Home > Lucent Technologies > Communications System > Lucent Technologies BCS Products Security Handbook Addendum Instructions Manual

Lucent Technologies BCS Products Security Handbook Addendum Instructions Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Lucent Technologies BCS Products Security Handbook Addendum Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    Securing Remote Lucent Technologies Systems 
    1-5 Securing DEFINITY Systems (Release 7.2 and Later) with Access Security 
    1
    Administering Access Security Gateway
    Use the following  p roc ed ure to administer Ac c ess Sec urity Gateway.
    1. On the System Parameters Customer Op tion form, d o the following :
    NOTE:
    Only Luc ent Tec hnolog ies tec hnic ians c an ac c ess this form.
    nSet the G3 Version
     field to V6
     or later configuration.
    nSet the Access Security Gateway (ASG)
     field  to y
    .
    2. On the Login Ad ministration form, d o the following :
    nOn p ag e 1 of this form, set the Access Security Gateway 
    field  
    to y
    .
    nOn p ag e 2, c omp lete one of these two op tions for the Sec ret Key 
    field :
    — If you are using  a system-g enerated  sec ret key, set the 
    System Generated Secret Key
     field  to y
     
    OR
    — If you are using a self-defined secret key, enter your unique 
    secret key in the Secret Key
     field.
    NOTE:
    All other field s on p ag e 2 of the Log in Ad ministration form are 
    op tional.
    3. On the Sec urity Related  System Parameters form, set the req uired  
    ACCESS SECURITY GATEWAY PARAMETERS
     fields to y
    .
    4. When you have c omp leted  all entries on these forms, press 
    En t e r to save 
    your c hang es.
    Logging in via Access Security Gateway 
    (Session Establishment)
    Use the following  p roc ed ure to log  in to the system via the Ac c ess Sec urity 
    Gateway interfac e:
    NOTE:
    The numb ers shown as c halleng es and resp onses in the p roc ed ures b elow 
    are for examp le p urp oses only. They will not b e the numb ers you ac tually 
    use or see on your ASG Key. 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    Securing Remote Lucent Technologies Systems 
    1-6 Securing DEFINITY Systems (Release 7.2 and Later) with Access Security 
    1
    1. Connec t to the DEFINITY ECS system ad ministration/maintenanc e p ort.
    The system resp onds with the log in p romp t.
    2. At the promp t, type your valid  log in ID and  p ress 
    Re t u r n .
    The system verifies the log in ID and  transmits the CHALLENGE in the form 
    of a 7-d ig it numb er, for instanc e,
     5551234
    .
    3. Turn on your ASG Key, p ress the b utton lab eled  
    Re d in ord er to enter 
    Authentic ation Mod e, typ e your PIN numb er, and  p ress 
    En te r.
    The ASG Key resp ond s with a c hallenge p romp t.
    4. On the ASG Key, at the c halleng e p romp t, typ e the 7-d ig it c halleng e 
    numb er you see on your PC (leave out the “ -” , for instanc e, 5552739) and  
    p ress 
    En t e r.
    Th e  ASG  K e y  g e n e ra t e s  a  RESPON SE n u m b e r (f o r in s t a n c e  999-6713
    ).
    5. On the PC, at the Resp onse p romp t, typ e the resp onse numb er g enerated  
    b y the ASG Key (leave out the “ -” , for instanc e, 9996713) and  p ress 
    Retur n.
    DEFINITY ECS verifies the resp onse. If c orrec t, DEFINITY log s you on. If 
    the resp onse is inc orrec t, return to Step  1. 
    NOTE:
    Only three log in/c halleng e/resp onse attemp ts are p ermitted . If the user is 
    not authentic ated  after the third  resp onse, the user sees the messag e 
    “ INVALID LOGIN”  and  the session will b e terminated . If this happ ens, see 
    the ap p rop riate maintenanc e b ook for your system (R6r, R6vs/si, or R6c si).
    Maintaining Login IDs
    Temporarily Disabling Access Security 
    Gateway Access for Login
    To temp orarily d isab le Ac c ess Sec urity Gateway, for instanc e, while users are on 
    vac ation or travel:
    1. At the p rompt, typ e change login xxxx 
    (xxx =  alphanumeric  log in ID) and  
    p ress 
    Re t u r n to log  into the Log in Ad ministration form.
    2. On p ag e 2 of the Log in Ad ministration form, set the Blocked 
    field  to y
    .
    NOTE:
    Setting  the Blocked 
    field  to y
     d oes not remove the log in from the 
    system, b ut 
    temp orarily d isab les the log in.
