General Guidelines

Last Updated : Apr 11, 2022 |

The recommended process for improving the security of IP Office is to; Assess the requirements, Implement changes as needed, then to monitor the system and respond in a timely manner to any detected threat.

All guidelines and steps should be followed regardless of the actual IP Office deployment.

Assess:

  • Review existing installations

  • Plan new deployments

  • Identify security risks and requirements

Implement:

  • Change security defaults

  • Remove unnecessary accounts

  • Disable unused services/interfaces

  • Enforce password policy

  • Update Identity Certificates and PKI

  • Secure users and extensions

  • Secure trunks/lines

  • Secure voice media

  • Prevent unwanted Calls

  • Secure voicemail and Avaya one-X® Portal for IP Office

  • Limit IP network exposure

  • Secure management applications & configuration data

  • Secure servers

  • Activate reporting/monitoring

  • Checks and tests

Monitor:

  • Monitor alarms and logs

  • Detect other unusual activity

  • Review Avaya Security advisories

  • Review Avaya IP Office Software updates and technical bulletins

  • Monitor telephony provider communication

  • Periodic security reassessment

Respond:

  • Investigate and react to any incident

  • Report to appropriate organizations

  • Ensure the latest software updates/service packs are installed

Related information
Securing the IP Office Platform Solution