Lucent Technologies BCS Products Security Handbook Addendum Instructions Manual

							BCS Products 
Security Handbook Addendum  585-025-600ADD  Issue 1
May 1999
New and Updated Security Checklists 
3-5 Messaging 2000 Voice Mail System 
3
[ Rec ommend ed]  When Quic k 
Assist is run in recover mod e from 
the \CVR promp t in an OS/2 
wind ow, or run automatic ally as 
p art of system maintenanc e, 
inc lud e the -M
n parameter to 
sp ec ify a mailb ox to rec eive 
unattac hed  messages.
[ Rec ommend ed]  Use the Req uire 
Pa s sw o rd  t o  Pr o c e e d  t o  N e x t  L e ve l 
op tion to sec ure V-Trees that 
p rovid e sensitive information suc h 
as p ric ing  d ata and c ustomer d ata.
To l l  Fr a u d
[ Req uired ]  Disab le the Transfer 
Invalid  Mailb oxes During  Hours 
and  Transfer Invalid Mailb oxes 
After Hours p arameters on the 
Invalid  Mailb ox tab  in System 
Se t u p .
Ph y si c a l  Se c u r it y
[ Req uired ]  Store the M2000 system 
PC in a sec ure area.
[ Req uired ]  The mod em c onnec tion 
to the system should  b e “ d isabled ”  
when it is not req uired  for use b y 
b onafid e personnel. This 
c onnec tion should  be enab led  only 
by the system administrator on an 
“as need ed ”  b asis.
Table 3-1. Messaging 2000 Voice Mail System  — Continued
Y/N
1Note N/A 
						

							BCS Products 
Security Handbook Addendum  585-025-600ADD  Issue 1
May 1999
New and Updated Security Checklists 
3-6 Messaging 2000 Voice Mail System 
3
End-User Education
[ Req uired ]  The end-user must 
periodically/frequently change all 
sec ond ary p assword s. After 
changing the secondary 
passwords, the end-user should 
notify the ap p rop riate Luc ent 
sup p ort org anization(s) that the 
passwords have been changed.
[ Rec ommend ed]  Req uire that 
sub sc rib ers rec ord  their Name 
p romp ts so that the system voic es 
the mailbox owner’s name to 
callers send ing  messages to 
M2000 system mailb oxes.
MERLIN Leg end  Sec urity
[ Req uired ]  Contac t the Luc ent 
system rep resentative to determine 
what sec urity features are availab le 
for the Merlin Legend  
c ommunic ation system and  how to 
imp lement them. Follow the 
guidelines given in the Merlin 
Leg end  sec urity c hec klist. Before 
imp lementing  any sec urity features 
on the p hone system, c ontac t an 
Luc ent tec hnic al sup p ort 
rep resentative to ensure that the 
features you want to imp lement will 
not d isrup t M2000 system 
p erformanc e in any way.
1.If “ NO”  (N), p rovide Note referenc e numb er and  exp lain.
Table 3-1. Messaging 2000 Voice Mail System  — Continued
Y/N
1Note N/A 
						

							BCS Products 
Security Handbook Addendum  585-025-600ADD  Issue 1
May 1999
New and Updated Security Checklists 
3-7 PARTNER, PARTNER II, and PARTNER Plus Communications Systems, and 
3
PARTNER, PARTNER II, and
PARTNER Plus Communications
Systems, and PARTNER Advanced
Communications System (ACS)
See also the g eneral sec urity c hec klist for all BCS Prod uc ts in the BC S Pro d u c t s 
Sec urity Hand b ook
, 555-025-600, Ap p end ix H, and  see the sec urity c hec klist for 
any attac hed  voic e mail systems or other ad junc ts.
C us tom er : _________________________________________
Loc ati on: _________________________________________
Pro d uc t Typ e : _________________________________________
N ew  Ins tal l: _________________________________________
Sys tem  U p g r ad e: _________________________________________
Maj or  A d d i ti on: _________________________________________
Table 3-2. PARTNER, PARTNER II, and PARTNER Plus Comm. Systems and 
PA RT N E R  A C S
Y/N
1Note N/A
Physical Security
Switc h room and  wiring  c losets 
loc ked
All eq uip ment d oc umentation 
sec ured
Attend ant c onsole sec ured at 
night; head set unp lug ged
Loc al and  remote ad ministration 
eq uip ment sec ured
Telephone logs and printed reports 
sec ured
Ad junc t (CAT, SMDR, Printer, etc .) 
terminals secured 
						

