This section describes the security-related considerations, features, and services for the Avaya Aura® solution and its various components. Avaya Aura® needs to be resilient to attacks that can cause service disruption, malfunction or theft of service. Avaya‘s products inherit a number of mechanisms from legacy communications systems to protect against toll fraud or the unauthorized use of communications resources. However, Unified Communications capabilities, which converge telephony services with data services on the enterprise data network, have the additional need for protections previously specific only to data networking. That is, telephony services need to be protected from security threats such as:

• Denial of Service (DoS) attacks

• Malware (viruses, worms and other malicious code)

• Theft of data

• Theft of service

To prevent security violations and attacks, Session Manager uses Avaya‘s multilayer hardening strategy:

• Secure by design

• Secure by default

• Secure communications

For more information on security design for the various Avaya Aura® components, see the following documents:

• Avaya Aura® Session Manager Security Design

• Avaya Aura® Communication Manager Security Design

• Avaya Aura® System Manager Security Design

• Avaya Aura® Messaging Security Design