Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies BCS Products Security Handbook
Lucent Technologies BCS Products Security Handbook
Have a look at the manual Lucent Technologies BCS Products Security Handbook online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Other Products and Services Page 7-1 Call Management System (R3V4) 7 BCS Products Security Handbook 555-025-600 Issue 6 December 1997 7 7Other Products and Services This chapter contains security information for Lucent Technologies products other than PBXs and adjuncts that have become available since Issue 2 of this handbook. For information on the Lucent Technologies I NTUITY System and the PARTNER MAIL VS System, which have also become available since the last issue of the handbook, see Chapter 5. Call Management System (R3V4) Call Management System (R3V4) is an MIS system for Call Centers that provides real time and historical data about the status and performance of a customer’s call including information about agents, trunks, trunk groups, splits/skills, busy hours, forecasts, and so on. The application currently resides on personal computer platforms as an adjunct to the Lucent Technologies DEFINITY ECS and DEFINITY Communications Systems. Security could be breached if a customer adds modems to the platform for supervisor access from remote locations. If access to UNIX is allowed, and the modems and station lines from the PBX are not secured, it would be possible to make data calls to other computers via the platform. If the customer has modem access to CMS, then the possibility for toll fraud exists if a hacker can get into the switch from CMS. Security Tips The following considerations are for the CMS administrator. nWhen setting up the ports, modems should be defined in UNIX (using the FACE administration tool) for INBOUND access only.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Other Products and Services Page 7-2 Call Management System (R3V4) 7 nIf station lines are used for the modems, the COS or COR should be set to disallow outbound dialing capabilities. nSwitchhook flash and distinctive audible alert should be set to no on the station forms. nRemote users should not have access to UNIX via the CMS application. Restrict access by means of the User Permissions feature of CMS. For additional information on administering CMS, refer to the following documents: nCall Management System R3V4 Administration, 585-215-800 nCall Management System R3V2 Installation and Maintenance, 585-215-122 nCentreVu™ Call Management System Release 3 Version 4 Sun® SPARCserver™ Computers Installation and Maintenance , Issue 1, 585-215-807 nCMS R3.0 Installation and Maintenance WGS, 585-215-112 For switch restrictions, consult the applicable chapter in this guide as well as the applicable switch administration manual for the pertinent PBX. CMS Helplines If an installation problem that requires assistance arises, Lucent Technologies technicians or the customer may call the appropriate number: nCustomer Number: 1 800 344-9670 The problem will be reported, and a trouble ticket will be generated so that the problem can be escalated through the services organization. The customer will be prompted to identify the type of problem (for example, ACD, hardware, CMS R3V4, etc.). The customer will then be connected to the appropriate service organization. nTechnician Number: 1 800 248-1234 The technician should provide the TSC personnel with the customer’s name, the password for the root login ID on the Sun SPARCserver computer, the phone number of the dial-in port, and a description of the problem. If the TSC engineers cannot resolve the problem, they will escalate it to the customer support organization for Lucent Technologies. For international support, contact your Lucent Technologies representative or distributor for more information.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Other Products and Services Page 7-3 CallMaster PC 7 CallMaster PC CallMaster PC, a software application used with the DEFINITY ECS, gives Call Center agents and supervisors the ability to access and control their CallMaster or CallMaster II telephone sets through a Microsoft Windows™-compatible PC. If Call Center employees use Remote Access software such as Norton pcANYWHERE ® software or Microcom’s Carbon Copy Plus™ for Windows, or similar software that allows applications to run on their PC from a remote location, their system might be susceptible to toll fraud, as follows: An agent dials in from home, provides a password (if required), and may then use any software, including CallMaster PC, on the remote computer. If a hacker can crack the password for the remote software, he or she can access the remote computer, run the victim’s CallMaster PC on it, and set up a conference call between the hacker’s phone and another phone, at the company’s expense. Security Tips Warn customers with Remote Access software that they must administer the software’s password protection to prevent unauthorized access to the computer, and they should change the password frequently. For additional information, refer to the CALLMASTER PC User’s Guide (shipped with the unit; not available from the BCS Publication Center), and the documentation for any Remote Access software you use.