							BCS Products 
Security Handbook Addendum  585-025-600ADD  Issue 1
May 1999
New and Updated Security Checklists 
3-8 PARTNER, PARTNER II, and PARTNER Plus Communications Systems, and 
3
Customer Education
System manag er/ad ministrator has 
c op y of Sec urity Hand b ook/Toll 
Fraud  Overview
System sec urity p olic y estab lished 
and distributed
System security p olicy reviewed  
periodically
Sec urity p olic y inc lud ed  in new-hire 
orientation
Employees know how to detect 
p otential toll fraud
Emp loyees know where to rep ort 
susp ec ted  toll fraud
Ac c ount c od es not seq uential
Remote ac c ess p hone numb er not 
published
Barrier codes and passwords are 
c hosen to b e d iffic ult to g uess
Barrier c od es, p assword s 
(inc lud ing  voic e mail), and  ac c ount 
codes are removed/changed when 
emp loyees are terminated
Ac c ount c od es and  log ins not 
written d own or translated  on 
auto-dial b uttons
Log ins and password s are not 
written d own
All c ustomer p assword s are 
changed on a regular basis
Hac kerTracker threshold s 
estab lished
Soc ial eng ineering  exp lained
Customer is aware of 
network-b ased  toll fraud  
surveillanc e offering s suc h as 
netPROTECT Table 3-2. PARTNER, PARTNER II, and PARTNER Plus Comm. Systems and 
PA RT N E R  A C S  —  Continued
Y/N
1Note N/A 
						

							BCS Products 
Security Handbook Addendum  585-025-600ADD  Issue 1
May 1999
New and Updated Security Checklists 
3-9 PARTNER, PARTNER II, and PARTNER Plus Communications Systems, and 
3
Customer knows how to subsc rib e 
t o  A C C ESS s e c u ri t y  sh a r e d  f o ld e r
System Features
Forc ed  ac c ount c odes with 
verific ation used  (PARTNER Plus 
Communic ations System 3.1 and 
later, and  PARTNER II 
Communic ations System 
Release 3.1 and  later, and  
PARTNER ACS Release 1 and  
later)
900, 976 typ e c alls b loc ked
2
976 look-alikes b loc ked2
Operator c alls restric ted2
011/LD c alls restricted2
1+ 809 and  0+ 809 area c ode 
blocked2
Block access to Alliance 
telec onferenc e servic e (0700)2
Station loc k used  to sec ure 
terminals in public areas 
(PARTNER Plus Release 4.1 and  
later, PARTNER II Release 4.1 and  
la t e r ,  PA RTN ER A C S Re le a se  1  
and  later
Remote Ac c ess 
for PARTNER ACS Release 3 only
Remote Access p assword is 
changed periodically
System Administrator is the only 
p erson resp onsib le for the sec urity 
of the Remote Ac c ess p assword
Remote Access p assword  consists 
of random alpha numeric  
characters that can be entered 
only loc ally, onsite via d ial p ad 
ad ministration Table 3-2. PARTNER, PARTNER II, and PARTNER Plus Comm. Systems and 
PA RT N E R  A C S  —  Continued
Y/N
1Note N/A 
						

							BCS Products 
Security Handbook Addendum  585-025-600ADD  Issue 1
May 1999
New and Updated Security Checklists 
3-10 PARTNER, PARTNER II, and PARTNER Plus Communications Systems, and 
3
Remote Access p assword 
d isab led  when not in servic e
Voice Mail
for PARTNER Plus Release 3.1 
and later, PARTNER II Release 
3.1 and later, and PARTNER ACS 
Release 1 and later
Ports used  for voic e mail outward  
restricted  (FRL 0) unless outcalling  
is used
— If outc alling  is used , all voic e 
mail ports are outward  restric ted  
exc ep t those used  for outc alling , 
whic h are restric ted  to areas 
ap p rop riate for outc alling  by FRL
—If outc alling  to sp ec ific  non-loc al 
areas is required , sp ec ial allow list 
has b een c reated  for those areas 
and  assigned  to the outc allng  
p ort(s)
Disallow list c reated  c ontaining  *, 
11, 0, 011, 10, 411, 1411, 700, 800, 
1800, 809, 1809, 900, and  9999.,. 
All voic e mail p orts are assig ned  to 
this disallow list.
Product Monitoring
for PARTNER Plus, PARTNER II, 
a n d  PA RTN ER A C S o n l y
SMDR/Call Ac c ounting rep orts 
monitored daily
Hac kerTracker rep orts monitored  
daily
Automated Attendant
Ad minister rang e of valid  
extensions
Ad minister maximum d ig its to 
matc h d ial p lan
Change default system password Table 3-2. PARTNER, PARTNER II, and PARTNER Plus Comm. Systems and 
PA RT N E R  A C S  —  Continued
Y/N
1Note N/A 
						

