Securing the CallPilot system

To ensure the security of a CallPilot system, the administrator should

• enable SMTP and Encryption options as required

• configure LDAP and IMAP services

• configure mailbox security

• maintain and apply restriction permission lists (RPLs)

• monitor suspicious activity

• ensure that CallPilot data is backed up and restored

• apply any security enhancements recommended by Nortel Networks

Security recommendations

• Treat CallPilot servers as closed systems. Customers must not install unauthorized software on any CallPilot server.

• Ensure that each CallPilot server is physically secured.

• Ensure that all CallPilot backup tapes are physically secured.

• Ensure that all passwords to Windows accounts are changed from their default values to strong values known only by the customer. This includes the 'gamroot' account used for the AR352 RAID card.

• Always run the CallPilot server with its console in a logged out state.

• Do not map remote drives onto a CallPilot server.

• Do not map a CallPilot server drive onto another server.

• Do not add additional users or shares to a CallPilot server.

• The CallPilot server should be connected inside the customer’s LAN firewall.

• Install and configure one of the authorized third party anti-virus solutions according to Nortel recommendations.
  Caution: Do not install third party anti-virus software unless it has been approved by your IT department.

• Disable the remote access modem unless needed.

For more  information see the Network Planning Guide.