Administrator's Guide
Features and technical reference
555-233-5061452 Issue 5 October 2002
Access Security Gateway
Access Security Gateway (ASG) prevents unauthorized access by requiring the
use of the ASG Key for logging into the system. The ASG Key can be:
■ a hand-held device, or
■ a software module you load on the PC you use for accessing the system.
Detailed Description
Authentication is successful only when MultiVantage and ASG communicate with
a compatible key. The challenge/response negotiation starts after establishing an
RS-232 session and you enter a valid MultiVantage login ID. The authentication
transaction consists of a challenge, issued by MultiVantage and based on the login
ID entered by you, followed by the expected response, again entered by you. The
core of this transaction is a secret key, which is information-possessed by both the
lock (ASG) and the key. Interception of either the challenge or response during
transmission does not compromise the security of the system. The relevance of the
authentication token used to perform the challenge/response is limited to the
current challenge/response exchange (session).
NOTE:
ASG does not protect login access to a Multiple Application Platform for
DEFINITY (MAPD).
The supported key consists of a hand-held encryption-generating device (ASG
Key). The key (response generator) device is pre-programmed with the
appropriate secret key to communicate with corresponding ASG protected login
IDs on MultiVantage.
The Avaya Products Security Handbook contains information about:
■ toll fraud and what you can do to prevent it.
■ methods people use to gain access to your system, how to detect toll fraud,
and what to do if you suspect that your system has been compromised.
■ security information for many Avaya products, so you can be sure that all
of your telecommunications equipment is secure.
■ security checklists for each of these products. You should go through these
with your Avaya representative for each piece of equipment you use.