Home > Lucent Technologies > Communications System > Lucent Technologies BCS Products Security Handbook

Lucent Technologies BCS Products Security Handbook

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Lucent Technologies BCS Products Security Handbook. The Lucent Technologies manuals for Communications System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 31

    Page 31 Security Risks Page 2-1 Overview 2 BCS Products Security Handbook 555-025-600 Issue 6 December 1997 2 2Security Risks Overview In order for your system to be secure against toll fraud, you need to address access, egress, and system administration. This handbook addresses those concerns. In addition, the risk of PBX-based toll fraud increases when any of the following products and features are used: nRemote Access nAutomated Attendant nOther port security risks nVoice Messaging nAdministration and... 
    Security Risks 
Page 2-1 Overview 
2
BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
2
2Security Risks
Overview
In order for your system to be secure against toll fraud, you need to address 
access, egress, and system administration. This handbook addresses those 
concerns. In addition, the risk of PBX-based toll fraud increases when any of the 
following products and features are used:
nRemote Access
nAutomated Attendant
nOther port security risks
nVoice Messaging
nAdministration and...

    Page 32

    Page 32 BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-2 Remote Access 2 Remote Access Remote Access, or Direct Inward System Access (DISA), permits callers from the public network to access a customer premises equipment-based system to use its features and services. Callers dial into the system using CO, FX, DID, or 800 service trunks. After accessing the feature, the user hears system dial tone, and, for system security, may be required to dial a barrier code,... 
    BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-2 Remote Access 
2
Remote Access
Remote Access, or Direct Inward System Access (DISA), permits callers from the 
public network to access a customer premises equipment-based system to use its 
features and services. Callers dial into the system using CO, FX, DID, or 800 
service trunks.
After accessing the feature, the user hears system dial tone, and, for system 
security, may be required to dial a barrier code,...

    Page 33

    Page 33 BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-3 Automated Attendant 2 Automated Attendant Automated attendant systems direct calls to pre-designated stations by offering callers a menu of available options. Automated attendant devices are connected to a port on the main system and provide the necessary signaling to the switch when a call is being transferred. When hackers connect to an automated attendant system, they try to find a menu choice (even one... 
    BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-3 Automated Attendant 
2
Automated Attendant
Automated attendant systems direct calls to pre-designated stations by offering 
callers a menu of available options. Automated attendant devices are connected 
to a port on the main system and provide the necessary signaling to the switch 
when a call is being transferred. When hackers connect to an automated 
attendant system, they try to find a menu choice (even one...

    Page 34

    Page 34 BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-4 Voice Messaging Systems 2 Voice Messaging Systems Voice messaging systems provide a variety of voice messaging applications; operating similarly to an electronic answering machine. Callers can leave messages for employees (subscribers) who have voice mailboxes assigned to them. Subscribers can play, forward, save, repeat, and delete the messages in their mailboxes. Many voice messaging systems allow callers... 
    BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-4 Voice Messaging Systems 
2
Voice Messaging Systems
Voice messaging systems provide a variety of voice messaging applications; 
operating similarly to an electronic answering machine. Callers can leave 
messages for employees (subscribers) who have voice mailboxes assigned to 
them. Subscribers can play, forward, save, repeat, and delete the messages in 
their mailboxes. Many voice messaging systems allow callers...

    Page 35

    Page 35 BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-5 Administration / Maintenance Access 2 The following is a list of customer logins for systems in this handbook that provide login capabilities. For information on password parameters, see the applicable system chapter. For information on how to change passwords, see Appendix E. nAUDIX Voice Mail System: cust nAUDIX Voice Power System: audix (or is on the Integrated Solution-equipped system) nDEFINITY AUDIX... 
    BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-5 Administration / Maintenance Access 
2
The following is a list of customer logins for systems in this handbook that provide 
login capabilities. For information on password parameters, see the applicable 
system chapter. For information on how to change passwords, see Appendix E.
nAUDIX Voice Mail System: cust
nAUDIX Voice Power System: audix (or is on the Integrated 
Solution-equipped system)
nDEFINITY AUDIX...

