Lucent Technologies DEFINITY Enterprise Communication Server Release 8.2 Administrators Guide

							DEFINITY ECS Release 8.2
Administrator’s Guide  555-233-506  Issue 1
April 2000
Enhancing system security 
317 Changing a login 
11
More information
When you add a login, the Security Measurement reports do not update until the 
next hour.
Password aging is an option you can start while administering logins. The 
password for each login can be aged starting with the date the password was 
created or changed and continuing for a specified number of days (1 to 99).
The system notifies the user at the login prompt, 7 days before the password 
expiration date, their password is about to expire. When the password expires, the 
user needs to enter a new password into the system before logging in.
Changing a login
This section shows you how to change a user’s login. You may need to change a 
user’s password because it has expired. To change a login’s attributes, you must be 
a superuser with authority to administer permissions.
When changing logins, remember the following:
nType the new login name as part of the change command. The name must 
be 3–6 alphanumeric characters in length, and can contain the characters 
0-9, a-z, A-Z.
nThe password must be from 7 to 11 alphanumeric characters in length and 
contain at least 1 non-alphabetic character.
Instructions
We will change the login 
angi3 with the password b3stm0m. We also will require 
the user to change their password every 30 days.
To change logins:
We will change the login 
angi3.
1. Type 
change login angi3 and press RETURN.
The Login Administration
 screen appears. 
						

							DEFINITY ECS Release 8.2
Administrator’s Guide  555-233-506  Issue 1
April 2000
Enhancing system security 
318 Displaying a login 
11
2. In the Password of Login Making Change field, type your superuser 
password.
3.In the Login’s Password field, type 
b3stm0m.
This is the login for the password you are changing.
4. In the Reenter Login’s Password field, retype 
b3stm0m.
The password does not appear on the screen as you type.
5. In the Password Aging Cycle Length (Days) field, type 
30.
This requires the user to change the password every 30 days.
6. Press 
ENTER to save your changes.
Related topics
‘‘Logging into the system’’.
Displaying a login
This section shows you how to display a user’s login and review their permissions.
Instructions
To display a login such as 
angi3:
1. Type 
display login angi3 and press RETURN.
 LOGIN ADMINISTRATION
               Password of Login Making Change:
           LOGIN BEING ADMINISTERED
                              Login’s Name:angi3
                                Login Type:
                             Service Level:
    Disable Following a Security Violation?
  Access to INADS Port? _
LOGIN’S PASSWORD INFORMATION
                          Login’s Password:
                  Reenter Login’s Password:
Password Aging Cycle Length (Days):
LOGOFF NOTIFICATION
Facility Test Call Notification? y  Acknowledgment Required? y
Remote Access Notification? y  Acknowledgment Required? y
ACCESS SECURITY GATEWAY PARAMETERS
Access Security Gateway? n 
						

							DEFINITY ECS Release 8.2
Administrator’s Guide  555-233-506  Issue 1
April 2000
Enhancing system security 
319 Removing a login 
11
The Login Administration appears and displays all information about the 
requested login except the password.
Removing a login
This section shows you how to remove a user’s login. To remove a login, you must 
be a superuser.
Instructions
To remove a login such as 
angi3:
1. Type 
remove login angi3 and press RETURN.
The Login Administration
 screen appears showing information for the 
login you want to delete.
2. Press 
ENTER to remove the login, or press CANCEL to leave this screen 
without removing the login.
More information
When you remove a login, the Security Measurement reports do not update until 
the next hour.
Related topics
‘‘Logging into the system’’.
Using access security gateway
This section shows you how to use Access Security Gateway (ASG). ASG 
prevents unauthorized access by requiring the use of the hand-held Access 
Security Gateway Key for logging into the system.
You need superuser privileges to perform any of the ASG procedures.
Before you start
You need an Access Security Gateway Key.
On the ‘‘
System Parameters Customer-Options’’ screen, verify the Access 
Security Gateway (ASG) field is 
y. If not, contact your Lucent representative. 
						

