Manualshelf

User's Manual

ManualsBrandsAvaya ManualsGatewayAvaya B5800 Branch Gateway Manager
71727374757677787980
Avaya Branch Gateway Manager 10.0 Page 73
15-601011 Issue 29r (Friday, November 02, 2012)B5800 Branch Gateway
Security Mode: Security Administration
10.4. Maximum Security
A maximum security scenario could be where both configuration and security settings are constrained and a full level of
logging is required: Certified individuals with the correct service user name and password can access the configuration
from specific PC installations of Branch Gateway Manager: Passwords cannot be simple, and will age: Branch Gateway
Manager can managed specific systems.
· Change all default passwords of all service users and Security Administrator
· Set the system Security Administration service security level to Secure, High.
· Set the system Configuration service security level to Secure, High.
· Set the system service user Password Reject Action to Log and Disable Account.
· Set the system Client Certificate Checks level to High.
· Set the system Minimum Password Complexity to High.
· Set the system Minimum Password Length to >8.
· Set the system Previous Password Limit to non zero (>5).
· Set the system Password Change Period to non zero.
· Set the system Account Idle Time to non zero.
· Set the system Session ID Cache to zero.
· Install valid, 1024 bits+, non self signed certificates (+private key) in all Avaya Branch Gateway server
certificates, derived from a trusted certificate authority.
· Install the corresponding trusted CA certificate in each of the Branch Gateway Manager’s windows certificate
stores.
· Install valid, 1024 bits+, non self signed certificate (+ private key) in all Branch Gateway Manager Certificate
Stores.
· Install the corresponding certificates in all the system Certificate Stores of all permissible Branch Gateway
Manager entities, and the trusted CA certificate.
· Disable all the system Unsecured Interfaces.
· Set Branch Gateway Manager Certificate Checks level to high in Branch Gateway Manager Security Preferences.
· Set Certificate offered to the system in Branch Gateway Manager Security Preferences.
The above essentially locks the systems and corresponding Branch Gateway Managers together. Only recognized (by
strong certificate) entities may communicate successfully on the service interfaces. All services use strong encryption and
message authentication.
The use of intermediate CA certificates can be used to overcome the limit of 6 maximum certificates in each system
Certificate Store.