    Page 36

    Page 36 BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-6 Administration / Maintenance Access 2 Increasing Adjunct Access Security Since system adjuncts can be used to log in to otherwise “protected” systems, you also should secure access to the following products: nG3 Management Applications (G3-MA) nCSM (Centralized System Management) nCMS (Call Management System) nManager III/IV nTrouble Tracker nVMAAP Logins and passwords should be changed and managed in the same... 
    BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-6 Administration / Maintenance Access 
2
Increasing Adjunct Access Security
Since system adjuncts can be used to log in to otherwise “protected” systems, you 
also should secure access to the following products:
nG3 Management Applications (G3-MA)
nCSM (Centralized System Management)
nCMS (Call Management System)
nManager III/IV
nTrouble Tracker
nVMAAP
Logins and passwords should be changed and managed in the same...

    Page 37

    Page 37 BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-7 General Security Measures 2 example, if voice mail extensions have a COR of 9, and extensions assigned to NETCON channels have a COR of 2, ensure that COR 9 does not have access to COR 2. Anyone not authorized to use the NETCON channel should not be able to access it. NOTE: To determine how the NETCON channels have been assigned, use the list data module command. The output from this command identifies the... 
    BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-7 General Security Measures 
2
example, if voice mail extensions have a COR of 9, and extensions assigned to 
NETCON channels have a COR of 2, ensure that COR 9 does not have access to 
COR 2. Anyone not authorized to use the NETCON channel should not be able to 
access it.
NOTE:
To determine how the NETCON channels have been assigned, use the list 
data module command. The output from this command identifies the...

    Page 38

    Page 38 BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-8 General Security Measures 2 nAttendants should tell their system manager if they answer a series of calls where there is silence on the other end or the caller hangs up. nUsers who are assigned voice mailboxes should frequently change personal passwords and should not choose obvious passwords (see ‘‘ Choosing Passwords’’ on page 2-5). nAdvise users with special telephone privileges (such as Remote Access,... 
    BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-8 General Security Measures 
2
nAttendants should tell their system manager if they answer a series of calls 
where there is silence on the other end or the caller hangs up.
nUsers who are assigned voice mailboxes should frequently change 
personal passwords and should not choose obvious passwords (see 
‘‘
Choosing Passwords’’ on page 2-5).
nAdvise users with special telephone privileges (such as Remote Access,...

    Page 39

    Page 39 BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-9 Security Goals Tables 2 — If the terminated employee had access to the system administration interface, their login ID should be removed (G3V3 or later). Any associated passwords should be changed immediately. nBack up system files regularly to ensure a timely recovery should it be required. Schedule regular, off-site backups. Physical Security You should always limit access to the system console and... 
    BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-9 Security Goals Tables 
2
— If the terminated employee had access to the system administration 
interface, their login ID should be removed (G3V3 or later). Any 
associated passwords should be changed immediately.
nBack up system files regularly to ensure a timely recovery should it be 
required. Schedule regular, off-site backups.
Physical Security
You should always limit access to the system console and...

    Page 40

    Page 40 BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-10 Security Goals Tables 2 Table 2-1. Security Goals: DEFINITY ECS, DEFINITY Communications Systems, System 75 and System 85 Security Goal Method Security Tool Steps Protect Remote Access featureLimit access to authorized usersBarrier codes Set to maximum length Set COR/COS Authorization codesSet to maximum length Set FRL on COR Use VDNs to route callsCall Vectoring (G2 and G3 only)Administer Call... 
    BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-10 Security Goals Tables 
2
Table 2-1. Security Goals: DEFINITY ECS, DEFINITY Communications 
Systems, System 75 and System 85
Security Goal Method Security Tool Steps
Protect Remote 
Access featureLimit access to 
authorized usersBarrier codes Set to maximum 
length 
Set COR/COS
Authorization 
codesSet to maximum 
length 
Set FRL on COR
Use VDNs to route 
callsCall Vectoring (G2 
and G3 only)Administer Call...
    Start reading Lucent Technologies BCS Products Security Handbook

    Related Manuals for Lucent Technologies BCS Products Security Handbook

    All Lucent Technologies manuals