Security Considerations for Avaya ESS Implementation

by Thomas McDermott
Sept. 1, 2017 0 comments SANS Institute voip issues

This paper addresses the security requir ements of an enterprise PBX. The sample PBX architecture is an Avay a Enterprise Survivable Server (ESS) environment supporting an enterprise wi th multiple call centers. The primary objective is to define the environmen t, explore it, identify weaknesses and finally mitigate the weaknesses. It is not intended as a white paper on Avaya ESS or VOIP design.The primary focus of the paper is security revolving around the implementation of Avaya’s ESS solution in a corpor ation. The implementation of E SS extends the backplane of the PBX (private branch exchange) across the wide area network. It is possible to implement the extended backplane described without ESS; however without i t, the enterprise would be unrecoverable in the event of a d isaster at the main location.