Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies BCS Products Security Handbook
Lucent Technologies BCS Products Security Handbook
Have a look at the manual Lucent Technologies BCS Products Security Handbook online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-49 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System H NETCON channels secured Non-DID extensions used for NETCON ports Unused NETCON channels removed Login Security Violation Notification feature active nLogins automatically disabled after security violation nLogin Security Violations monitored 24 hours per day Login permissions customized Unused logins removed (“remove login” command or disabled [passwords VOIDed]) UNIQUE customer logins used Password aging activated Logins temporarily disabled when not needed (“disable/enable” commands) Customer access to INADS port disabled Remote Access Remote Access permanently disabled if not used (G3V2 and North American Dial Plan loads) Remote Access administered nRemote access number is unpublished nNon-DID remote access number used nBarrier codes are random 7-digit sequences nBarrier codes in own restricted COR n7-digit authorization codes used nSecond dial tone omitted between barrier and authorization codes nAuthorization code time-out to attendant Table H-20.MSM — Continued Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-50 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System H Remote Access administered (continued) nVoice processing ports COR-to-COR restricted from dialing Remote Access barrier codes nRemote Access Security Violation Notification feature active — Remote Access Security Violations monitored 24 hours per day — Remote Access automatically disabled following detection of a Security Violation (G3V3) nBarrier code aging used (G3V3) nRemote Access temporarily disabled when not needed (“disable/enable” commands) Logoff Notification enabled for Remote Access Networking Features Trunking Prohibit Trunk-to-Trunk Transfer on public access trunks Tie trunk groups are COR-to-COR restricted Trunk groups have dial access = n COR-to-COR restrictions on dial-accessed trunks Automatic Circuit Assurance (ACA) on trunks groups SMDR/CDR activated on all trunk groups Attendant control of trunk groups with TAC = y Table H-20.MSM — Continued Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-51 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System H Routing ARS/WCR used for call routing n1+809 and 0+809 area code blocked n900 and 976 calls blocked n976 “look-alikes” blocked nBlock access to Alliance teleconference service (0700) n011/LD calls limited by FRLs n011/LD calls limited by Time-of-Day routing n011/LD calls limited by 6-digit or digit analysis nAlternate FRLs used (G3r) Facility Test Call/Data Origination Facility Test code changed from default, if used nFacility Test code translated only when needed nFacility Test code limited to system admin/mtce COR nLogoff Notification enabled for Facility Test Call (G3V4) Data Origination feature code not translated Miscellaneous Console permissions restricted/limited Individual and group-controlled restrictions used Authorization codes used COR-to-COR restrictions used on all CORs Ports for adjuncts in own restricted COR Restrict call forwarding off-net = y (G3) Authorization Code Security Violation Notification feature active Table H-20.MSM — Continued Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-52 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System H 1.If “NO” (N), provide Note reference number and explain. Product Monitoring Traffic measurements reports monitored daily SMDR/CMS reports monitored daily Recent change history log reviewed daily (G1/G3) Table H-20.MSM — Continued Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-53 PARTNER II and PARTNER Plus Communications Systems H PARTNER II and PARTNER Plus Communications Systems Also see the general security checklist on page H-3, and the security checklist for any attached voice mail systems or other adjuncts. Customer: _________________________________________ Location: _________________________________________ Product Type: _________________________________________ New Install: _________________________________________ System Upgrade: _________________________________________ Major Addition: _________________________________________ Table H-21. PARTNER II and PARTNER Plus Communications Systems Y/N 1Note N/A Physical Security Switch room and wiring closets locked All equipment documentation secured Attendant console secured at night (extensions 10 and 11) Remote administration unit secured Telephone logs and printed reports secured Adjunct (CAT, SMDR, Printer, etc.) terminals secured Customer Education System manager/administrator has copy of Security Handbook/Toll Fraud Overview System security policy established and distributed
