Nortel 1000 Integration Manual

Also see for 2000: Administration guide Pre-installation instructions Quick start guide Release note Using

Contents

Nortel 1000 Integration Manual Manual pdf 14 page image

Chapter 2 Security PlanningApplication Gateway Security Overview8 Application Gateway Network Integration GuideThe Application Gateway is a hardened application server and can beinstalled in any network with confidence that it introduces no additionalsecurity risks or liabilities. The Application Gateway has the followingcharacteristics:• It is not possible to determine what operating system is running on theApplication Gateway.• Is not general purpose. Only the processes that are running areexternally visible. Unnecessary services (such as login and listenerservices) and unnecessary modules are removed from the ApplicationGateway operating system.• All services interfaces are closed, providing nothing that a worm orvirus could attack. As a result, the Application Gateway is notvulnerable to worms and viruses that are compiled for traditionaloperating systems and is fully protected against worms, viruses, andother Internet attacks. In this respect, the Application Gatewayappliance is more like a closed router rather than a server.• Cannot be logged into. You cannot log into the operating system, onlythe server software, if authenticated.• Has few open ports and those ports send packets directly toApplication Gateway processes. Uses only published interfaces to IPtelephones and systems. Port requirements are detailed in thePre-Installation Checklist.• Can be fully configured only over an SSL channel that requiresauthentication. Minimal configuration is available through a serialport. Installation requires physical access to the device.• Has cryptographically secure licensing.• Supports 196-bit TLS SSL encryption, as well as lower and higher bitvalues defined in your certificate. You might prefer to lower theencryption if performance is more important than security.• Provides SSL sessions, with support for HTTPS, IMAPS, POPS, andSSMTP. SSL support enables deployment of the ApplicationGatewaybehind a firewall in order to provide a secure gateway toprotect IP telephone connections beyond the firewall. The ApplicationGateway relies on a customer-provided firewall for protection fromDenial of Service (DoS) attacks.