    3. When c omp leted , p ress 
    Retur n to save your c hang es. 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    Securing Remote Lucent Technologies Systems 
    1-7 Securing DEFINITY Systems (Release 7.2 and Later) with Access Security 
    1
    Restarting Temporarily Disabled Access 
    Security Gateway Access for Login
    1. At the p rompt, typ e change login xxxx 
    (xxx =  alphanumeric  log in ID) and  
    p ress 
    Re t u r n to log  into the Log in Ad ministration form.
    2. On p ag e 2 of the Log in Ad ministration form, set the Blocked 
    field  to n
    .
    3. When c omp leted , p ress 
    Return to save your c hang es.
    Maintaining the Access Security Gateway History
    Log
    The Ac c ess Sec urity Gateway History Log  log s all session estab lishment and  
    rejec tion events assoc iated  with users ac c essing  the system administration and  
    maintenanc e interfac e throug h ASG. This log  emulates the information p rovid ed 
    in the DEFINITY History Log , b ut also c ontains information on whether the 
    session was ac c ep ted  or rejec ted  by ASG, and  if rejec ted , the reason for the 
    rejec tion.
    This form is ac c essib le only if the G3 Version
     field on the System-Parameters 
    Customer-Op tions form is V6
     or g reater and  the Access Security Gateway 
    (ASG) 
    field  on the form is y
    .
    Loss of an ASG Key
    If a user loses their ASG Key, he/she must notify the system ad ministrator 
    immed iately. The ad ministrator, in turn, must do the following :
    nMod ify any log ins assoc iated  with the lost ASG Key. See the Access 
    Sec urity Gateway Key User’s Guid e 
    for information on c hang ing  your PIN.
    nIf the log in is no long er valid , at the p rompt, typ e remove login xxxx 
    (xxx =  alphanumeric  log in ID) and  press 
    Retur n to remove the invalid  login 
    from the system.
    nTo keep the same log in, c hang e the Sec ret Key assoc iated  with the log in 
    to a new value.
    nUsing  the new sec ret key value, re-key devic es that g enerate resp onses 
    and  interac t with the log in. 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    Securing Remote Lucent Technologies Systems 
    1-8 Securing DEFINITY Systems (Release 7.2 and Later) with Access Security 
    1
    Interactions of ASG
    nCustomer Ac cess INADS Port
    If ac c ess to the INADS port is disab led on a system-wid e b asis, 
    ad ministering  ac c ess to the SYSAM-RMT or INADS port, throug h the 
    Ac c ess Sec urity Gateway feature, d oes not overrid e the INADS p ort 
    restric tion. Administration d oes not p rohib it assig nment of Ac c ess Sec urity 
    G a t e w a y t o  t h e  SYSAM -RM T o r  I N A D S p o r t .  H o w e v e r ,  in  a  c o n f i g u r a t i o n  
    where this method  of ac c ess is b loc ked , you will b e d enied  ac c ess to the 
    sy s t e m  t h ro u g h  t h e  SYSA M - RM T o r  I N AD S p o r t  e v e n  if  yo u  a t t e m p t  t o  
    ac c ess the p ort using  a valid  Ac c ess Sec urity Gateway log in ID.
    If ac c ess to the INADS port has b een d isab led  on a log in basis, 
    ad ministering  ac c ess to the SYSAM-RMT or INADS port, via the Ac c ess 
    Sec urity Gateway feature, will not overrid e the INADS p ort restric tion.
    nLog in Ad ministration
    The standard user interface for DEFINITY ECS login administration has not 
    b een mod ified  b y Ac c ess Sec urity Gateway. Also, the stand ard DEFINITY 
    ECS login user interface is maintained in cases where Acc ess Security 
    Gateway parameters have not b een ad ministered  for the log in.
    nSec urity Violation Notific ation (SVN)
    Ac c ess Sec urity Gateway does not sup p ort an interfac e to the SVN 
    feature. Session rejec tion events d o not ap p ear in the monitor 
    sec urity-violations log in rep ort and  referral c alls are not sp awned  in the 
    event that the numb er of rejec ted Ac c ess Sec urity Gateway sessions 
    exc eed s the threshold /time interval c riteria imp osed  b y the SVN feature.
    nSec urity Measurements
    Ac c ess Sec urity Gateway session estab lishment or rejec t events d o not 
    inc rement the Suc c essful Log ins, Invalid  Attemp ts, Invalid  IDs, Forc ed  
    Disc onnec ts, Log in Sec urity Violations or Trivial Attemp ts c ounters 
    maintained  for the list measurements sec urity-violations d etail report. 
