File system integrity and the fcheck tool, Certificate management, Certificate management 30 – Nortel Networks NN44470-100 User Manual
Page 30
- 30 -
MAS administration and security
Nortel Media Application Server 6.0 for AS 5300
Fundamentals
NN44470-100 01.01 Standard
Release 6.0 03 June 2008
Copyright © 2008, Nortel Networks
The default scheduled time for a scan to run is on Sundays at 4:22 AM. A
script is provided to allow the configuration of a different day and time for when
the scan is executed, or to disable automatic scanning entirely if this is
desired. Scanning the entire file system (excluding configured system
directories) takes at least 20 minutes under no load. This should be taken into
account when determining the day and time when the scanner is to be run.
Retrieving the latest virus definition files from McAfee and manually loading
them on the system is the responsibility of the onsite System Security
Administrator.
File system integrity and the fcheck tool
The file system integrity security tool allows an System Security Administrator
create a baseline of cryptographic hashes for a subset of files on the file
system. Once a baseline is created, future baselines can then be compared
against previous baselines to give the System Security Administrator an
indication of what files have changed on the system since the last time the tool
was run. Depending on which files were changed, added, or deleted since the
last baseline was taken, the System Security Administrator can determine
whether or not a security breach has occurred.
The file system integrity tool fcheck is the baselining tool used in this process,
and is included with the OS installation. The fcheck tool must be run manually
by an onsite System Security Administrator and must not be scheduled to run
automatically by the system. The System Security Administrator must
determine how frequently (weekly, for example) and under what conditions a
baseline should be taken.
The purpose of the file security integrity tool is to track files that should not
change very often. The tool allows a list of excluded directories and files to be
used.
Usage instructions and documentation are included in the default directory
location (C:\fcheck).
Certificate management
MAS 6.0 for AS 5300 uses the X.509 certificate type, that contains the public
key for a server and a signature from the certification authority (CA). A
certification authority is a trusted entity that issues, renews, and revokes
certificates.
A server uses a certificate to identify itself. A TLS or SSL connection or an
IPSec channel between two servers is established after two servers exchange
certificates and authentication is completed when the certificates are verified.