Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies BCS Products Security Handbook Addendum Instructions Manual
Lucent Technologies BCS Products Security Handbook Addendum Instructions Manual
Have a look at the manual Lucent Technologies BCS Products Security Handbook Addendum Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
BCS Products Security Handbook Addendum 585-025-600ADD Issue 1 May 1999 Securing Remote Lucent Technologies Systems 1-5 Securing DEFINITY Systems (Release 7.2 and Later) with Access Security 1 Administering Access Security Gateway Use the following p roc ed ure to administer Ac c ess Sec urity Gateway. 1. On the System Parameters Customer Op tion form, d o the following : NOTE: Only Luc ent Tec hnolog ies tec hnic ians c an ac c ess this form. nSet the G3 Version field to V6 or later configuration. nSet the Access Security Gateway (ASG) field to y . 2. On the Login Ad ministration form, d o the following : nOn p ag e 1 of this form, set the Access Security Gateway field to y . nOn p ag e 2, c omp lete one of these two op tions for the Sec ret Key field : — If you are using a system-g enerated sec ret key, set the System Generated Secret Key field to y OR — If you are using a self-defined secret key, enter your unique secret key in the Secret Key field. NOTE: All other field s on p ag e 2 of the Log in Ad ministration form are op tional. 3. On the Sec urity Related System Parameters form, set the req uired ACCESS SECURITY GATEWAY PARAMETERS fields to y . 4. When you have c omp leted all entries on these forms, press En t e r to save your c hang es. Logging in via Access Security Gateway (Session Establishment) Use the following p roc ed ure to log in to the system via the Ac c ess Sec urity Gateway interfac e: NOTE: The numb ers shown as c halleng es and resp onses in the p roc ed ures b elow are for examp le p urp oses only. They will not b e the numb ers you ac tually use or see on your ASG Key.
BCS Products Security Handbook Addendum 585-025-600ADD Issue 1 May 1999 Securing Remote Lucent Technologies Systems 1-6 Securing DEFINITY Systems (Release 7.2 and Later) with Access Security 1 1. Connec t to the DEFINITY ECS system ad ministration/maintenanc e p ort. The system resp onds with the log in p romp t. 2. At the promp t, type your valid log in ID and p ress Re t u r n . The system verifies the log in ID and transmits the CHALLENGE in the form of a 7-d ig it numb er, for instanc e, 5551234 . 3. Turn on your ASG Key, p ress the b utton lab eled Re d in ord er to enter Authentic ation Mod e, typ e your PIN numb er, and p ress En te r. The ASG Key resp ond s with a c hallenge p romp t. 4. On the ASG Key, at the c halleng e p romp t, typ e the 7-d ig it c halleng e numb er you see on your PC (leave out the “ -” , for instanc e, 5552739) and p ress En t e r. Th e ASG K e y g e n e ra t e s a RESPON SE n u m b e r (f o r in s t a n c e 999-6713 ). 5. On the PC, at the Resp onse p romp t, typ e the resp onse numb er g enerated b y the ASG Key (leave out the “ -” , for instanc e, 9996713) and p ress Retur n. DEFINITY ECS verifies the resp onse. If c orrec t, DEFINITY log s you on. If the resp onse is inc orrec t, return to Step 1. NOTE: Only three log in/c halleng e/resp onse attemp ts are p ermitted . If the user is not authentic ated after the third resp onse, the user sees the messag e “ INVALID LOGIN” and the session will b e terminated . If this happ ens, see the ap p rop riate maintenanc e b ook for your system (R6r, R6vs/si, or R6c si). Maintaining Login IDs Temporarily Disabling Access Security Gateway Access for Login To temp orarily d isab le Ac c ess Sec urity Gateway, for instanc e, while users are on vac ation or travel: 1. At the p rompt, typ e change login xxxx (xxx = alphanumeric log in ID) and p ress Re t u r n to log into the Log in Ad ministration form. 2. On p ag e 2 of the Log in Ad ministration form, set the Blocked field to y . NOTE: Setting the Blocked field to y d oes not remove the log in from the system, b ut temp orarily d isab les the log in. 3. When c omp leted , p ress Retur n to save your c hang es.