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Other Products and Services Page 7-4 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System 7 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System (CRCS) The MCU has a DEFINITY ECS-based architecture. The primary component of the MCU is the Multimedia Server Module (MSM), which is similar to the most basic version of the DEFINITY ECS Processor Port Network (PPN). MSM security concerns are similar to those for the DEFINITY ECS (including, for example, trunking, COR, and COS). Therefore, refer to the appropriate sections in this document regarding the DEFINITY ECS for more information on MSM security. The MCU system includes two possible adjuncts: the Expansion Services Module (ESM) and the Conference Reservation and Control System (CRCS). The ESM is a data conferencing module that communicates with the MSM. The ESM does not provide network access and is therefore not a source of toll fraud; however, the ESM requires proper password management on the part of system administrators and users to preserve the functionality of the ESM. CRCS is the automated conference reservation and control system for the MCU product. CRCS is in part an extension of the DEFINITY SAT; therefore, once CRCS is installed, CRCS server and client logins should be set with passwords immediately. Also, ensure that CRCS is installed in a secure area or room that can be locked. PassageWay®Telephony Services for NetWare® and Windows NT® NOTE: The following information applies to PassageWay Telephony Services connected to either the DEFINITY ECS or MERLIN LEGEND driver. The PassageWay Telephony Services product provides computer/telephony integration for applications running in a Novell NetWare or a Microsoft Windows NT Local Area Network (LAN) environment. These applications may be able to control phones on a PBX, monitor phones, monitor calls passing through ACD splits and VDNs, and invoke PBX features on behalf of station set users. Different switches provide different capabilities to applications. The major components of the PassageWay Telephony Services product are as follows: nPBX driver: Interfaces the other product components in this list to a specific vendors PBX
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Other Products and Services Page 7-5 PassageWay®Telephony Services for NetWare® and Windows NT® 7 nTelephony Server Main Module (TSERVER NLM: for NetWare or TSERV.EXE: for Windows NT): Enforces license restrictions, provides a security database to manage user permissions, and provides connectivity between client applications and PBX drivers nAdministration Application: Administers the Security Database, a Windows PC application that runs on a LAN client PC. nTelephony Services API (TSAPI): Provides a programming interface for applications. Client libraries make the programming interface available in application environments, which may include Windows 3.1 and 3.11, Windows for Workgroups, Win 95, Windows NT, OS/2 ®, HP-UX, Macintosh, Unixware, and Netware. The PassageWay Telephony Services product may be vulnerable to toll fraud if the Telephony Server is not configured and administered properly. For example, even if the switch provides restrictions, the PassageWay Telephony Server administration may allow an end user to monitor and control phones other than their own. Security Tips The following tips are for the PassageWay Telephony Server administrator. nWhen the product is installed, do the following: For Netware only: nUse the NetWare Administrator feature (NetWare 4.10 and 4.11) or SYSCON utility (NetWare 3.12) to set the appropriate login and password restrictions (for example, require users to have passwords with a minimum length of 7 characters, enable password aging, and so forth). nUse the NetWare Administrator feature (NetWare 4.10 and 4.11) or SYSCON utility (NetWare 3.12) to enable the Intruder Detection feature and to lock accounts after several invalid login attempts have been made. nEnable the “Restrict users to Home Worktop” feature. For Windows NT only: nDisable the “Extended Worktop Access” feature. nTake full advantage of Windows NT user manager administration, including password options. nTake full advantage of Windows NT event log (for example, for monitoring failed login attempts). nEducate administrative personnel about the capabilities of the PassageWay Telephony Server. Administrators must understand that the programming interface provides “third party control” capabilities. These capabilities allow an end user application to monitor and control phones
