Devices Copyright Opengear Inc. 2013. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on

More information

GE Measurement & Control. Cyber Security for NEI 08-09

GE Measurement & Control. Cyber Security for NEI 08-09 GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Secure Voice over IP (VoIP) Solutions

Secure Voice over IP (VoIP) Solutions APPLICATION NOTE Secure Voice over IP (VoIP) Solutions Delivering a robust, secure VoIP solution that counters both external and internal threats while providing superior quality of service Abstract This

More information

Chapter 8 Router and Network Management

Chapter 8 Router and Network Management Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

7.1. Remote Access Connection

7.1. Remote Access Connection 7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to

More information

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based

More information

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Gigi Joseph, Computer Division,BARC. Gigi@barc.gov.in Intranet Security Components Network Admission Control (NAC)

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

LifeSize Video Communications Systems Administrator Guide

LifeSize Video Communications Systems Administrator Guide LifeSize Video Communications Systems Administrator Guide November 2009 Copyright Notice 2005-2009 LifeSize Communications Inc, and its licensors. All rights reserved. LifeSize Communications has made

More information

SIP Trunking Configuration with

SIP Trunking Configuration with SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL

More information

Agenda What can we do now? And 5 years from now we will still be current!

Agenda What can we do now? And 5 years from now we will still be current! Pittsburgh Steelers Alcatel-Lucent OmniPCX Enterprise IP Telephone System Alcatel-Lucent OmniSwitch Network Infrastructure Alcatel-Lucent Collaboration and Fax Server AVST Unified Messaging Wireless Network

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification 1.1 Multipoint Control Unit (MCU) A. The MCU shall be capable of supporting (20) continuous presence HD Video Ports at 720P/30Hz resolution and (40) continuous presence ports at 480P/30Hz resolution. B.

More information

Presales Communications

Presales Communications Alcatel-Lucent OmniPCX Entreprise Security Cookbook Presales Communications IP Telephony Security Design Guide Edition 03 All Rights Reserved Alcatel-Lucent 2009 Table of Contents Preface...6 A Global

More information

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Cconducted at the Cisco facility and Miercom lab. Specific areas examined Lab Testing Summary Report July 2009 Report 090708 Product Category: Unified Communications Vendor Tested: Key findings and conclusions: Cisco Unified Communications solution uses multilayered security

More information

Introduction to Endpoint Security

Introduction to Endpoint Security Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user

More information

Acano solution. Security Considerations. August 2015 76-1026-01-E

Acano solution. Security Considerations. August 2015 76-1026-01-E Acano solution Security Considerations August 2015 76-1026-01-E Contents Contents 1 Introduction... 3 2 Acano Secure Development Lifecycle... 3 3 Acano Security Points... 4 Acano solution: Security Consideration

More information

Designing a security policy to protect your automation solution

Designing a security policy to protect your automation solution Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...

More information

NETASQ MIGRATING FROM V8 TO V9

NETASQ MIGRATING FROM V8 TO V9 UTM Firewall version 9 NETASQ MIGRATING FROM V8 TO V9 Document version: 1.1 Reference: naentno_migration-v8-to-v9 INTRODUCTION 3 Upgrading on a production site... 3 Compatibility... 3 Requirements... 4

More information

Attachment Q5. Voice over Internet Protocol (VoIP)

Attachment Q5. Voice over Internet Protocol (VoIP) DHS 4300A Sensitive Systems Handbook Attachment Q5 To Handbook v. 11.0 Voice over Internet Protocol (VoIP) Version 11.0 December 22, 2014 Protecting the Information that Secures the Homeland This page

More information

Mediatrix 4404 Step by Step Configuration Guide June 22, 2011

Mediatrix 4404 Step by Step Configuration Guide June 22, 2011 Mediatrix 4404 Step by Step Configuration Guide June 22, 2011 Proprietary 2011 Media5 Corporation Table of Contents First Steps... 3 Identifying your MAC Address... 3 Identifying your Dynamic IP Address...