BCS Products Security Handbook Addendum 585-025-600ADD Issue 1 May 1999 Securing Remote Lucent Technologies Systems 1-7 Securing DEFINITY Systems (Release 7.2 and Later) with Access Security 1 Restarting Temporarily Disabled Access Security Gateway Access for Login 1. At the p rompt, typ e change login xxxx (xxx = alphanumeric log in ID) and p ress Re t u r n to log into the Log in Ad ministration form. 2. On p ag e 2 of the Log in Ad ministration form, set the Blocked field to n . 3. When c omp leted , p ress Return to save your c hang es. Maintaining the Access Security Gateway History Log The Ac c ess Sec urity Gateway History Log log s all session estab lishment and rejec tion events assoc iated with users ac c essing the system administration and maintenanc e interfac e throug h ASG. This log emulates the information p rovid ed in the DEFINITY History Log , b ut also c ontains information on whether the session was ac c ep ted or rejec ted by ASG, and if rejec ted , the reason for the rejec tion. This form is ac c essib le only if the G3 Version field on the System-Parameters Customer-Op tions form is V6 or g reater and the Access Security Gateway (ASG) field on the form is y . Loss of an ASG Key If a user loses their ASG Key, he/she must notify the system ad ministrator immed iately. The ad ministrator, in turn, must do the following : nMod ify any log ins assoc iated with the lost ASG Key. See the Access Sec urity Gateway Key User’s Guid e for information on c hang ing your PIN. nIf the log in is no long er valid , at the p rompt, typ e remove login xxxx (xxx = alphanumeric log in ID) and press Retur n to remove the invalid login from the system. nTo keep the same log in, c hang e the Sec ret Key assoc iated with the log in to a new value. nUsing the new sec ret key value, re-key devic es that g enerate resp onses and interac t with the log in.
BCS Products Security Handbook Addendum 585-025-600ADD Issue 1 May 1999 Securing Remote Lucent Technologies Systems 1-8 Securing DEFINITY Systems (Release 7.2 and Later) with Access Security 1 Interactions of ASG nCustomer Ac cess INADS Port If ac c ess to the INADS port is disab led on a system-wid e b asis, ad ministering ac c ess to the SYSAM-RMT or INADS port, throug h the Ac c ess Sec urity Gateway feature, d oes not overrid e the INADS p ort restric tion. Administration d oes not p rohib it assig nment of Ac c ess Sec urity G a t e w a y t o t h e SYSAM -RM T o r I N A D S p o r t . H o w e v e r , in a c o n f i g u r a t i o n where this method of ac c ess is b loc ked , you will b e d enied ac c ess to the sy s t e m t h ro u g h t h e SYSA M - RM T o r I N AD S p o r t e v e n if yo u a t t e m p t t o ac c ess the p ort using a valid Ac c ess Sec urity Gateway log in ID. If ac c ess to the INADS port has b een d isab led on a log in basis, ad ministering ac c ess to the SYSAM-RMT or INADS port, via the Ac c ess Sec urity Gateway feature, will not overrid e the INADS p ort restric tion. nLog in Ad ministration The standard user interface for DEFINITY ECS login administration has not b een mod ified b y Ac c ess Sec urity Gateway. Also, the stand ard DEFINITY ECS login user interface is maintained in cases where Acc ess Security Gateway parameters have not b een ad ministered for the log in. nSec urity Violation Notific ation (SVN) Ac c ess Sec urity Gateway does not sup p ort an interfac e to the SVN feature. Session rejec tion events d o not ap p ear in the monitor sec urity-violations log in rep ort and referral c alls are not sp awned in the event that the numb er of rejec ted Ac c ess Sec urity Gateway sessions exc eed s the threshold /time interval c riteria imp osed b y the SVN feature. nSec urity Measurements Ac c ess Sec urity Gateway session estab lishment or rejec t events d o not inc rement the Suc c essful Log ins, Invalid Attemp ts, Invalid IDs, Forc ed Disc onnec ts, Log in Sec urity Violations or Trivial Attemp ts c ounters maintained for the list measurements sec urity-violations d etail report. Ad d itionally, log in sp ec ific information maintained by the measurements sec urity-violations summary rep ort d oes not inc lud e Ac c ess Sec urity Gateway related d ata.
