Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies BCS Products Security Handbook
Lucent Technologies BCS Products Security Handbook
Have a look at the manual Lucent Technologies BCS Products Security Handbook online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Remote Access Example (DEFINITY ECS, DEFINITY G1, G3, and System 75) Page C-3 Permanently Disabling Remote Access C 18. Leave the Route Pattern blank for all dialed strings that you want to disallow the calls, such as international and operator calls. Any ARS/AAR calls starting with that dialed string will be blocked. 19. For all the Route Patterns assigned to ARS/AAR Partition 8, use change route-pattern to administer an appropriate FRL (1 through 7) in the FRL field. Since the FRL on the COR reserved for Remote Access is 0, the Remote Access caller will always be prompted for an authorization code for outside calls. 20. Assign authorization codes for your Remote Access users that provide the lowest possible FRL to match each user’s calling requirements. See Chapter 3 for additional security measures. Permanently Disabling Remote Access For DEFINITY ECS, DEFINITY G3, System 85 R2V4n 3.0 and later, and the “n” versions of G1 and System 75V3, as an additional step to ensure system security, the Remote Access feature can be permanently removed. Permanent removal protects against unauthorized remote access usage even if criminals break into the maintenance port. See your Account Representative for information on the “n” upgrade. To permanently disable the Remote Access feature in System 85R2V4n 3.0 and later, or G2.2 3.0 and later: nUse PROC275 WORD4 FIELD2, and change the value to 1. To permanently disable the Remote Access feature in System 75V3, G3, and the “n” versions of G1: nEnter change remote-access to display the Remote Access screen. nMake sure the Remote Access Extension field is blank. nEnter y in the Permanently Disable field. nEnter save translation. You MUST enter this command or the change will be lost if the switch is rebooted . nEnter display remote access to verify the changes. If you get an error message or you cannot display the screen, then you know it worked. The Remote Access feature is disabled after you log off from the switch. For System 85 R2V4n 3.0 and G2.23.0 and later, Remote Access can be permanently disabled. To permanently disable the Remote Access feature: nUse PROC275 WORD4 FIELD2, and change the value to 1.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Remote Access Example (DEFINITY ECS, DEFINITY G1, G3, and System 75) Page C-4 Permanently Disabling Remote Access C NOTE: Once Remote Access has been permanently disabled, only the Lucent Technologies Technical Service Center can reenable it. Charges may apply for this service.
Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-1 Administering the SVN Feature D BCS Products Security Handbook 555-025-600 Issue 6 December 1997 D DAdministering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS This appendix provides information on administering these features in the following DEFINITY ECS and DEFINITY G3. DEFINITY G3V3 and later, which includes DEFINITY ECS: nEnhanced Security Violation Notification (SVN) nBarrier code aging nCustomer logins and forced password aging DEFINITY G3V4 and later, which also includes DEFINITY ECS: nLogoff notification nCustomer login accessible through INADS remote administration port nFacility test call notification nRemote Access notification Administering the SVN Feature This section contains the following subsections: 1. Administering the login component 2. Administering the Remote Access component 3. Administering the authorization code component 4. Administering the Station Security Code component
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-2 Administering the SVN Feature D Administering the Login Component To administer system parameters for the login component of the SVN feature, do the following: 1. To access the System Parameter Security form from the command line interface, enter change system-parameters security (G3V3 and later) or change system-parameters (releases prior to G3V3). 2. Enter y in the SVN Login Violation Notification Enabled field. When this field is set to y(es), the following fields appear on the Security-Related System Parameters form: nOriginating Extension Enter an unassigned extension, local to the switch and conforming to the dial plan, for the purpose of originating and identifying SVN referral calls for login security violations. The originating extension initiates the referral call in the event of a login security violation. It also sends the appropriate alerting message or display to the referral destination. nReferral Destination Enter an extension assigned to a station or attendant console that will receive the referral call when a security violation occurs. The referral destination must be equipped with a display module unless the Announcement Extension has been assigned. For G3V3 and later, call vectoring using time of day routing allows security notification to be extended off-premises. nLogin Threshold Enter the minimum number of login attempts that will be permitted before a referral call is made. The value assigned to this field, in conjunction with the Time Interval field, determines whether a security violation has occurred. The system default is 5. nTime Interval Enter the time interval within which a login security violation must occur. The range is one minute to eight hours (0:01 to 7:59), and is entered in the form x:xx. For example, if you want the time interval to be 1 minute, enter 0:01. If you want the time interval to be seven and one-half hours, enter 7:30. The system default is 0:03. nAnnouncement Extension Enter an extension that is assigned to the login SVN announcement. The announcement must be recorded for the SVN referral call to be made. A repeating announcement is suggested, especially if the SVN referral call might go to an answering machine.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-3 Administering the SVN Feature D 3.For releases before DEFINITY G3V3, administer an “lsvn-call” button on any station/attendant console (maximum 1 per system). The SVN button location can be determined by entering the command display svn-button-location. Activation of this feature button initiates the placement of login referral calls, until the button is deactivated. 