Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies BCS Products Security Handbook
Lucent Technologies BCS Products Security Handbook
Have a look at the manual Lucent Technologies BCS Products Security Handbook online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Automated Attendant Page 6-13 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 6 Traffic Reports Both the AUDIX Voice Mail System and the AUDIX Voice Power System track traffic data over various timespans. Reviewing these reports on a regular basis helps to establish traffic trends. If increased activity or unusual usage patterns occur, they can be investigated immediately. Beginning with AUDIX Voice Mail System R1V2, the AUDIX Data Acquisition Package (ADAP) uses a PC to provide extended storage and analysis capabilities for the traffic data. Call Detail Recording For AUDIX Voice Mail System R1V5 and later, this optional feature provides a detailed view of the activity associated with each voice mail session, outgoing calls, and system-wide activity. Voice Session Record A voice session begins whenever a caller attempts to log into the AUDIX Voice Mail System, is redirected to the AUDIX Voice Mail System for call answering, enters or , transfers from one automated attendant to another automated attendant (nested), or is transferred by the Enhanced Automated Attendant feature. The record reveals the routing of the call, including the caller (if internal), recipient, port, community, mail IDs (corresponds to the AUDIX Voice Mail System subscriber’s extension number input during a login or as input by the calling party), the time and duration of the call, the type of session (voice mail, call answer, guest password, or automated attendant), the message activity, and number of login attempts. Also reported is the session termination method. Each possible termination method is assigned a value as shown in Table 6-3 . This information can be downloaded to a PC using ADAP to be available on demand or at scheduled intervals. *R**R
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Automated Attendant Page 6-14 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 6 Outgoing Voice Call Detail Record An outgoing call record is also created for every outbound call that is originated by the AUDIX Voice Mail System via a voice port. This includes call transfers, outcalling, and message waiting activation and/or deactivation via access codes. A record is also created for call attempts for the Message Delivery feature. The outgoing voice call detail record supplies the date the call was placed, the time, the AUDIX Voice Mail System port number used for the call, the duration of the call, the voice mailbox id, the number dialed, and the call type. These values are shown in Table 6-4 . Table 6-3. AUDIX Voice Mail System Session Termination Values VALUEREASON FOR SESSION TERMINATION 01 Caller transferred out of the AUDIX Voice Mail System 02 Caller disconnected established call 03 Caller abandoned call before the AUDIX Voice Mail System answered 04 Caller entered 05 Caller entered from Call Answer 06 Caller entered from voice mail 07 The AUDIX Voice Mail System terminated the call due to a system problem 08 The AUDIX Voice Mail System terminated the call due to a caller problem (for example, full mailbox timeout) 09 The AUDIX Voice Mail System terminated a call originated by another AUDIX Voice Mail System 10 Transfer from an Automated Attendant to another Automated Attendant Mailbox 11 Transfer from an Automated Attendant to a Call Answer Mailbox 12 Transfer from an Automated Attendant to a Mailbox with Guest Greeting **X *R **R
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Automated Attendant Page 6-15 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 6 Unsuccessful call transfer attempts can result in multiple records being created for a single session. Review these records regularly for the following signs of hacker activity: nFailed login attempts nMultiple call transfers for a single session nNumerous outbound calls from the same voice mailbox nCalls to strange places nHeavy volume of Transfer Out of AUDIX Voice Mail System calls The AUDIX Voice Power System tracks traffic data over various timespans. Reviewing these reports on a regular basis helps to establish traffic trends. If increased activity or unusual usage patterns occur, they can be investigated immediately. Table 6-4. Outgoing Call Type Values VALUE OUTGOING CALL TYPE 10 Transfer from voice mail with or 11 Transfer from voice mail via return call 12 Transfer from call answer with , or 13 Transfer from Automated Attendant via menu selection 14 Transfer from Automated Attendant via extension specification 15 Transfer from Automated Attendant via time out 16 Transfer from Automated Attendant via 17 Transfer from Bulletin Board via , or 20 Outcalling for any message 21 Outcalling for priority message 30 Message waiting activation/deactivation 40 Call Delivery *T*0 *T*00 *T *T*00