BCS Products Security Handbook Addendum 585-025-600ADD Issue 1 May 1999 Securing Remote Lucent Technologies Systems 1-9 Securing INTUITY AUDIX Ports (Release 5.0 and Later) with ASG 1 Securing INTUITY AUDIX Ports (Release 5.0 and Later) with ASG Ac c ess Sec urity Gateway also p rovid es up -to-d ate authentic ation for the Intuity AUDIX system logins. For Intuity Release 5.0, ASG p rotec tion is availab le for remote dial-up logins only. ASG protects Intuity AUDIX systems by challenging each potential dial-up session user. If an ASG log in ID is estab lished for a p artic ular user (suc h as sa, whic h refers to a log in for the “ system ad ministrator,” or vm, whic h refers to the login of the “ voic e messag ing ad ministrator” ), the ASG layer of protec tion is in p lac e for anyone who attemp ts to log in as that user. If an ASG log in ID is not estab lished for a p artic ular user, the user log s in to the system with the UNIX system p assword . NOTE: Information ab out ASG with Intuity and p roc ed ures for ad ministering and using ASG c an b e found on the Intuity Messag ing Solutions Release 5.0 d oc umentation CD. There, d o a searc h within the ind ex for “ Ac c ess Sec urity Gateway (ASG).” In ord er to resp ond to the ASG c halleng e, the user must have a hand -held d evic e c alled the ASG Key. The ASG Key must b e set with an enc ryp tion key number that matc hes that of the user’s ASG enc ryption key numb er in the Intuity AUDIX system. For more information ab out the ASG Key, see the ASG Key User Guid e, 585-212-012. Use the following p roc ed ures for log g ing in with ASG, maintaining Log in IDs, and setting and resolving violation warning s. Logging In With ASG When you b egin a remote session with an Intuity AUDIX system that is ASG-ac tivated , the system promp ts you with a c halleng e. To log in to a system that has ASG ac tivated for your log in: 1. At the login: p romp t, enter your log in ID. The terminal sc reen d isp lays the following messag e: Challeng e: xxxxxxx Resp onse: 2. Press ENTER ( ) on the ASG Key to start the ASG Key. The ASG Key d isp lays the following messag e: PI N : 3. On the ASG Key, typ e your PIN and p ress ENTER ( ).
BCS Products Security Handbook Addendum 585-025-600ADD Issue 1 May 1999 Securing Remote Lucent Technologies Systems 1-10 Securing INTUITY AUDIX Ports (Release 5.0 and Later) with ASG 1 4. On the ASG Key, typ e the c halleng e number that is d isp layed on the terminal sc reen, and p ress ENTER ( ). The ASG Key d isp lays the uniq ue, 7-d ig it resp onse numb er that c orresp ond s to the c hallenge numb er you entered . The c halleng e and resp onse numbers are valid for this session only. 5. On the terminal sc reen, at the Response: promp t, enter the resp onse numb er that is d isp layed on the ASG Key. NOTE: If the authentic ation p roc ess is suc c essful, the system d isp lays the Luc ent INTUITY Main Menu for the sa log in OR the AUDIX Command Promp t Sc reen for the vm log in. If the authentic ation p roc ess fails, the system makes an entry in the system History Log and d isp lays the following messag e: INVALID LOGIN. Maintaining Login IDs Onc e you estab lish an ASG log in for a sp ec ific Intuity AUDIX log in user, sa or vm, anyone who attemp ts remote ac c ess to your system with the p rotec ted log in is p rompted for the c halleng e resp onse numb er. Adding an ASG Login You must be logged in as sa to add an ASG login for sa or vm. To add a new ASG login to your system: 1. At the Luc ent INTUITY Main Menu, selec t ASG Security Administration and then selec t ASG Security Login Administration. The system displays the ASG Sec urity Login Administration Window. 2. Complete the following field s: nLogin ID: (In this field typ e either sa or vm.) nAccess Via ASG Blocked? (Set this field to N whic h ind ic ates that the Log in ID should have full acc ess privileges.)