    Ad d itionally, log in sp ec ific  information maintained by the measurements 
    sec urity-violations summary rep ort d oes not inc lud e Ac c ess Sec urity 
    Gateway related  d ata. 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    Securing Remote Lucent Technologies Systems 
    1-9 Securing INTUITY AUDIX Ports (Release 5.0 and Later) with ASG 
    1
    Securing INTUITY AUDIX Ports
    (Release 5.0 and Later) with ASG
    Ac c ess Sec urity Gateway also p rovid es up -to-d ate authentic ation for the Intuity 
    AUDIX system logins. For Intuity Release 5.0, ASG p rotec tion is availab le for 
    remote dial-up logins only.
    ASG protects Intuity AUDIX systems by challenging each potential dial-up 
    session user. If an ASG log in ID is estab lished  for a p artic ular user (suc h as sa, 
    whic h refers to a log in for the “ system ad ministrator,”  or vm, whic h refers to the 
    login of the “ voic e messag ing ad ministrator” ), the ASG layer of protec tion is in 
    p lac e for anyone who attemp ts to log  in as that user. If an ASG log in ID is not 
    estab lished  for a p artic ular user, the user log s in to the system with the UNIX 
    system p assword . 
    NOTE:
    Information ab out ASG with Intuity and  p roc ed ures for ad ministering  and  
    using  ASG c an b e found  on the Intuity Messag ing  Solutions Release 5.0 
    d oc umentation CD. There, d o a searc h within the ind ex for “ Ac c ess 
    Sec urity Gateway (ASG).”
    In ord er to resp ond  to the ASG c halleng e, the user must have a hand -held  d evic e 
    c alled  the ASG Key. The ASG Key must b e set with an enc ryp tion key number 
    that matc hes that of the user’s ASG enc ryption key numb er in the Intuity AUDIX 
    system. For more information ab out the ASG Key, see the 
    ASG Key User Guid e, 
    585-212-012.
    Use the following  p roc ed ures for log g ing  in with ASG, maintaining  Log in IDs, and  
    setting  and  resolving  violation warning s.
    Logging In With ASG
    When you b egin a remote session with an Intuity AUDIX system that is 
    ASG-ac tivated , the system promp ts you with a c halleng e. To log  in to a system 
    that has ASG ac tivated  for your log in:
    1. At the login:
     p romp t, enter your log in ID.
    The terminal sc reen d isp lays the following  messag e:
    Challeng e: xxxxxxx
    Resp onse:
    2. Press ENTER ( ) on the ASG Key to start the ASG Key.
    The ASG Key d isp lays the following  messag e:
    PI N :
    3. On the ASG Key, typ e your PIN and  p ress ENTER ( ). 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    Securing Remote Lucent Technologies Systems 
    1-10 Securing INTUITY AUDIX Ports (Release 5.0 and Later) with ASG 
    1
    4. On the ASG Key, typ e the c halleng e number that is d isp layed  on the 
    terminal sc reen, and  p ress ENTER ( ).
    The ASG Key d isp lays the uniq ue, 7-d ig it resp onse numb er that 
    c orresp ond s to the c hallenge numb er you entered . The c halleng e and  
    resp onse numbers are valid  for this session only.
    5. On the terminal sc reen, at the Response: 
    promp t, enter the resp onse 
    numb er that is d isp layed  on the ASG Key.
    NOTE:
    If the authentic ation p roc ess is suc c essful, the system d isp lays the Luc ent 
    INTUITY Main Menu for the sa log in OR the AUDIX Command  Promp t 
    Sc reen for the vm log in.
    If the authentic ation p roc ess fails, the system makes an entry in the system 
    History Log and  d isp lays the following  messag e: INVALID LOGIN.
    Maintaining Login IDs
    Onc e you estab lish an ASG log in for a sp ec ific  Intuity AUDIX log in user, sa or vm, 
    anyone who attemp ts remote ac c ess to your system with the p rotec ted  log in is 
    p rompted  for the c halleng e resp onse numb er.
    Adding an ASG Login 
    You must be logged in as sa to add an ASG login for sa or vm. To add a new ASG 
    login to your system:
    1. At the Luc ent INTUITY Main Menu, selec t ASG Security 
    Administration
     and  then selec t ASG Security Login 
    Administration.
    The system displays the ASG Sec urity Login Administration Window.
    2. Complete the following field s:
    nLogin ID:
     
    (In this field  typ e either sa or vm.)
    nAccess Via ASG Blocked?
     
    (Set this field  to N whic h ind ic ates that the Log in ID should  have full 
    acc ess privileges.) 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    Securing Remote Lucent Technologies Systems 
    1-11 Securing INTUITY AUDIX Ports (Release 5.0 and Later) with ASG 
    1
    nAuthentication Type?