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Automated Attendant Page 6-16 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 6 Protecting Automated Attendant on the AUDIX Voice Mail System This section discusses security measures implemented directly on the AUDIX Voice Mail System automated attendant. Disallow Outside Calls The AUDIX Voice Mail System integrated with DEFINITY ECS, DEFINITY G1, G2, and G3, System 85 R2V4, and System 75 R1V3 (Issue 2.0) and later, provide a feature called Enhanced Call Transfer that only transfers AUDIX Voice Mail System calls to valid PBX extension numbers. With Enhanced Call Transfer, when an automated attendant caller enters an extension as a menu choice, the AUDIX Voice Mail System checks the digits to see if they match the extension length before sending the digits to the switch. !CAUTION: If Trunk Access Code (TAC) calls are permitted, they may be accepted as a valid extension number. Even with Enhanced Call Transfer activated, toll hackers can choose a menu option that allows an extension number, and then enter a TAC to get an outside line. Another advantage of this feature is that when a toll hacker tries to enter an unauthorized number, the AUDIX Voice Mail System error message notifies the hacker that this automated attendant system is secure. For DEFINITY ECS and DEFINITY G1 and G3: 1. On the AUDIX Voice Mail System system:appearance form, enter y in the Call Transfer Out of AUDIX field. 2. Enter y in the Enhanced Call Transfer field. 3. Press . 4. On the AUDIX Voice Mail System maintenance:audits:fp form, tab to the Service Dispatcher field and enter x. 5. Tab to the Start field and enter x. 6. Press . 7. On the switch, use change listed-directory-numbers to add a valid extension for your attendant. For DEFINITY G2 and System 85: 1. On the AUDIX Voice Mail System system:appearance form, enter y in the Call Transfer Out of AUDIX field. 2. Enter y in the Enhanced Call Transfer field. 3. Press . Change/Run Change/Run Change/Run
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Automated Attendant Page 6-17 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 6 4. On the AUDIX Voice Mail System maintenance:audits:fp form, tab to the Service Dispatcher field and enter x. 5. Tab to the Start field and enter x. 6. Press . 7. On the switch, use PROC204 to assign a Listed Directory Number for the attendant console. After you activate Enhanced Call Transfer, test it by following the steps below: 1. Dial into your AUDIX Voice Mail System automated attendant. 2. Press the menu choice to transfer to an extension. 3. Enter an invalid extension number followed by . The failed announcement should play, followed by a prompt for another extension number. 4. Enter a valid extension number followed by . You should notice that the call transfers much faster than with Basic Call Transfer. NOTE: In order to test correctly, you must first dial outside of the system, then dial back in on the number assigned to the automated attendant. A station to station connection will not test correctly. Protecting Automated Attendant on the AUDIX Voice Power System The AUDIX Voice Power System provides automated attendant functionality. Follow all recommendations for protecting the switch in Chapter 4, as well as those for protecting the AUDIX Voice Power System for the switch in Chapter 5. In addition, make sure that automated attendant selector codes do not permit outside line selection. Protecting Automated Attendant on the CONVERSANT Voice Information System The CONVERSANT Voice Information System provides automated attendant functionality. Follow all recommendations for protecting the switch in Chapter 4, as well as those for protecting the CONVERSANT Voice Information System for the switch in Chapter 5. In addition, make sure that automated attendant selector codes do not permit outside line selection. Change/Run # #
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Automated Attendant Page 6-18 MERLIN II Communications System R3 6 Protecting Automated Attendant on the DEFINITY AUDIX System The DEFINITY AUDIX System provides automated attendant functionality. Follow all recommendations for protecting the switch in Chapter 4, as well as those for protecting the DEFINITY AUDIX System for the switch in Chapter 5. In addition, make sure that automated attendant selector codes do not permit outside line selection. Protecting Automated Attendant on the Lucent Technologies INTUITY System The Lucent Technologies INTUITY System provides automated attendant functionality. Follow all recommendations for protecting the switch in Chapter 4, as well as those for protecting the Lucent Technologies I NTUITY System for the switch in Chapter 5. In addition, make sure that automated attendant selector codes do not permit outside line