BCS Products Security Handbook Addendum 585-025-600ADD Issue 1 May 1999 Securing Remote Lucent Technologies Systems 1-11 Securing INTUITY AUDIX Ports (Release 5.0 and Later) with ASG 1 nAuthentication Type? (In this field typ e PASSKEY whic h ind ic ates that the user must have the ASG Key to p rod uc e the uniq ue resp onse numb er d uring log in. NOTE: If you typ e PASSWORD (rather than PASSKEY) in the Authentication Type: field , the system will use reg ular Intuity AUDIX password p rotec tion. nSystem Generated Secret? (Set this field to Y for Yes or N for No. Y ind ic ates that you want the system to c reate the sec ret key for this Log in ID. N ind ic ates you will provid e the sec ret key numb er in the Secret Key: field.) 3. If you typ ed N in the System Generated Secret? field , c omp lete the Secret Key: field . (A Sec ret Key is a 20-d ig it string using only the d ig its 0 throug h 7 in any ord er) 4. Press F2 (Create) to save the information. The system d isp lays a c onfirmation messag e and p rovid es the enc ryption key number that must matc h the ASG Key when a user attemp ts to log in. The enc ryp tion key numb er must b e entered into the ASG Key as Key1 or Key2. 5. Press EN TER, then p ress F6 (Canc el) twic e to return to the Luc ent INTUITY Main Menu. Blocking or Reinstating Access Privileges for an ASG Login If a user will not need ac c ess to the system for a long p eriod of time, you c an b loc k the ASG Log in ID’s ac c ess temp orarily. Perform the following tasks to b loc k or reinstate ac c ess for an ASG Log in. 1. At the Luc ent INTUITY Main Menu, selec t ASG Security Administration and then selec t ASG Security Login Administration. The system displays the ASG Sec urity Login Administration Window. 2. Typ e the user’s log in ID in the Login ID: field . 3. Set the Access Via ASG Blocked? field to Y if you want to revoke the user’s ac c ess to the system OR set this field to N in the Access Via ASG Blocked? field if you want to reinstate the user’s ac c ess to the system. 4. Press F3 (Chang e) to save the c hang es. The system d isp lays a c onfirmation messag e. 5. Press EN TER, then p ress F6 (Canc el) twic e to return to the Luc ent INTUITY Main Menu.
BCS Products Security Handbook Addendum 585-025-600ADD Issue 1 May 1999 Securing Remote Lucent Technologies Systems 1-12 Securing INTUITY AUDIX Ports (Release 5.0 and Later) with ASG 1 Changing the Encryption Key Number for an ASG Login The enc ryp tion key numb er is used b y the system and b y the ASG Key hand -held d evic e to c reate c hallenge resp onse p airs of numbers. If an enc ryp tion key numb er is lost or c omp romised , it must b e c hang ed in the system and in all assoc iated ASG Key hand -held d evic es. To c hang e the enc ryp tion numb er. 1. At the Luc ent INTUITY Main Menu, selec t ASG Security Administration and then selec t ASG Security Login Administration. The system displays the ASG Sec urity Login Administration Window. 2.Typ e the user’s log in ID in the Login ID: field . 3. Set the System Generated Secret? field to Y if you want to want the system to g enerate a uniq ue Sec ret Key numb er or set this field to N if you want to enter your own Secret Key number. 4. If the System Generated Secret? field is set to N, c omp lete the Secret Key: field . (A Sec ret Key is a 20-d ig it string , using only the d ig its 0 throug h 7 in any ord er.) 5. Press F3 (Chang e) to save the c hang es. The system d isp lays a c onfirmation messag e and p rovid es the c halleng e resp onse number that the user will need to log in to the system. 6. Press EN TER, then p ress F6 (Canc el) twic e to return to the Luc ent Intuity Main Menu. Displaying ASG Login Information If you need to c hec k on the status of an ASG log in, p erform the following tasks to d isp lay the ASG Disp lay Sc reen. 1. At the Luc ent INTUITY Main Menu, selec t ASG Security Administration and then selec t ASG Security Login Administration. The system displays the ASG Sec urity Login Administration Window. 2. Typ e the user’s log in ID in the Login ID: field . 3. Press F4 ( D i s p l a y ) to d isp lay information ab out the ASG log in ID. The system d isp lays the ASG Display Screen. 4. Press EN TER, then p ress F6 (Canc el) twic e to return to the Luc ent INTUITY Main Menu.