							DEFINITY ECS Release 8.2
Administrator’s Guide  555-233-506  Issue 1
April 2000
Enhancing system security 
320 Using access security gateway 
11
Instructions
To set up access security gateway:
1. Type 
change login xxxx and press RETURN, where xxxx is the 
alphanumeric login ID.
The Login Administration
 screen appears.
2. In the Password of Login Making Change field, type your password.
3. In the Access Security Gateway field, type 
y.
When set to 
y, the Access Security Gateway Login Administration screen 
(page 2) appears automatically.
4. Either:
nSet the System Generated Secret Key field to:
ny for a system-generated secret key, or
nn for a secret key to be entered by the administrator, or
nIn the Secret Key field, enter your secret key. 
Be sure to remember your secret key number.
5. All other fields on page 2 are optional.
6. Press 
ENTER to save your changes.
7. Type 
change system-parameters security and press RETURN.
The Security-Related System Parameters
 screen appears.
LOGIN ADMINISTRATION
               Password of Login Making Change:
           LOGIN BEING ADMINISTERED
                              Login’s Name:xxxxxxx
                                Login Type:
                             Service Level:
    Disable Following a Security Violation?
  Access to INADS Port? _
          LOGIN’S PASSWORD INFORMATION
                          Login’s Password:
                  Reenter Login’s Password:
Password Aging Cycle Length (Days):
LOGOFF NOTIFICATION
Facility Test Call Notification? y  Acknowledgment Required? y
Remote Access Notification? y  Acknowledgment Required? y
ACCESS SECURITY GATEWAY PARAMETERS
Access Security Gateway? n 
						

							DEFINITY ECS Release 8.2
Administrator’s Guide  555-233-506  Issue 1
April 2000
Enhancing system security 
321 Using access security gateway 
11
8. In the Access Security Gateway Parameters section, you determine which 
of the following necessary port type fields to set to 
y.
NOTE:
Lucent recommends that you protect the SYSAM-RMT port since it 
is a dial-up port and therefore is more susceptible to compromise.
In our example, in the SYSAM
-RMT field, we’ll type y.
9. Press 
ENTER to save your changes.
Disabling Access Security Gateway
To temporarily disable ASG while users are on vacation or travel:
1. Type 
change login xxxx and press RETURN, where xxxx is the 
alphanumeric login ID.
The Login Administration
 screen appears.
Page 2 of 2
 SECURITY-RELATED SYSTEM PARAMETERS
SECURITY VIOLATION NOTIFICATION PARAMETERS
SVN Station Security Code Violation Notification Enabled? y
Originating Extension: _____  Referral Destination: _____
Station Security Code Threshold: 10 Time Interval: 0:03
Announcement Extension: _____
STATION SECURITY CODE VERIFICATION PARAMETERS
Minimum Station Security Code Length: 4
Security Code for Terminal Self Administration Required? y
ACCESS SECURITY GATEWAY PARAMETERS
SYSAM-LCL? n SYSAM-RMT? y
MAINT? n       SYS-PORT? n 
						

							DEFINITY ECS Release 8.2
Administrator’s Guide  555-233-506  Issue 1
April 2000
Enhancing system security 
322 Using access security gateway 
11
2. On the Access Security Gateway Login Administration page (page 2), set 
the Blocked field to 
y.
Setting the Blocked field to 
y does not remove the login from the system, 
but temporarily disables the login.
3. Press 
ENTER to save your changes.
NOTE:
A superuser can disable and restart access for another superuser.
Restarting Access Security Gateway
To restart temporarily disabled access security gateway access for login:
1. Type 
change login xxxx and press RETURN, where xxxx is the 
alphanumeric login ID.
The Login Administration
 screen appears.
2. On the Access Security Gateway Login Administration page (page 2), set 
the Blocked field to 
n.
3. Press 
ENTER to save your changes.
LOGIN ADMINISTRATION
               Password of Login Making Change:
           LOGIN BEING ADMINISTERED
                              Login’s Name:xxxxxxx
                                Login Type:
                             Service Level:
    Disable Following a Security Violation?
  Access to INADS Port? _
          LOGIN’S PASSWORD INFORMATION
                          Login’s Password:
                  Reenter Login’s Password:
Password Aging Cycle Length (Days):
LOGOFF NOTIFICATION
Facility Test Call Notification? y  Acknowledgment Required? y
Remote Access Notification? y  Acknowledgment Required? y
ACCESS SECURITY GATEWAY PARAMETERS
Access Security Gateway? n 
						

							DEFINITY ECS Release 8.2
Administrator’s Guide  555-233-506  Issue 1
April 2000
Enhancing system security 
323 Using access security gateway 
11
Loss of an ASG key
If a user loses their Access Security Gateway Key:
1. Modify any logins associated with the lost Access Security Gateway Key. 
Refer to the Access Security Gateway Key User’s Guide to change your 
PIN.
2. If the login is no longer valid, type 
remove login xxxx and press RETURN, 
to remove the invalid login from the system, where xxxx is the 
alphanumeric login ID.
3. To keep the same login, change the Secret Key associated with the login to 
a new value.
4. Using the new secret key value, re-key devices that generate responses and 
interact with the login.
Monitoring the Access Security Gateway 
history log
The Access Security Gateway Session History Log records all ASG session 
establishment and session rejection events except when, on the Login 
Administration screen, the Access to INADS Port field is 
y. You must be a 
superuser to use the 
list asg-history command.
1. Type 
list asg-history and press RETURN.
The Access security gateway
 screen appears.
This screen contains the following fields:
nDate — Contains the date of the session establishment or rejection. For 
example, the date displays in the mm/dd format where mm = month and  dd 
= day.
nTime — Contains the time of the session establishment or rejection. For 
example, the time displays in the hh/mm format where hh = hour and mm = 
minute.
                         