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-54 PARTNER II and PARTNER Plus Communications Systems H System security policy reviewed periodically Security policy included in new-hire orientation Employees know how to detect potential toll fraud Employees know where to report suspected toll fraud Account codes not sequential Account codes and logins not written down or translated on auto-dial buttons Social engineering explained Customer is aware of network-based toll fraud surveillance offerings such as netPROTECT Customer knows how to subscribe to ACCESS security shared folder HackerTracker thresholds established System Features Forced account codes with verification used (PARTNER Plus Communications System 3.1 and later, and PARTNER II Communications System 3.1 and later) 900, 976 type calls blocked 2 976 look-alikes blocked** Operator calls restricted** 011/LD calls restricted** 1+809 and 0+809 area code blocked** Block access to Alliance teleconference service (0700)** Table H-21. PARTNER II and PARTNER Plus Communications Systems — Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-55 PARTNER II and PARTNER Plus Communications Systems H 1.If “NO” (N), provide Note reference number and explain. 2. Use line access restrictions, outgoing call restrictions, allowed and disallowed lists features. Product Monitoring SMDR reports monitored daily HackerTracker reports monitored daily Automated Attendant Administer range of valid extensions Administer maximum digits to match dial plan Change default system password Adjuncts Remote Administration Unit (RAU) unattended mode disabled, or RAU password enabled for unattended mode RAU password consists of random numbers RAU password is changed regularly Table H-21. PARTNER II and PARTNER Plus Communications Systems — Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-56 PARTNER MAIL and PARTNER MAIL VS Systems H PARTNER MAIL and PARTNER MAIL VS Systems Also see the general security checklist on page H-3, and the security checklist for the host communications system. Customer: _________________________________________ Location: _________________________________________ PBX Type: _________________________________________ New Install: _________________________________________ System Upgrade: _________________________________________ Port Additions: _________________________________________ Table H-22. PARTNER MAIL and PARTNER MAIL VS Systems Y/N 1Note N/A System Administration Passwords and mailboxes removed/changed when employees are terminated Mailboxes for unused extensions deleted Administration login password changed from default Administration login password changed regularly System mailboxes (90 to 98, and 9997 to 9999) assigned COS 7 to 9 to prevent transfer out of mailbox (PARTNER MAIL System only) System Administrator mailbox changed from default System Administrator mailbox password changed to a maximum-length, difficult-to-guess value
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-57 PARTNER MAIL and PARTNER MAIL VS Systems H 1.If “NO” (N), provide Note reference number and explain. System Features Mailboxes created only for active subscribers Outcalling privileges not assigned or assigned only to those requiring them PARTNER II and PARTNER Plus Communications Systems’ voice mail port(s) used for outcalling restricted via allow list to specific areas if outcalling is needed. All other PARTNER II and PARTNER Plus Communications Systems’ voice mail ports outward restricted. On PARTNER II and PARTNER Plus Communications Systems, create disallow list containing 0, 011, 10, 700, 800, 1800, 809, 1809, 411, 1411. All PARTNER II and PARTNER Plus Communications Systems’ voice mail ports assigned to this list. End User Education Passwords changed from default for new subscribers Passwords are difficult to guess Table H-22. PARTNER MAIL and PARTNER MAIL VS Systems — Continued Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-58 System 25 H System 25 Also see the general security checklist on page H-3, and the security checklist for any attached voice mail systems or other adjuncts. Customer: _________________________________________ Location: _________________________________________ PBX Type: _________________________________________ New Install: _________________________________________ System Upgrade: _________________________________________ Major Addition: _________________________________________ Table H-23. System 25 Y/N 1Note N/A System Administration Passwords changed from default Trunk-to-trunk transfer=n. (Warning: applies to loop start trunks only) Trunk groups have dial access disabled (DAC=n) Toll restrictions applied to stations and trunks as appropriate 900, 976 calls blocked Operator calls restricted 011/LD calls limited by FRLs DID/DNIS number range does not overlap facility access codes Remote Call Forwarding not active Remote Call Forwarding used only offnet with groundstart trunks Positive disconnect verified with loop start trunks