User's Manual

ManualsBrandsLucent Technologies ManualsserversLucent Technologies DEFINITY Enterprise Communications Server Release 8.2

421

422

423

424

425

426

427

428

429

430

Table Of Contents

===============================
MAIN MENU
MASTER INDEX
GLOSSARY
===============================
DEFINITY® ECS Release 8.2 Administration for Network Connectivity
Contents
Preface
- Purpose
- Audience
- Issue Status
- Organization
- Terminology
- How to access this book from the web
- How to order more copies
- Tell us what you think
- How to Order Books
- How to Comment on This Book
- Where to Call for Technical Support
- Trademarks
1 Networking Overview
- DEFINITY Switch Connectivity
- IP Softphones
- IP Addressing
2 H.323 Trunks
- Overview
- H.323 Trunk Administration
- Troubleshooting IP Solutions
  - H.323 Trunk Problem Solving
  - IP Softphone Problem Solving
3 C-LAN Administration
- Overview
- Configuration 1: R8r <—ppp—> R8si
- Configuration 2: R7r (+CMS) <—ethernet—> R7csi
- Configuration 3:R8si<—x.25 —> R8r Gateway <—ethernet—> R8si
- Configuration 4: R8csi <—ISDN—> R8si Gateway <—ppp—> R8csi
- Configuration 5A: R8csi <—ppp—> R8r (one C-LAN) <—ethernet—> R8si
- Configuration 5B:R8csi <—ppp—> R8r (2 C-LANs) <—ethernet—> R8si
4 Networking Example
- Overview
  - Network Diagram
  - Task Summary
- Link/Channel/TSC Map
- Network Map
- Switch-Node 1 Administration
- Switch-Node 2 Administration
- Switch-Node 3 Administration
- Switch-Node 4 Administration
- Intuity Translations for DCS AUDIX
- CMS Administration
A Screens Reference
- Networking Screens
- Other Network-Related DEFINITY Screens
- Networking Screens
- Other Networking-Related DEFINITY Screens
B Private Networking
- Contents of this Appendix
- Distributed Communications System
- ISDN Feature Plus
- QSIG
- Centralized Voice Mail Via Mode Code
- Japan TTC Q931-a Private Networking Protocols
C Security Issues
- Network Security Issues
  - Overview
D Capacities and Performance
- Capacities and Resource Requirements
- Performance
E C-LAN Installation
- Overview
- Install the C-LAN Circuit Pack
- Other Hardware Upgrades
F IP Trunk Installation and Administration
- IP Trunk Installation
- IP Trunk Administration
- Procedures for Extension Dialing Between Sites
  - Non-DCS Configuration
- DCS over IP Trunk
- IP Trunk Worksheets
G References
- Basic DEFINITY ECS documents
- Call center documents
- Application-specific documents
Glossary
- A
- B
- C
- D
- E
- F
- G
- H
- I
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- Z
Index
- A
- B
- C
- D
- E
- F
- G
- H
- I
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- Z

Network Security Issues C Security Issues

Administration for Network Connectivity

CID: 77730 555-233-504 — Issue 1 — April 2000

404

A second line of defense can be thought of as damage control — how to limit the

amount of damage that can be done if someone does gain unauthorized access to the

system? Damage control can be provided by application restrictions.

Each of these control methods is described below.

Access control —

network topology

Network topology refers to how the DEFINITY ECS network is connected to the

customer’s network.

Private network

One option to restrict access is to make sure that the DEFINITY ECS network is not

connected to any other network; that is, the DEFINITY ECS network is private. This

topology clearly solves all three access security concerns mentioned above. However,

a private network is not an option for all customers.

Private segment

Another topology is to put the DEFINITY ECS network on a private segment, behind

a router or a firewall. This approach can also solve all three concerns above by

implementing packet filtering in the router/firewall such that only legitimate traffic

can pass through.

Open network

One other topology that may be chosen is a completely open network, where

DEFINITY ECS nodes are placed on the customer network just like any other piece

of data networking equipment. An open network topology addresses none of the three

security concerns above, and other methods of access control must be used for these

installations.

Access control —

network administration

Network administration refers to how a DEFINITY ECS (specifically, the C-LAN

circuit pack) is administered in terms of dial-up PPP ports and routing information. A

carefully administered system has only dialup ports in service for DCS and adjunct

sessions that will be established at boot time. This means that normally there will not

be any ports available for a hacker to dial into. Additionally, the C-LAN circuit pack

should be administered only with routes specific to the DCS and adjunct nodes. This

ensures that anyone getting into a DEFINITY ECS can only get to other DCS or

adjunct nodes, not anywhere else on the customer network. Careful administration

will address concerns #1 and #2 above.

Note that no new access to the system access terminal (SAT), such as network-based

SAT, is introduced in Release 7. As in earlier releases of DEFINITY ECS, all port

and route administration can be done only via the SAT, and all changes are logged.

Access control —

authentication

Authentication also plays a role in providing access control to dial-up PPP ports. All

of these ports can be protected by Challenge Handshake Authentication Protocol

(CHAP). This provides an extra level of assurance that no unauthorized user will be

able to connect to a PPP port on C-LAN.