beautypg.com

Ipsec configuration, Security tools, Ipsec configuration 29 – Nortel Networks NN44470-100 User Manual

Page 29: Security tools 29

background image

- 29 -

MAS administration and security

Nortel Media Application Server 6.0 for AS 5300

Fundamentals

NN44470-100 01.01 Standard

Release 6.0 03 June 2008

Copyright © 2008, Nortel Networks

RDP is separated from other traffic by using a virtual local area network
(VLAN). A VLAN is added through the Broadcom Advanced Control Suite.
A virtual adapter is created for each VLAN added. The VLAN for RDP is
identified as the Management VLAN. The VLAN for all other network traffic
is identified as the Service VLAN.

The only protocol assigned to the Mgmt VLAN in this release is RDP.

Only accept RDP connections on the Mgmt VLAN

IPSEC configuration

IPSec is used to encrypt and authenticate communications between servers.
Each IPSec policy is made for both the source IP and for the destination.

There are three IPSec encryption algorithms available:

DES (56bit key)

AES (128bit key)

3DES (168bit key)

IPSec can be used to protect communications with servers outside of the
trusted system.

For detailed information about configuring IPSec, see Media Application
Server 6.0 for AS 5300 Commissioning (NN44470-301)
.

Security tools

This section details the security tools included with the MAS 6.0 for AS 5300
platform install. To preserve system security and file integrity, Nortel
recommends that the security tools are run continuously or periodically by the
onsite System Administrator to monitor potential security breaches.

Virus Protection using McAfee VirusScan Enterprise Edition 8.5

The virus protection software must be installed and configured to run
automatically on a weekly basis on every server. The McAfee VirusScan
Command Line Scanner
software is included with the OS during installation
and comes preconfigured to run a scheduled scan once per week and to scan
the entire file system (excluding configured system directories) for potential
problems due to viruses.

When a virus scan is completed, the status is reported to the system log. Any
problems found are logged as critical in the system log and full details of the
error are then placed in the security log. Any files with suspected virus
infection are moved to a configured quarantine location. It is the responsibility
of a System Security Administrator to remove these files manually.