A number of IP Office products run on the Linux operating system. Avaya uses the open source Linux operating system as a secure foundation for communications.
The open source foundation is beneficial because of the following reasons:
Security experts worldwide review the source code for defects or vulnerabilities.
Avaya works diligently to monitor both the enhancements and improvements created by the Linux community and to carefully review the changes before incorporating them into Avaya products.
Linux-based Avaya servers help protect against many DoS attacks such as SYN floods, ping floods, malformed packets, oversized packets, and sequence number spoofing, among others.
Avaya has modified or hardened the Linux operating system in the following ways to minimize vulnerabilities and to improve security:
Minimal installation: All unnecessary RPMs are removed. In addition to making the software file images smaller and more manageable, the operating system is more secure because attackers cannot compromise RPMs that are not present.
Least privilege: All IP Office applications run as non-root. The root SSH access is disabled.
Ports: Unnecessary IP ports closed.
Linux OS: Security-Enhanced Linux (SELinux) is enabled, which provides increase security using kernel-level mechanisms that reduce the threat of compromise and limits potential damage from malicious or flawed applications.
Firewall protection: The Linux-based products of Avaya use the IPTables firewall that protects the system against various network-based attacks.
Enhanced Access Security Gateway (EASG) support: EASG is a certificate based authentication system that replaces passwords for technical support accounts.
Drive partition protection: Processes that can write significant quantities of data to the hard drive such as the backup/restore HTTPS server and Voicemail Pro have quotas assigned to ensure disk space is not exhausted by malicious or unintentional actions.
