Manualshelf

Instruction manual

ManualsBrandsBetter Music Builder ManualsMicrophones and systemsVM-82U G3
41424344454647484950
Administration and management
Issue 9 May 2003
3-3
Although Avaya appreciates the benefits of installing software that conforms to a
company’s security policy, we strongly recommend that no additional software be
loaded onto the Avaya telephony server that could potentially disrupt the
performance or operation of the server. The addition of third-party software could
even provide for an opportunity compromise that was not previously present.
Administration and management
Companies can be provided administrative accounts to administer and manage
the assignment of extensions and their class of service for the telephony system.
Practices regarding administrative accounts of any mission-critical or proprietary
enterprise system should similarly be pursued with respect the to the telephony
server.
The number of accounts should be minimized. Passwords should be changed
frequently. Accounts that are created should be assigned the lowest level of
privileges necessary to accomplish their task. With respect to user accounts and
extensions, all extensions should be reduced to the lowest level of service
whenever an extension is not assigned to an employee or when an employee is
suspected of toll fraud or leaves the company.
Software patches and upgrades
Avaya implements practices and procedures to ensure the products that are
delivered are well designed and tested for quality. However, vulnerabilities may be
discovered in software design or implementation that would represent an
increased risk of compromise of the server. The best defense against these
discovered vulnerabilities, and the best way to keep them from impacting the
enterprise, is a proactive effort of education and currency of software.
Work with your Avaya representatives to understand the software that resides on
your system. Stay abreast of advisories relative to the technologies that were
used in the development of the telephony server. Work with your Avaya support
organization to ensure that they have the ability to keep your server current with
all upgrades and patches that are offered by Avaya.
These recommendations should be considered as good practice for minimizing
the risk of compromise. They should be followed but they are not the only
practices that should be considered because each company’s network represents
different challenges and different needs. You should constantly review the security
practices your company pursues to minimize the opportunities of compromise. In
addition, you should stay abreast of current practices in the computer industry for
maintaining or improving security.