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Other Products and Services Page 7-6 PassageWay®Telephony Services for NetWare® and Windows NT® 7 other than the users to the extent that the PassageWay Telephony Servers Security database will permit. Therefore, administrators must be familiar with the procedures in the PassageWay® Telephony Services: NetWare Managers Guide and in the PassageWay® Telephony Services for Windows NT® Network Manager’s Guide that regulate what features a user may request and the phones and other devices for which a user may request a feature. nThere is little need for a “Device Group” that contains all devices, except perhaps for tracking, billing, or a similar application. The presence of such groups may be an indicator of unauthorized control, monitoring, or other security problem. Limit the use of these groups to those who need them. nSimilarly, minimize the use of the “exception list” feature in defining Device Groups. An exception list gives permission to operate on all devices except those explicitly named; therefore, an exception list is often a large Device Group and has the same vulnerabilities as a Device Group containing all devices. nPassageWay Telephony Server administrators should be aware of switch Class of Service (COS) and Class of Restriction (COR) assignments and should not define Device Groups that allow applications to use Third party call control to originate from an unrestricted phone and then transfer the call to a restricted phone. Such programs might also act as agents for setting up trunk to trunk calls (where permitted by the PBX) from phones other than the requesting user’s phone. nSince a user with PassageWay Telephony Server administration privileges can open an administrative door to toll fraud just as a DEFINITY ECS or MERLIN LEGEND administrator can, protect administrative privileges for the PassageWay Telephony Server as closely as switch administrative restrictions. nPassageWay Telephony Server Administration permissions should be given only to a small number of trusted users since a user with administration privileges may grant other users full administration privileges. Only give users the privileges they need. nAny PBX used in a development environment should not be connected to the public network (or networked with general use PBXs) since development environments may be informal, minimally protected environments. nExercise caution when using pcANYWHERE. PassageWay Telephony Services technical staff use this tool to diagnose and maintain their products on the customer premises. Simply having pcANYWHERE installed on a PC does not pose a security risk; it must be up and running and administered to receive calls. In addition, pcANYWHERE offers a number of security features. General tips for protecting the PassageWay product at the customer site when pcANYWHERE is used include the following: — Only run pcANYWHERE as necessary
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Other Products and Services Page 7-7 PassageWay®Telephony Services for NetWare® and Windows NT® 7 — Do not publish the phone number for the modem. — Use the return call option with Lucent phone number. (Do not set up pcANYWHERE without the callback option.) — For added security, unplug the phone jack from the modem when pcANYWHERE is not in use. — Change your password after services leaves and after remote access. — Configure the following security options: nRequire login names for callers nMake passwords case sensitive nLog all failed connection attempts nSet a maximum number of login attempts per call nAllow time to enter the complete login nDisconnect if inactive — Configure pcANYWHERE to log remote control and on-line sessions. (Set the “Save Session Statistics in Activity Log File” checkbox in the “Other Session Parameters” group box.) nPassageWay Telephony Services communicates with the DEFINITY Enterprise Communications Server (ECS) through the DEFINITY ECS LAN Gateway. Security Features are not provided in this system component. For example, there is no encryption or password to prevent unauthorized use of the Ethernet link into the PBX. The following are recommendations: — Customers are warned that the DEFINITY ECS LAN Gateway link is not intended for wide area networking. It is recommended that customers not configure a LAN in such a way as to use the DEFINITY ECS LAN Gateway link for local or wide area data networking. — Customers should provide a separate, secure link between their PBXs and PassageWay Telephony Server(s). This presupposes a separate network adapter and hub used only for the DEFINITY ECS LAN Gateway interface. In the Tserver, there should be no routing between the Network Interface Card (NIC) used for the DEFINITY LAN Gateway and the NIC used for client access. (This does not mean to imply, however, that all Telephony Server clients have to be on the same LAN.) For NetWare, if TCP/IP support is provided on a separate LAN, keep this support isolated from the DEFINITY ECS LAN Gateway. For Windows NT, configure the NT machine for a secure DEFINITY ECS LAN Gateway connection. Refer to Chapter 2 in the PassageWay® Telephony Services for Windows NT® DEFINITY Enterprise Communications Server Network Managers Guide .