selection. MERLIN II Communications System R3 MERLIN MAIL Voice Messaging System The MERLIN MAIL Voice Messaging System provides the automated attendant feature. Follow all recommendations for protecting the MERLIN MAIL Voice Messaging System in Chapter 5. In addition, make sure that automated attendant selector codes do not permit outside line selection. MERLIN Attendant To help secure MERLIN Attendant against toll fraud, do the following: nAdminister the lowest valid extension number (Lowest Extension) and the highest valid extension number (Highest Extension) for the range of valid extensions. Transfer attempts to extensions that fall outside the range will be disallowed. nAdminister the maximum number of digits in the extension to match the dial plan. nChange the default system password.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Automated Attendant Page 6-19 MERLIN LEGEND Communications System 6 MERLIN LEGEND Communications System AUDIX Voice Power System The MERLIN LEGEND Communications System supports the AUDIX Voice Power System, which provides automated attendant functionality. Follow all recommendations for protecting the MERLIN LEGEND Communications System switch in Chapter 4, as well as those for protecting the AUDIX Voice Power System for the MERLIN LEGEND Communications System in Chapter 5. In addition, make sure that automated attendant selector codes do not permit outside line selection. The AUDIX Voice Power System tracks traffic data over various timespans. Reviewing these reports on a regular basis helps to establish traffic trends. If increased activity or unusual usage patterns occur, they can be investigated immediately. MERLIN MAIL, MERLIN MAIL-ML, and MERLIN MAIL R3 Voice Messaging Systems The MERLIN MAIL, MERLIN MAIL-ML, and MERLIN MAIL R3 Voice Messaging Systems provide the automated attendant feature. Follow all recommendations for protecting these systems in Chapter 5. In addition, make sure that automated attendant selector codes do not permit outside line selection. MERLIN Attendant To help secure MERLIN Attendant against toll fraud, do the following: nAdminister the lowest valid extension number (Lowest Extension) and the highest valid extension number (Highest Extension) for the range of valid extensions. Transfer attempts to extensions that fall outside the range will be disallowed. nAdminister the maximum number of digits in the extension to match the dial plan. nChange the default system password.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Automated Attendant Page 6-20 PARTNER II Communications System 6 PARTNER II Communications System The PARTNER II Communications System supports the PARTNER MAIL System, and the PARTNER MAIL VS System. PARTNER MAIL and PARTNER MAIL VS Systems The PARTNER MAIL and PARTNER MAIL VS Systems provide the automated attendant feature. Follow all recommendations for protecting these systems in Chapter 5. PARTNER Attendant To help secure PARTNER Attendant against toll fraud, do the following: nAdminister the lowest valid extension number (Lowest Extension) and the highest valid extension number (Highest Extension) for the range of valid extensions. Transfer attempts to extensions that fall outside the range will be disallowed. nAdminister the maximum number of digits in the extension to match the dial plan. nChange the default system password. PARTNER Plus Communications System The PARTNER Plus Communications System R3.1 and later releases, supports the PARTNER MAIL System, and the PARTNER MAIL VS System. PARTNER MAIL and PARTNER MAIL VS Systems The PARTNER MAIL and PARTNER MAIL VS Systems provide the automated attendant feature. Follow all recommendations for protecting these systems in Chapter 5. PARTNER Attendant To help secure PARTNER Attendant against toll fraud, do the following: nAdminister the lowest valid extension number (Lowest Extension) and the highest valid extension number (Highest Extension) for the range of valid extensions. Transfer attempts to extensions that fall outside the range will be disallowed.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Automated Attendant Page 6-21 System 25 6 nAdminister the maximum number of digits in the extension to match the dial plan. nChange the default system password. System 25 AUDIX Voice Power System System 25 supports the AUDIX Voice Power System, which provides automated attendant functionality. Follow all recommendations for protecting the System 25 switch in Chapter 4, as well as those for protecting the AUDIX Voice Power System for System 25 in Chapter 5. In addition, make sure that automated attendant selector codes do not permit outside line selection. The AUDIX Voice Power System tracks traffic data over various timespans. Reviewing these reports on a regular basis helps to establish traffic trends. If increased activity or unusual usage patterns occur, they can be investigated immediately.