4. For DEFINITY G3V3 and later releases, which includes DEFINITY ECS, administer an “lsvn-halt” button on any station/attendant console (maximum 1 per system). The SVN button location can be determined by entering the command display svn-button-location. Activation of this button stops the placement of all login referral calls, until the button is deactivated. Enable/Disable a Login ID The Disable a Login ID Following a Security Violation field on the Login Administration form is used to set the SVN parameters for a single login. nEnter y in this field to have the SVN feature disable the specified login when a security violation is detected for that login ID. The system default isy. nEnter n in this field if you don’t want to have the SVN feature disable the specified login if a security violation is detected for that login ID. The Disable Following a Security Violation field is dynamic and will only appear on the Login Administration form when the login component of the SVN feature is enabled. To enable a login that has been disabled by a security violation, or disabled manually with the disable login command: 1. Log in to the switch using a login ID with the proper permissions. 2. Enter the command enable login . To disable a login: 1. Log in to the switch using a login ID with the proper permissions. 2. Enter the command disable login . List the Status of a Login ID To list the status of a login: 1. Log in to the switch using a login ID with the proper permissions. 2. Enter the command list login. A display indicating the status of the specified login will appear. Possible login ID statuses are: ndisabled — The login was disabled manually using the disable login command.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-4 Administering the SVN Feature D nsvn-disabled — A security violation was detected for that login and the login was disabled by the SVN feature. nactive — The login is currently logged in. ninactive — The login is not logged in. nvoid — The password associated with the login has been set to void. Administering the Remote Access Component To administer the Remote Access (barrier code) security violation parameters of the SVN feature, do the following: 1. To access the System Parameter Security form from the command line interface, enter change system-parameters security (G3V3 and later) or change system-parameters (releases prior to G3V3). 2. Enable the Remote Access component of the feature by entering y in the SVN Remote Access Violation Notification field. When this field is enabled, the following additional fields appear on the Security-Related System Parameters form: nOriginating Extension Enter an unassigned extension that is local to the switch and conforms to the dial plan, for the purpose of originating and identifying SVN referral calls for login security violations. The originating extension initiates the referral call in the event of a login security violation. It also sends the appropriate alerting message or display to the referral destination. nReferral Destination Enter an extension assigned to a station or attendant console that will receive the referral call when a security violation occurs. The referral destination must be equipped with a display module unless the Announcement Extension has been assigned. For DEFINITY G3V3 and later, including DEFINITY ECS, call vectoring using time of day routing allows security notification to be extended off-premises. nLogin Threshold Enter the minimum number of login attempts that will be permitted before a referral call is made. The value assigned to this field, in conjunction with the Time Interval field, determines whether a security violation has occurred. The system default is 5.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-5 Administering the SVN Feature D nTime Interval Enter the time interval within which a login security violation must occur. The range is one minute to eight hours (0:01 to 7:59), and is entered in the form x:xx. For example, if you want the time interval to be 1 minute, enter 0:01. If you want the time interval to be seven and one-half hours, enter 7:30. The system default is 0:03. nAnnouncement Extension Enter an extension that is assigned to the Remote Access SVN announcement. The announcement must be recorded for the SVN referral call to be made. A repeating announcement is suggested, especially if the SVN referral call might go to an answering machine. 3. To activate the Disable Following a Security Violation feature, display the Remote Access Form and enter y in the Disable Following a Security Violation field. 4.For releases before G3V3, administer an “rsvn-call” button on any station/attendant console (maximum 1 per system). The SVN button location can be determined by entering the command display svn-button-location. Activation of this feature button initiates the placement of remote access referral calls, until the button is deactivated. 5. For G3V3 and later releases, administer an “rsvn-halt” button on any station/attendant console (maximum 1 per system). The SVN button location can be determined by entering the command display svn-button-location. Activation of this feature button stops the placement of all remote access referral calls until the button is deactivated. Enable/Disable Remote Access Code To enable a Remote Access Code that has been disabled following a security violation, or disabled manually with the disable remote access command: 1. Log in to the switch using a login ID with the proper permissions. 2. Enter the command enable remote access. To disable a Remote Access Code: 1. Log in to the switch using a login ID with the proper permissions. 2. Enter the command disable remote access.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-6 Administering the SVN Feature D Administering Remote Access Kill After N Attempts Following is an example of how to administer this feature. 1. To access the System Parameters Features screen from the command line interface, enter change system-parameters features security (G3V3 and later) or change system-parameters features (releases prior to G3V3). When the system-parameters features screen appears, complete the following fields: nSVN Remote Access Violation Notification Enabled field — Enter y in this field to enable the Remote Access component of the SVN feature. nOriginating Extension field — Enter an unassigned extension that conforms to the switch dial plan. nReferral Destination field — Enter an extension that is assigned to a station equipped with a display module. nBarrier Code Threshold field — Enter the number of times entry of an invalid barrier code will be permitted before a security violation is detected. nTime Interval field — Enter the duration of time that the invalid barrier code attempts must occur within. 