BCS Products Security Handbook Addendum 585-025-600ADD Issue 1 May 1999 Securing Remote Lucent Technologies Systems 1-13 Securing INTUITY AUDIX Ports (Release 5.0 and Later) with ASG 1 Disabling ASG Authentication If you want to d isc ontinue ASG p rotec tion for a p artic ular log in, c hang e the Authentic ation Typ e to password. To d isable ASG authentic ation: 1. At the Luc ent Intuity Main Menu, selec t ASG Security Administration and then selec t ASG Security Login Administration. The system displays the ASG Sec urity Login Administration Window. 2.Typ e the user’s log in ID in the Login ID: field . 3. Typ e PASSWORD in the Authentication Type? field. 4. Press F3 (Chang e) to save the information. The system d isp lays a c onfirmation messag e. 5. Press EN TER, then p ress F6 (Canc el) twic e to return to the Luc ent INTUITY Main Menu. Setting and Resolving Violation Warnings ASG trac ks the numb er of unsuc c essful log in attemp ts and the time between unsuc c essful log in attemp ts. If someone exc eed s the allowed numb er of failed login attemp ts, a warning is ad ded to the Alarm Log . Setting Notification Limits To set alarm p arameters for ASG, follow these step s: 1. At the Luc ent INTUITY Main Menu, selec t ASG Security Administration and then selec t ASG Security Violation Warning Administration. The system d isp lays the ASG Sec urity Violation Warning Ad ministration Win d o w. 2. Typ e a new value in the Number of failed login attempts: field , if needed. (This numb er c an b e from 1 to 99 whic h ind ic ates the number of times that the user c an inc orrec tly typ e the log in information b efore the system p lac es an entry in the Alarm Log and d isallows further login attemp ts.) NOTE: A lower numb er in this field p rotec ts the system more fully.
BCS Products Security Handbook Addendum 585-025-600ADD Issue 1 May 1999 Securing Remote Lucent Technologies Systems 1-14 Lucent Technologies Support 1 3. Typ e a new value in the Failed login measurement window: field, if needed. (This number can be from 1 through 60 which indicates the maximum time, in minutes, that may elap se b etween failed log in attemp ts, b ut still have the attemp t c ount as one in a series.) NOTE: A hig her value in this field p rotec ts the system more fully. 4. Press F3 (Save) to save the c hang es. The system d isp lays the following confirmation messag e: Assignment made Press Enter to c ontinue. 5. Press EN TER, then p ress F6 (Canc el) twic e to return to the Luc ent INTUITY Main Menu. Resolving ASG Violation Alarms To resolve an ASG warning , follow these steps: 1. At the Luc ent INTUITY Main Menu, selec t ASG Security Administration and then selec t ASG Security Violation Warning Administration. The system d isp lays the ASG Sec urity Violation Warning Ad ministration Win d o w. 2. Set the Resolve existing alarms? field to Y. (Y ind ic ates that you want to resolve an ac tive ASG alarm.) 3. Press F3 (Save) to save the c hang es. The system d isp lays the following confirmation messag e: Assignment made Press Enter to c ontinue. 3. Press EN TER, then p ress F6 (Canc el) twic e to return to the Luc ent INTUITY Main Menu. Lucent Technologies Support Luc ent Tec hnolog ies provid es RPSD Keys to their maintenanc e c enters to ac c ommod ate ac c ess to systems you sec ure with the RPSD Loc k. With DEFINITY Release 7.2 and Intuity Release 5.0, the servic es area of Luc ent Tec hnolog ies has b een mod ified to ac c ommod ate the ASG feature. However, note that, unlike the RPSD Loc k feature whic h req uires ac c ess throug h a hard ware RPSD key at the servic es site, neg otiating the system throug h ASG is ac c omp lished throug h a software interfac e to the INADS “ c onnec t” tool. Other d esktop and lap top tools are also availab le to Luc ent Servic es eng ineers and tec hnic ians to ac c ess the Luc ent system via ASG.