ACCESS SECURITY GATEWAY SESSION HISTORY
Date Time Port Login Status
01/06 12:45 SYSAM-RMT csand AUTHENTICATED
01/05 01:32 SYSAM-LCL jsmith REJECT-BLOCK
01/05 12:33 SYSAM-RMT ajones REJECT-EXPIRE
01/03 15:10 SYSAM-RMT swrigh REJECT-PASSWORD
01/02 08:32 SYSAM-LCL jsmith  REJECT-INVALID
01/02 07:45 SYSAM-RMT mehrda REJECT-RESPONSE 
						

							DEFINITY ECS Release 8.2
Administrator’s Guide  555-233-506  Issue 1
April 2000
Enhancing system security 
324 Changing login permissions 
11
nPort — Contains the port mnemonic associated with the port on which the 
session was established or rejected. The port mnemonics for G3r systems 
are SYSAM-LCL, SYSAM-RMT, MAINT, and SYS-PORT. For G3si 
systems, they are MRG1, INADS, NET, and EPN.
nLogin — Contains the alphanumeric login string entered by the user and 
associated with the session establishment or rejection.
nStatus — Contains a code that indicates whether the session was 
established or rejected and, if rejected, the reason for the rejection. Refer to 
Access security gateway
 for a list of the possible status values.
Related topics
‘‘
Logging in with Access Security Gateway’’ on page 3
‘‘Security violations notification’’ on page 1479
Changing login permissions
This section shows you how to change login permissions.
Once you have created a login, you can modify the permissions associated with 
the login. The system maintains default permissions for each level of login, but 
you may want to further restrict the login, or at least make sure the defaults are 
appropriate for the user. The default values for these fields vary based on the login 
type.
Instructions
We will change the login permissions of 
angi3.
To change login permissions:
1. Type 
change permissions angi3 and press RETURN.
The Command Permission Categories
 screen appears. 
						

							DEFINITY ECS Release 8.2
Administrator’s Guide  555-233-506  Issue 1
April 2000
Enhancing system security 
325 Changing login permissions 
11
2. In the Administer Stations field, type y.
This allows your user to add, change, duplicate, or remove stations, data 
modules and associated features.
3. In the Additional Restrictions field, type 
y.
A 
y in this field brings up the second and third pages of this screen.
4. In the first field, type 
vdn.
This restricts your user from administering a VDN.
5. Press 
ENTER to save your changes.
 
COMMAND PERMISSION CATEGORIES
                             Login Name: angi3
   COMMON COMMANDS
                  Display Admin. and Maint. Data? n
                             System Measurements? n
   ADMINISTRATION COMMANDS
         Administer Stations? y             Administer Features? n
           Administer Trunks? n Administer Permissions? n
     Additional Restrictions? y
   MAINTENANCE COMMANDS
           Maintain Stations? n       Maintain Switch Circuit Packs? n
             Maintain Trunks? n      Maintain Process Circuit Packs? n
            Maintain Systems? n  Maintain Enhanced DS1? n 
COMMAND PERMISSION CATEGORIES
                              RESTRICTED OBJECT LIST
           vdn  ______________________
           _______________________        ______________________
           _______________________        ______________________
           _______________________        ______________________
           _______________________        ______________________
           _______________________        ______________________
           _______________________        ______________________
           _______________________        ______________________
           _______________________        ______________________
           _______________________        ______________________ 
						

							DEFINITY ECS Release 8.2
Administrator’s Guide  555-233-506  Issue 1
April 2000
Enhancing system security 
326 Changing passwords 
11
Changing passwords
This section shows you how to change a user’s password.
Instructions
We will change the password for login 
angi3 to g3or5e.
To change passwords:
1. Type 
change password angi3 and press RETURN.
The Password Administration screen appears.
2. In the Password of Login Making Change field, type your password to 
change any field on this screen.
We’ll type 
angi3.
3. In the Login’s Password field, type the initial password for this login. 
We’ll type 
g3or5e.
Notify the owner of the login to change their password immediately. The 
password does not appear on the screen as you type.
4. In the Reenter Login’s Password field, retype the login’s password as 
above, for verification.
We’ll type 
g3or5e.
The password does not appear on the screen as you type.
5. Press 
ENTER to save your changes.
 
PASSWORD ADMINISTRATION
Password of Login Making Change: angi3
LOGIN BEING CHANGED
Login Name:
LOGIN’S PASSWORD INFORMATION
Login’s Password:
Reenter Login’s Password: