BCM and Viruses 1

[mitelman]

Does anyone know if the BCM is succeptible to virus attacks since it is running on NT4? If so, what can one do about it? We had one get throug into a couple of server in our office that were running NT4 and created all kinds of havoc. The BCM is on the same network and in the last couple weeks has been extremely cranky.

Simon

 

[luv2ski]

its a server and if on a network needs the windows security patches just like all the network pc's ...have your vendor check what patches you need ...security and system patches...right now there are about 15 for 3.5 and i think atleast 1 for 3.6

ONLY 21 WEEKS TILL SKI SEASON STARTS

 

[mitelman]

I am a vendor. Also a security patch does not necessarily prevent a windows box from getting a virus.

Simon

 

[cheeses]

This kind of information is why I keep coming back to this forum.
Telus and Nortel have both told me that: They have hardened the NT kernal? so that no virus could affect it.
However this fall we had our VOIP network (M1 ITG, 4 BCM) exibit signs of virus-like activity. When we unplugged the network cables from them the problem disappeared.
Telus came out on a sevice call and "fixed the problem".
Are your BCM cranky problems related to softkey (transfer) and F986? That is what we are going through now.

 

[acewarlock]

Can you put antivirus software on the BCM just like you do on a PC??

 

[mitelman]

I don't think you can put antivirus software on it because you can't really get to the windows gui on the newer releases. I don't know who to ask at nortel because tech support there is basically useless.

Cheeses, our problems aren't with the voicemail. I tried to add some keycodes onto our demo BCM and got errors. Then I found that all the voice services are down. reboots, reinitializing didn't help, tech support wanted to know what they wanted me to do. I am going to return the box since it is still under warranty. But, these problems occurred about the same time some of our servers got hit by a virus that norton and mcafee didn't pickup even after refreshing virus patterns and running full scans. If it can get through that what could it do to a BCM on NT with NO virus protection? Also if nortel can harden the kernal to make it bulletproof, I think that microsoft would have done this awhile ago....

 

[cheeses]

Mitelman;
I always listen and smile when Telus and Nortel give me these "pat" answers that make me nervous.
It makes us pause before buying anymore VOIP product product from them.

 

[mitelman]

So I got hold of a BCM Security document from our nortel rep today after I was talking to him about this topic. I also got the "hardened the kernal" thing from him. It appears that is the way that nortel puts it in the document. BUT, there is never a definitive answer about whether it is bullet-proof, just less likely to get a virus. There is also some description on how to scan your BCM for viruses if desired. I wish I could attach the doc for you to read, but here are parts of it:

The BCM is a communications platform and a closed system that is tuned to the specific performance requirements of a converged communications server. Since no additional software is installed onto a BCM by an end user, it is protected from many common types of malware (viruses and Trojan horses) that embed themselves in the software that get installed on other open systems. The software that is shipped with the BCM has been pre-scanned for malware.

***Note the "many" bit, not all.***

4.8 Virus Scanning Software
Virus scanning software is used on the BCM software loads before they are distributed to customers. The BCM does not embed any virus-scanning software on the platform because of the performance impact these types of applications may have on the BCM’s real-time operation and the ensuing requirement for network access for frequent virus data file updates. A hardened server is well protected from viruses since the hardening measures provide a good barrier to virus infections. Proper system configuration and user practices are an effective virus defense. In order for anti-virus software to intercept and prevent a virus infection, the virus specific data files must be available and installed prior to exposure, which may not be achievable. However, if desired, it is possible to run the virus-scanning software remotely when the BCM hard drives are mounted. Refer to section 7 for further details.

***Interesting that the biggest reason is for not putting virus scanning software on the box is because of performance, not because it isn't needed.***


7 Virus Scanning on BCM
7.1 Introduction
During the design and engineering phase of the BCM, two virus checking software packages are used to verify that the product is built in a secure environment. Since the BCM is a closed system, the BCM is significantly less susceptible to on-site virus infections than an average file or applications server. Nevertheless, a virus scan can be performed on the mounted drives of the BCM if a virus has been detected within the corporate network and there is a need to verify all equipment as per business practices.
7.2 Requirements
Since the BCM is a closed, embedded system with precisely tuned performance, there are particular requirements that need to be adhered to during a virus scan. Do not install anti-virus software directly onto the BCM since doing this can adversely disrupt the integration of BCM applications and services, or cause some components to fail. Virus scans on the BCM must be performed through remotely mapped drives. Select virus scanning software capable of scanning remotely mapped drives. The common anti-virus applications from Sophos, Norton and McAfee all have this capability. In addition, a Windows NT 4.0, Windows 2000 Professional or XP client PC is required to run the software. Virus scans should be performed during off-hours; this will minimize system resource impact.
7.3 Virus Detection
If a virus is detected during a remote scan of the BCM’s hard drives, please do not attempt to remove any files yourself since this may adversely affect the operation of the BCM. Please contact your next level of support (distributor or Nortel Networks Technical Support) for assistance in dealing with the infected files.

***I like section 7.3!!! There are other parts of the doc that are pretty good too. If you want it drop me a line at
simonthetallguy at yahoo.ca

Simon

 

[aragon]

Hi Simon,

The only way to climb up the support ladder at Nortel is to send an email to the right people.
You should contact your CSM and GNTS manager.
Also all BCM software prior to 3.6 should be upgraded to are way to many patches and enhancements required prior to 3.6


David Brillert

http://www.williamsglobal.com

 

[mitelman]

Dave,

I have discovered a lot of these things in the past few days. When you take a nortel course there should be a section included called "How to play the Nortel Game". Unlike other systems that I work on the BCM can be very support intensive and proactive service on behalf of the customer. I think a lot of this is because of the closed architexture that Nortel uses with NT embedded.

So far it looks like I might have a bad MSC Card. I scanned the BCM for viruses and have none. So I have to get that fixed before I can put in my key code to upgrade to 3.6!

Simon