Avaya 555-245-600 사용자 설명서
Avaya Communication Manager and Servers
Issue 6 January 2008
233
Data encryption
Attacks against a system are not limited to attempts to find holes in the access structure. Avaya
servers store backup copies of critical configuration information, including authentication and
account information, on external systems. If this information is stored in clear text, and the file
server on which it is stored is compromised, the servers also can be compromised. S8700 and
S8300 servers can encrypt all backup data, and thus make use of the data impossible, even if
access to it is possible. The user is responsible for remembering the encryption key, because
Avaya cannot assist you if you forget it. Avaya also cryptographically signs all new software or
firmware media to prevent malicious modification in transit. If the system detects a modification,
the installation is aborted.
servers store backup copies of critical configuration information, including authentication and
account information, on external systems. If this information is stored in clear text, and the file
server on which it is stored is compromised, the servers also can be compromised. S8700 and
S8300 servers can encrypt all backup data, and thus make use of the data impossible, even if
access to it is possible. The user is responsible for remembering the encryption key, because
Avaya cannot assist you if you forget it. Avaya also cryptographically signs all new software or
firmware media to prevent malicious modification in transit. If the system detects a modification,
the installation is aborted.
LAN isolation configurations
S8700 with Avaya MCC1 or
SCC1 Media Gateways
SCC1 Media Gateways
An Avaya S8700-series Server contains multiple Ethernet Network Interfaces (NICs):
●
Each Avaya S8700-series Server with Avaya MCC1 or SCC1 Media Gateway has five
Ethernet interfaces (NICs), each dedicated to these specific functions:
Ethernet interfaces (NICs), each dedicated to these specific functions:
- The two control LANs are only used to connect between the servers and the port
networks (PNs). These two LANs must be private LANs, and carry no other traffic.
- The duplication interface is a point-to-point LAN that is only used to send information
between the two servers.
- The laptop computer interface is a point-to-point LAN that is used only for local
administration and carries no other type of traffic.
- The enterprise LAN is used for administration and time synchronization. Telephony traffic
does not use this LAN. However, in this case, it is possible to subvert this security
measure by interconnecting the enterprise LAN NIC with one of the other LANs shown.
measure by interconnecting the enterprise LAN NIC with one of the other LANs shown.
●
PNs contain additional Ethernet interfaces.
page 234 shows the different LANs that are possible on an S8700-series Server that is
configured with Avaya MCC1 or SCC1 Media Gateways along with some of the common
adjuncts. The enterprise LAN, adjunct LANs, and agent's LAN can all be connected together to
form one network. Or these LANs can be kept physically separate for either traffic reasons or
security reasons.
configured with Avaya MCC1 or SCC1 Media Gateways along with some of the common
adjuncts. The enterprise LAN, adjunct LANs, and agent's LAN can all be connected together to
form one network. Or these LANs can be kept physically separate for either traffic reasons or
security reasons.