							BCS Products 
Security Handbook Addendum  585-025-600ADD  Issue 1
May 1999
New and Updated Security Checklists 
3-11 PARTNER, PARTNER II, and PARTNER Plus Communications Systems, and 
3
Adjuncts
Remote Administration Unit (RAU) 
unattend ed  mode d isab led , 
or 
RAU p assword  enab led for 
unattend ed  mode
RAU p assword  c onsists of random 
numb ers
RAU p assword  is c hang ed  
reg ularly
1.If “ NO”  (N), p rovide Note referenc e numb er and  exp lain.
2. Use line acc ess restrictions, outg oing  call restric tions, allowed  and  disallowed  lists 
features.
Table 3-2. PARTNER, PARTNER II, and PARTNER Plus Comm. Systems and 
PA RT N E R  A C S  —  Continued
Y/N
1Note N/A 
						

							BCS Products 
Security Handbook Addendum  585-025-600ADD  Issue 1
May 1999
New and Updated Security Checklists 
3-12 PARTNER MAIL, PARTNER MAIL VS, and PARTNER Voice Mail (PVM) Systems 
3
 PART N E R  MA IL ,  PA RT N E R  M A IL
VS, and PARTNER Voice Mail (PVM)
Systems
See also the g eneral sec urity c hec klist for all BCS Prod uc ts in the BC S Pro d u c t s 
Sec urity Handb ook
, 555-025-600, Ap p end ix H, and  the sec urity c hec klist for the 
host c ommunic ations system.
 
C us tom er : _________________________________________
Loc ati on: _________________________________________
PBX Typ e: _________________________________________
N ew  Ins tal l: _________________________________________
Sys tem  U p g r ad e: _________________________________________
Por t A d d i tio ns : _________________________________________
Ta b le  3- 3 . PART NE R MA IL ,  PARTN E R MA IL  V S , a n d  PA RTN ER  Voi ce  M ai l  
(PVM) Systems
Y/N
1Note N/A
System Administration
for PARTNER Mail, PARTNER 
MAIL VS, and PARTNER Voice 
Mail 
Password s and  mailb oxes 
removed/changed when 
emp loyees are terminated
Mailb oxes for unused  extensions 
deleted
Ad ministration log in p assword  
changed from default
Ad ministration log in p assword  
changed regularly
Outcalling privileges not assigned 
or assig ned only to those req uiring  
them 
						

							BCS Products 
Security Handbook Addendum  585-025-600ADD  Issue 1
May 1999
New and Updated Security Checklists 
3-13 PARTNER MAIL, PARTNER MAIL VS, and PARTNER Voice Mail (PVM) Systems 
3
for PARTNER MAIL System only
System mailb oxes (90 to 98 and  
9999) assig ned COS 7 to 9 to 
p revent transfer out of mailb ox 
for PARTNER MAIL Release 3 only
System Administrator mailb ox 
changed from default
System Administrator Mailb ox 
password changed to a 
maximum-length value that is 
difficult-to-guess
System Administrator Menu 
Access password changed to a 
maximum-length value that is 
difficult-to-guess
Forced password change for new 
value
User p assword  more than 5 
characters long
System Features
for PARTNER MAIL Release 3 only
Mailb oxes c reated  only for ac tive 
sub sc rib ers
Transfer restric ted  to sub sc rib ers 
only
Log in attempts b efore Mailb ox 
Loc kout less than 6
Log in attempts b efore Warning  
Messag e less than 6
Outcalling privileges not assigned 
or assig ned only to those req uiring  
them
1.If “ NO”  (N), p rovide Note referenc e numb er and  exp lain.
Ta b le  3- 3 . PART NE R MA IL ,  PARTN E R MA IL  V S , a n d  PA RTN ER  Voi ce  M ai l  
(PVM) Systems — Continued
Y/N
1Note N/A 
						

							BCS Products 
Security Handbook Addendum  585-025-600ADD  Issue 1
May 1999
New and Updated Security Checklists 
3-14 PARTNER MAIL, PARTNER MAIL VS, and PARTNER Voice Mail (PVM) Systems 
3