    (In this field typ e PASSKEY whic h ind ic ates that the user must have 
    the ASG Key to p rod uc e the uniq ue resp onse numb er d uring  log in.
    NOTE:
    If you typ e PASSWORD (rather than PASSKEY) in the 
    Authentication Type:
     field , the system will use reg ular 
    Intuity AUDIX password  p rotec tion.
    nSystem Generated Secret?
     
    (Set this field  to Y for Yes or N for No. Y ind ic ates that you want the 
    system to c reate the sec ret key for this Log in ID. N ind ic ates you 
    will provid e the sec ret key numb er in the Secret Key:
     field.)
    3. If you typ ed  N in the System Generated Secret?
     field , c omp lete the 
    Secret Key:
     field .
    (A Sec ret Key is a 20-d ig it string  using only the d ig its 0 throug h 7 in any 
    ord er)
    4. Press 
    F2 (Create) to save the information.
    The system d isp lays a c onfirmation messag e and  p rovid es the enc ryption 
    key number that must matc h the ASG Key when a user attemp ts to log  in. 
    The enc ryp tion key numb er must b e entered  into the ASG Key as Key1 or 
    Key2.
    5. Press 
    EN TER, then p ress F6 (Canc el) twic e to return to the 
    Luc ent INTUITY Main Menu.
    Blocking or Reinstating Access Privileges 
    for an ASG Login
    If a user will not need  ac c ess to the system for a long  p eriod  of time, you c an 
    b loc k the ASG Log in ID’s ac c ess temp orarily. Perform the following  tasks to b loc k 
    or reinstate ac c ess for an ASG Log in.
    1. At the Luc ent INTUITY Main Menu, selec t ASG Security 
    Administration
     and  then selec t ASG Security Login 
    Administration.
    The system displays the ASG Sec urity Login Administration Window.
    2. Typ e the user’s log in ID in the Login ID:
     field .
    3. Set the Access Via ASG Blocked?
     field  to Y if you want to revoke the 
    user’s ac c ess to the system OR set this field  to N in the Access Via ASG 
    Blocked?
     field  if you want to reinstate the user’s ac c ess to the system.
    4. Press 
    F3 (Chang e) to save the c hang es.
    The system d isp lays a c onfirmation messag e.
    5. Press 
    EN TER, then p ress F6 (Canc el) twic e to return to the Luc ent 
    INTUITY Main Menu. 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    Securing Remote Lucent Technologies Systems 
    1-12 Securing INTUITY AUDIX Ports (Release 5.0 and Later) with ASG 
    1
    Changing the Encryption Key Number for an
    ASG Login
    The enc ryp tion key numb er is used  b y the system and b y the ASG Key 
    hand -held  d evic e to c reate c hallenge resp onse p airs of numbers. If an 
    enc ryp tion key numb er is lost or c omp romised , it must b e c hang ed  in the system 
    and  in all assoc iated  ASG Key hand -held  d evic es. To c hang e the enc ryp tion 
    numb er.
    1. At the Luc ent INTUITY Main Menu, selec t ASG Security 
    Administration
     and  then selec t ASG Security Login 
    Administration.
    The system displays the ASG Sec urity Login Administration Window.
    2.Typ e the user’s log in ID in the Login ID:
     field .
    3. Set the System Generated Secret? 
    field  to Y if you want to want the 
    system to g enerate a uniq ue Sec ret Key numb er or set this field  to N if you 
    want to enter your own Secret Key number.
    4. If the System Generated Secret?
     field  is set to N, c omp lete the 
    Secret Key:
     field .
    (A Sec ret Key is a 20-d ig it string , using  only the d ig its 0 throug h 7 in any 
    ord er.)
    5. Press 
    F3 (Chang e) to save the c hang es.
    The system d isp lays a c onfirmation messag e and  p rovid es the c halleng e 
    resp onse number that the user will need to log  in to the system.
    6. Press 
    EN TER, then p ress F6 (Canc el) twic e to return to the Luc ent Intuity 
    Main Menu.
    Displaying ASG Login Information
    If you need  to c hec k on the status of an ASG log in, p erform the following  tasks to 
    d isp lay the ASG Disp lay Sc reen.
    1. At the Luc ent INTUITY Main Menu, selec t ASG Security 
    Administration
     and  then selec t ASG Security Login 
    Administration.
    The system displays the ASG Sec urity Login Administration Window.
    2. Typ e the user’s log in ID in the Login ID:
     field .
    3. Press 
    F4  ( D i s p l a y ) to d isp lay information ab out the ASG log in ID.
    The system d isp lays the ASG Display Screen.