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Other Products and Services Page 7-8 TransTalk 9000 Digital Wireless System 7 nThe PassageWay Telephony Server is only as secure as the underlying system, either NetWare or Windows NT. Observe the security requirements of your operating system. In addition, for Windows NT, it is recommended that the following be used: nMultiple level administration permissions to control which administrators are allowed to pass on administration permission. See Chapter 3 in the PassageWay Telephony Services for Windows NT Network Managers Guide . nSecure version of Windows NT with NTFS (NT File System). For additional security information on Windows NT, consult a reference book such as Inside Windows NT by Helen Custer or Windows NT Resource Guide by Microsoft Press. TransTalk 9000 Digital Wireless System The TransTalk 9000 Digital Wireless System is a flexible wireless adjunct for use with the DEFINITY ECS, DEFINITY Communications Systems, MERLIN LEGEND, PARTNER II, PARTNER Plus, System 25, System 75, and System 85 Communications Systems, as well as the MERLIN MAIL Voice Messaging System. It provides employees up to 500 feet of mobility from the radio base station, allowing them to make and answer calls when they are away from their desk. From a security standpoint, the handset for the TransTalk 9000 Digital Wireless System, the MDW 9000, has the same vulnerabilities as any desk set. If calling restrictions are required for the user or location where the handset is placed, the handset must be restricted at the switch. In addition, since the MDW 9000 allows freedom of movement, the potential for employee abuse may be increased with this product. For example, employees could move to secluded areas, where they would not be seen or overheard, and make personal calls. For this reason, if restrictions are required, you should restrict the station ports in the same way as you would a desk set. Security Tips nEducate customers about the possibility of employee abuse. Make sure they understand the potential risks. nIf your business needs warrant a number of MDW 9000 sets, make sure you understand each employee’s calling needs. For instance, if your business does not require that employees make outgoing business calls, restrict the MDW handset(s) to internal or local calls. Refer to the applicable section of this guide for information on switch restrictions to utilize with the TransTalk 9000 Digital Wireless System.
Call Routing Page A-1 Call Routing A BCS Products Security Handbook 555-025-600 Issue 6 December 1997 A ACall Routing Call Routing The following is the basic call flow through the DEFINITY ECS, DEFINITY G1 and G3, or System 75: Endpoint signals switch to start call. If originating endpoint is a station, the request for service is an off-hook. If originating endpoint is a trunk, the request for service is seizure signal (wink start, off-hook, ground start). The switch signals endpoint to start dialing. If the endpoint is a station, dial tone is played for the caller. If the endpoint is a trunk, a start dial signal (wink dial tone, etc.) is sent to the originating end. The digit string is dialed. The first digit dialed is compared to dial plan record. The type of call is identified depending on the dialed digit. The calls can be to an extension number, trunk access code, attendant, or feature access code. The number of digits needed is known after the first digit is dialed.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Call Routing Page A-2 Call Routing A Example: User dials . Call is routed to an attendant because zero is defined as an attendant call requiring one digit. Example: User dials . Digit two is defined as a 4-digit extension code on the dial plan form. Three more digits are required to place the call. The three additional digits are dialed. The four digits dialed determine the destination called. The system checks the calling permissions of the originator’s COR to see if the COR of the originator is allowed to call the COR of the destination dialed. If the COR of the originator is set to y for the COR of the destination, the call will complete. If the COR of the originator is set to n for the COR of the destination, the intercept tone is returned to the caller. Example: User dials . Digit nine is defined as feature access code for ARS. More digits will follow. As the digits are dialed they are checked against the ARS analysis table until a unique match is found. When the singular match is found, a check is made to see if a route pattern is identified. If a route pattern is not identified, the call is routed to intercept. If a route pattern is identified, the call is routed to that pattern. When the call reaches the route, the trunk group identified as the first choice is checked for an available member. If a member is not available, the next choice in the pattern is checked for an available member. When an available member is found, the FRL of the originating endpoint is checked against the FRL of the choice selected. If the FRL of the endpoint is greater than or equal to the FRL on the choice, the call completes. If the FRL is less than all the choices in the route pattern, intercept is returned to the caller. 0 2 9