More information

Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX

Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX Configuring the Edgewater 4550 for use with the Bluestone Hosted PBX NOTE: This is an advisory document to be used as an aid to resellers and IT staff looking to use the Edgewater 4550 in conjunction with

More information

Gigabit Multi-Homing VPN Security Router

Gigabit Multi-Homing VPN Security Router As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is a ideal to help the SMBs increase the broadband

More information

The Next generation Network Management solution

The Next generation Network Management solution The Next generation Network Management solution August 2012 AGENDA 1. The Problem: IT is struggling to cope 2. The Solution: Automating Unified Management 3. 8770 Application Suite Overview 4. Ordering

More information

EdgeMarc 4508T4/4508T4W Converged Networking Router

EdgeMarc 4508T4/4508T4W Converged Networking Router Introduction The EdgeMarc 4508T4W combines multiple voice and data features into a single, easy to use converged networking router. It includes models that have up to 4 T1 WAN interfaces or a single Ethernet

More information

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9 NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document

More information

Secure Networks for Process Control

Secure Networks for Process Control Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

SonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging

SonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging SonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION:

More information

NATIONAL SECURITY AGENCY Ft. George G. Meade, MD

NATIONAL SECURITY AGENCY Ft. George G. Meade, MD NATIONAL SECURITY AGENCY Ft. George G. Meade, MD Serial: I732-010R-2008 30 April 2008 Network Infrastructure Division Systems and Network Analysis Center Activating Authentication and Encryption for Cisco

More information

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by

More information

Chapter 4 Firewall Protection and Content Filtering

Chapter 4 Firewall Protection and Content Filtering Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to protect your network.

More information

SIP Security Controllers. Product Overview

SIP Security Controllers. Product Overview SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running

More information

Firewalls. Ahmad Almulhem March 10, 2012

Firewalls. Ahmad Almulhem March 10, 2012 Firewalls Ahmad Almulhem March 10, 2012 1 Outline Firewalls The Need for Firewalls Firewall Characteristics Types of Firewalls Firewall Basing Firewall Configurations Firewall Policies and Anomalies 2

More information

6.40A AudioCodes Mediant 800 MSBG

6.40A AudioCodes Mediant 800 MSBG AudioCodes Mediant 800 MSBG Page 1 of 66 6.40A AudioCodes Mediant 800 MSBG 1. Important Notes Check the SIP 3 rd Party Validation Website for current validation status. The SIP 3 rd party Validation Website

More information

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev.

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev. Management Software AT-S106 Web Browser User s Guide For the AT-GS950/48 Gigabit Ethernet Smart Switch Version 1.0.0 613-001339 Rev. A Copyright 2010 Allied Telesis, Inc. All rights reserved. No part of

More information

Grandstream Networks, Inc. UCM6100 Security Manual

Grandstream Networks, Inc. UCM6100 Security Manual Grandstream Networks, Inc. UCM6100 Security Manual Index Table of Contents OVERVIEW... 3 WEB UI ACCESS... 4 UCM6100 HTTP SERVER ACCESS... 4 PROTOCOL TYPE... 4 USER LOGIN... 4 LOGIN TIMEOUT... 5 TWO-LEVEL

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network 10 Key Things Your Firewall Should Do When voice joins applications and data on your network Table of Contents Making the Move to 3 10 Key Things 1 Security is More Than Physical 4 2 Priority Means Clarity

More information

About Firewall Protection

About Firewall Protection 1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote

More information

VoIP Security regarding the Open Source Software Asterisk

VoIP Security regarding the Open Source Software Asterisk Cybernetics and Information Technologies, Systems and Applications (CITSA) 2008 VoIP Security regarding the Open Source Software Asterisk Prof. Dr.-Ing. Kai-Oliver Detken Company: DECOIT GmbH URL: http://www.decoit.de

More information

Network Access Security. Lesson 10

Network Access Security. Lesson 10 Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.

More information

Load Balancing for Microsoft Office Communication Server 2007 Release 2

Load Balancing for Microsoft Office Communication Server 2007 Release 2 Load Balancing for Microsoft Office Communication Server 2007 Release 2 A Dell and F5 Networks Technical White Paper End-to-End Solutions Team Dell Product Group Enterprise Dell/F5 Partner Team F5 Networks

More information

Achieving PCI-Compliance through Cyberoam

Achieving PCI-Compliance through Cyberoam White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit

More information

Chapter 9 Monitoring System Performance

Chapter 9 Monitoring System Performance Chapter 9 Monitoring System Performance This chapter describes the full set of system monitoring features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. You can be alerted to important

More information

Chapter 4 Managing Your Network

Chapter 4 Managing Your Network Chapter 4 Managing Your Network This chapter describes how to perform network management tasks with your ADSL2+ Modem Wireless Router. Backing Up, Restoring, or Erasing Your Settings The configuration

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information

Avaya G700 Media Gateway Security - Issue 1.0

Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise

More information

RuggedCom Solutions for

RuggedCom Solutions for RuggedCom Solutions for NERC CIP Compliance Rev 20080401 Copyright RuggedCom Inc. 1 RuggedCom Solutions Hardware Ethernet Switches Routers Serial Server Media Converters Wireless Embedded Software Application

More information

Security Technology White Paper

Security Technology White Paper Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without

More information

OmniPCX Enterprise Common Criteria Security Target

OmniPCX Enterprise Common Criteria Security Target OmniPCX Enterprise Common Criteria Security Target ALCATEL-LUCENT Enterprise Product Group March 2010 Ref: 3EU_29000_0019_DEZZA_03 Alcatel-Lucent All Rights Reserved Alcatel-Lucent 2010 Table of Content

More information

Guideline for setting up a functional VPN

Guideline for setting up a functional VPN Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the

More information

THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER

THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER How to ensure a cloud-based phone system is secure. BEFORE SELECTING A CLOUD PHONE SYSTEM, YOU SHOULD CONSIDER: DATA PROTECTION.

More information

Configuration Notes 283

Configuration Notes 283 Mediatrix 4400 Digital Gateway VoIP Trunking with a Legacy PBX June 21, 2011 Proprietary 2011 Media5 Corporation Table of Contents Table of Contents... 2 Introduction... 3 Mediatrix 4400 Digital Gateway

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

Pre Sales Communications

Pre Sales Communications Pre Sales Communications OmniVista 4760 from R4.1 & OmniPCX Enterprise R7.1 IP Protocols and Ports All rights reserved 2006, Alcatel Table of contents 1. Objectives...3 2. IP protocols...3 2.1. Global

More information

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc. Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet

More information

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2 Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3

More information

ETM System SIP Trunk Support Technical Discussion

ETM System SIP Trunk Support Technical Discussion ETM System SIP Trunk Support Technical Discussion Release 6.0 A product brief from SecureLogix Corporation Rev C SIP Trunk Support in the ETM System v6.0 Introduction Today s voice networks are rife with

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS

ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS ALCATEL-LUCENT OPENTOUCH SESSION BORDER CONTROLLER A SECURE SOLUTION FOR BORDERLESS CONVERSATIONS APPLICATION

More information

Secure Voice over IP (VoIP) Networks

Secure Voice over IP (VoIP) Networks Secure Voice over IP (VoIP) Networks How to deploy a robust, secure VoIP solution that counters both external and internal threats and, at the same time, provides top quality of service. This White Paper:

More information

Avaya TM G700 Media Gateway Security. White Paper

Avaya TM G700 Media Gateway Security. White Paper Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional

More information

To ensure you successfully install Timico VoIP for Business you must follow the steps in sequence:

To ensure you successfully install Timico VoIP for Business you must follow the steps in sequence: To ensure you successfully install Timico VoIP for Business you must follow the steps in sequence: Firewall Settings - you may need to check with your technical department Step 1 Install Hardware Step

More information

SIP Trunking with Microsoft Office Communication Server 2007 R2

SIP Trunking with Microsoft Office Communication Server 2007 R2 SIP Trunking with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper By Farrukh Noman Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY

More information

Microsoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE

Microsoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE Microsoft Office Communications Server 2007 & Coyote Point Equalizer DEPLOYMENT GUIDE Table of Contents Unified Communications Application Delivery...2 General Requirements...6 Equalizer Configuration...7

More information

Firewalls. Chapter 3

Firewalls. Chapter 3 Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border

More information

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router

More information

Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset)

Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset) Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset) Version: 1.4 Table of Contents Using Your Gigabyte Management Console... 3 Gigabyte Management Console Key Features and Functions...

More information

IP Telephony Management

IP Telephony Management IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient

More information

Copyright 2012 Trend Micro Incorporated. All rights reserved.