    4. Press 
    EN TER, then p ress F6 (Canc el) twic e to return to the Luc ent 
    INTUITY Main Menu. 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    Securing Remote Lucent Technologies Systems 
    1-13 Securing INTUITY AUDIX Ports (Release 5.0 and Later) with ASG 
    1
    Disabling ASG Authentication
    If you want to d isc ontinue ASG p rotec tion for a p artic ular log in, c hang e the 
    Authentic ation Typ e to 
    password. To d isable ASG authentic ation:
    1. At the Luc ent Intuity Main Menu, selec t ASG Security 
    Administration
     and  then selec t ASG Security Login 
    Administration.
    The system displays the ASG Sec urity Login Administration Window.
    2.Typ e the user’s log in ID in the Login ID:
     field .
    3. Typ e PASSWORD in the Authentication Type?
     field.
    4. Press 
    F3 (Chang e) to save the information.
    The system d isp lays a c onfirmation messag e.
    5. Press 
    EN TER, then p ress F6 (Canc el) twic e to return to the Luc ent 
    INTUITY Main Menu.
    Setting and Resolving Violation Warnings
    ASG trac ks the numb er of unsuc c essful log in attemp ts and  the time between 
    unsuc c essful log in attemp ts. If someone exc eed s the allowed  numb er of failed  
    login attemp ts, a warning  is ad ded  to the Alarm Log .
    Setting Notification Limits
    To set alarm p arameters for ASG, follow these step s:
    1. At the Luc ent INTUITY Main Menu, selec t ASG Security 
    Administration
     and  then selec t ASG Security Violation 
    Warning Administration.
    The system d isp lays the ASG Sec urity Violation Warning  Ad ministration 
    Win d o w.
    2. Typ e a new value in the Number of failed login attempts:
     field , if 
    needed.
    (This numb er c an b e from 1 to 99 whic h ind ic ates the number of times that 
    the user c an inc orrec tly typ e the log in information b efore the system 
    p lac es an entry in the Alarm Log  and  d isallows further login attemp ts.)
    NOTE:
    A lower numb er in this field  p rotec ts the system more fully. 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    Securing Remote Lucent Technologies Systems 
    1-14 Lucent Technologies Support 
    1
    3. Typ e a new value in the Failed login measurement window:
     field, if 
    needed.
    (This number can be from 1 through 60 which indicates the maximum 
    time, in minutes, that may elap se b etween failed  log in attemp ts, b ut still 
    have the attemp t c ount as one in a series.)
    NOTE:
    A hig her value in this field  p rotec ts the system more fully.
    4. Press 
    F3 (Save) to save the c hang es.
    The system d isp lays the following confirmation messag e:
    Assignment made 
    Press Enter to c ontinue.
    5. Press 
    EN TER, then p ress F6 (Canc el) twic e to return to the Luc ent 
    INTUITY Main Menu.
    Resolving ASG Violation Alarms
    To resolve an ASG warning , follow these steps:
    1. At the Luc ent INTUITY Main Menu, selec t ASG Security 
    Administration
     and  then selec t ASG Security Violation 
    Warning Administration.
    The system d isp lays the ASG Sec urity Violation Warning  Ad ministration 
    Win d o w.
    2. Set the Resolve existing alarms?
     field  to Y.
    (Y ind ic ates that you want to resolve an ac tive ASG alarm.)
    3. Press
     F3 (Save) to save the c hang es.
    The system d isp lays the following confirmation messag e:
    Assignment made 
    Press Enter to c ontinue.
    3. Press 
    EN TER, then p ress F6 (Canc el) twic e to return to the Luc ent 
    INTUITY Main Menu.
    Lucent Technologies Support
    Luc ent Tec hnolog ies provid es RPSD Keys to their maintenanc e c enters to 
    ac c ommod ate ac c ess to systems you sec ure with the RPSD Loc k. 
    With DEFINITY Release 7.2 and  Intuity Release 5.0, the servic es area of Luc ent 
    Tec hnolog ies has b een mod ified  to ac c ommod ate the ASG feature. However, 
    note that, unlike the RPSD Loc k feature whic h req uires ac c ess throug h a 
    hard ware RPSD key at the servic es site, neg otiating  the system throug h ASG is 
    ac c omp lished throug h a software interfac e to the INADS “ c onnec t”  tool. Other 
    d esktop  and  lap top tools are also availab le to Luc ent Servic es eng ineers and  
    tec hnic ians to ac c ess the Luc ent system via ASG.  
    						
    All Lucent Technologies manuals Comments (0)

    Related Manuals for Lucent Technologies BCS Products Security Handbook Addendum Instructions Manual