2. Enter the change remote-access command to access the Remote Access form. nDisable Following A Security Violation field — If not already assigned, enter y in this field to disable Remote Access following a security violation. NOTE: The Disable Following A Security Violation field is dynamic. It will only appear if the remote access component of the SVN feature is enabled. In the event of a Remote Access barrier code security violation, a referral call is generated, alerting the switch administrator of the violation. When the violation is detected, the Remote Access feature is disabled, prohibiting any further use until the security violation is investigated. Consult the monitor security-violations report, trunk group measurements reports, and security measurements reports to determine the nature and source of the security violation. Local exchange and long distance carriers may provide assistance in tracing the source of the violation. The Remote Access feature should not be re-enabled until the source of the violation is identified, and you are confident that the feature is secure. Enter the enable remote-access command to re-enable the Remote Access feature.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-7 Administering the SVN Feature D If the Remote Access feature is to be dormant for a period of time, the feature can be disabled using the disable remote-access command. Entry of this command will disable the Remote Access feature until it is re-enabled using the enable remote-access command. Administering Login ID Kill After N Attempts Following is an example of how to administer this feature. 1. Enter the change system-parameters features command to assign Security Violation Notification (SVN) parameters. When the system-parameters features screen appears, complete the following fields: nSVN Login Violation Notification Enabled field — Enter y in this field to enable the login component of the SVN feature. nOriginating Extension field — Enter an unassigned extension that conforms to the switch dial plan. nReferral Destination field — Enter an extension that is assigned to a station equipped with a display module. nLogin Threshold field — Enter the number of times entry of an invalid login ID, or valid login ID/invalid password combination will be permitted before a security violation is detected. nTime Interval field — Enter the duration of time that the invalid login attempts must occur within. 2. Enter the add/change login command to access the login administration form. nDisable Following A Security Violation field — If not already assigned, enter y in this field to disable the login ID following a security violation involving the login ID. In the event a security violation involving the login ID is detected, a referral call is generated, alerting the switch administrator of the violation. When a login violation is detected for a valid login ID, the login ID is disabled, prohibiting any further use until the security violation is investigated and the login ID is re-enabled. Consult the monitor security-violation report and security measurements report to determine the nature and source of the security violation. If the attempts to access the switch administration originated from a remote source, the local exchange and long distance carriers may provide assistance in tracing the source of the invalid access attempts. The affected login ID should not be re-enabled until the source of the violation is identified and you are confident that the switch administration maintenance interface is secure. Enter the enable login command to re-enable the login ID. If a login ID is to be dormant for a period of time, the login ID can be disabled using the disable login command. Entry of this command will disable the login ID until it is re-enabled using the enable login command.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-8 Administering the SVN Feature D Administering the Authorization Code Component To administer the Authorization Code component of the SVN feature in G3V3 and later releases, do the following: 1. Access the System Parameter Security form by entering change system-parameters security from the command line interface. 2. When the SVN Authorization Code Violation Notification Enabled field is set to y, the following additional fields appear on the Security-Related System Parameters form: nOriginating Extension Enter an unassigned extension that is local to the switch and conforms to the dial plan, for the purpose of originating and identifying SVN referral calls for authorization code security violations. The originating extension initiates the referral call in the event of an authorization code security violation. It also sends the appropriate alerting message or display to the referral destination. nReferral Destination Enter an extension assigned to a station or attendant console that will receive the referral call when an authorization code security violation occurs. If the announcement extension field is blank, the referral destination must be on the switch and a display module is required. Call vectoring, using time of day routing, allows security notification to be extended off-premises. nAuthorization Code Threshold Enter the minimum number of invalid authorization code attempts that will be permitted before a referral call is made. The value assigned to this field, in conjunction with the Time Interval field, will determine whether a security violation has occurred. The system default for the Authorization Code security violations threshold is 10. nTime Interval Enter the time interval within which the authorization code security violations must occur. The range for the time interval is one minute to eight hours (0:01 to 7:59), and is entered in the form x:xx. For example, if you want the time interval to be one minute, enter 0:01. If you want the time interval to be seven and one-half hours, enter 7:30. The system default is 0:03.