Copyright 2012 Trend Micro Incorporated. All rights reserved. Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,

More information

Workflow Templates Library

Workflow Templates Library Workflow s Library Table of Contents Intro... 2 Active Directory... 3 Application... 5 Cisco... 7 Database... 8 Excel Automation... 9 Files and Folders... 10 FTP Tasks... 13 Incident Management... 14 Security

More information

ProCurve Networking. Hardening ProCurve Switches. Technical White Paper

ProCurve Networking. Hardening ProCurve Switches. Technical White Paper ProCurve Networking Hardening ProCurve Switches Technical White Paper Executive Summary and Purpose... 3 Insecure Protocols and Secure Alternatives... 3 Telnet vs. Secure Shell... 3 HTTP vs. HTTPS... 3

More information

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10) APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

nexvortex SIP Trunking Implementation & Planning Guide V1.5

nexvortex SIP Trunking Implementation & Planning Guide V1.5 nexvortex SIP Trunking Implementation & Planning Guide V1.5 510 S PRING S TREET H ERNDON VA 20170 +1 855.639.8888 Introduction Welcome to nexvortex! This document is intended for nexvortex Customers and

More information

Lucent VPN Firewall Security in 802.11x Wireless Networks

Lucent VPN Firewall Security in 802.11x Wireless Networks Lucent VPN Firewall Security in 802.11x Wireless Networks Corporate Wireless Deployment is Increasing, But Security is a Major Concern The Lucent Security Products can Secure Your Networks This white paper

More information

Introducing Cisco Voice and Unified Communications Administration Volume 1

Introducing Cisco Voice and Unified Communications Administration Volume 1 Introducing Cisco Voice and Unified Communications Administration Volume 1 Course Introduction Overview Learner Skills and Knowledge Course Goal and Course Flow Additional Cisco Glossary of Terms Your

More information

Cisco Application Networking Manager Version 2.0

Cisco Application Networking Manager Version 2.0 Cisco Application Networking Manager Version 2.0 Cisco Application Networking Manager (ANM) software enables centralized configuration, operations, and monitoring of Cisco data center networking equipment

More information

Catapult PCI Compliance

Catapult PCI Compliance Catapult PCI Compliance Table of Contents Catapult PCI Compliance...1 Table of Contents...1 Overview Catapult (PCI)...2 Support and Contact Information...2 Dealer Support...2 End User Support...2 Catapult

More information

UIP1868P User Interface Guide

UIP1868P User Interface Guide UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting

More information

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com. 2006 Cisco Systems, Inc. All rights reserved.

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com. 2006 Cisco Systems, Inc. All rights reserved. Cisco Secure ACS Overview By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com 2006 Cisco Systems, Inc. All rights reserved. 1 Cisco Secure Access Control System Policy Control and

More information

Developing Network Security Strategies

Developing Network Security Strategies NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network

More information

Network Security Fundamentals

Network Security Fundamentals APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6

More information

Lab Testing Summary Report

Lab Testing Summary Report Lab Testing Summary Report February 2007 Report 070228 Product Category: SMB IP-PBX Vendor Tested: Cisco Systems Product Tested: Cisco Unified Communications 500 Series Key findings and conclusions: Complete

More information

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4 1. APPLE AIRPORT EXTREME 1.1 Product Description The following are device specific configuration settings for the Apple Airport Extreme. Navigation through the management screens will be similar but may

More information

HP IMC Firewall Manager

HP IMC Firewall Manager HP IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW102-20120420 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this

More information

PROFESSIONAL SECURITY SYSTEMS

PROFESSIONAL SECURITY SYSTEMS PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security

More information

FROM TELEPHONY TO IP COMMUNICATIONS: A NATURAL EVOLUTION REDUCE COSTS AND IMPROVE MOBILITY WITH IP COMMUNICATIONS APPLICATION NOTE

FROM TELEPHONY TO IP COMMUNICATIONS: A NATURAL EVOLUTION REDUCE COSTS AND IMPROVE MOBILITY WITH IP COMMUNICATIONS APPLICATION NOTE FROM TELEPHONY TO COMMUNICATIONS: A NATURAL EVOLUTION REDUCE COSTS AND IMPROVE MOBILITY WITH COMMUNICATIONS APPLICATION NOTE CONTENTS INTRODUCTION / 3 INCREASE PRODUCTIVITY WITH A CONNECTED WORKSTATION

More information