Remote desktop protocol, Remote desktop protocol 28 – Nortel Networks NN44470-100 User Manual
Page 28
- 28 -
MAS administration and security
Nortel Media Application Server 6.0 for AS 5300
Fundamentals
NN44470-100 01.01 Standard
Release 6.0 03 June 2008
Copyright © 2008, Nortel Networks
Application Administrator (AA)
The Application Administrator (AA) performs administrative functions that
relate to the operation of applications on the MAS system, and can perform all
operations within the MAS Console. The Application Administrator can install
MAS software patches, but cannot access Event Viewer Security Logs.
Logon banners
A logon banner is a message screen that is displayed to users before a logon
to the system is attempted.
The logon banner does the following:
•
informs users that they are logging onto a secure and private system, and
warns unauthorized users that unless they are authorized they should not
proceed.
•
warns both authorized and unauthorized users that they are subject to
monitoring to detect unauthorized use.
A logon banner can be displayed to users before the login screen for the MAS
platform is displayed. Using a logon banner is optional. The banner title and
text values can be configured to display information for the system. The logon
banner is configured with default values when system is installed. After
installation, the customer is responsible for modifying the logon banner
settings if the default banner is not sufficient for their system.
Remote Desktop Protocol
Existing administrative access to the MAS is accomplished using the
Microsoft Remote Desktop Connection Client. This client is based on the
Remote Desktop Protocol (RDP) that provides for separate virtual channels.
IPSEC policy (with preshared key) is used to secure RDP. The RDP feature
for MAS 6.0 for AS 5300 continues to leverage IPSEC policy, however
replaces the preshared key with a TLS certificate (PKCS-12 format).
The following requirements apply to the MAS 6.0 for AS 5300 release:
•
Management access control is restricted to a limited number of
authorized IP addresses. The number of IP addresses must be equal to
or less than the number of network administrators. A valid username and
password is required for access to the MAS.
•
A timeout feature, set to 15 minutes, is used to disconnect idle
connections.
•
Management ports that receive three consecutive failed logon attempts
are unavailable for at least 60 seconds (port 3389 for RDP).
•
Network connected management ports drop a connection or session that
is interrupted for any reason within 15 seconds.