Home > Lucent Technologies > Communications System > Lucent Technologies BCS Products Security Handbook Addendum

Lucent Technologies BCS Products Security Handbook Addendum

    Download as PDF Print this page Share this page

    Have a look at the manual Lucent Technologies BCS Products Security Handbook Addendum online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							Messaging 2000 Voice Mail System 
    2-1 Overview 
    2
    BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    2
    2Messaging 2000 Voice Mail System
    Overview
    The Messag ing  2000 (M2000) System p rovid es Voic e Mail servic es for the 
    MERLIN Leg end  Communic ation System. The system is PC b ased  and utilizes 
    the IBM OS-2 op erating  system. The system is c onnec ted  to the Leg end  system 
    via line-sid e VMI p orts. These p orts allow ac c ess to the voic e mailb oxes 
    assoc iated  with eac h PBX sub sc rib er. 
    Maintaining Message 2000 System 
    Security
    The M2000 system inc lud es features that c an enhanc e the sec urity of the M2000 
    system. It is rec ommend ed  that the end -user review the following  sec urity 
    measures and  implement them as ap p rop riate.
    nPreventing  Callers from Transferring  to Extensions Not Assig ned M2000 
    Sys t e m  M a il b o xe s
    On some p hone systems, c allers c an transfer to a system extension and  
    then use that extension to ac c ess an outsid e line. This is most relevant for 
    M2000 ports used  for outc alls for networking or messag e notific ation to a 
    b eep er. By p reventing c allers from ac c essing system extensions not 
    assig ned  M2000 system mailb oxes, the risk of outsid e c allers ac c essing  
    an outsid e line may b e red uc ed . Setting  the following  p arameters on the 
    Invalid  Mailb ox tab  in System Setup  c an p revent c allers from ac c essing  
    non-assigned  extensions.
    — Transfer Invalid  Mailb oxes During  Hours
    — Transfer Invalid  Mailb oxes After Hours 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    Messaging 2000 Voice Mail System 
    2-2 Maintaining Message 2000 System Security 
    2
    When these p arameters are d isab led , c allers d ialing  an extension that has 
    not b een assig ned  an M2000 mailbox will hear, “ Mailb ox numb er is not 
    valid . Please redial the numb er of the p erson you are c alling .”
    NOTE:
    It is rec ommend ed  that these p arameters are set to d isab le transfer 
    to invalid  mailb oxes.
    nImp eding  Callers from Ac c essing  the Quic k Assist Maintenanc e Mailb ox
    When Quic k Assist is run in Rec over Mod e, the system c an automatic ally 
    assign messages with invalid header information to a default mailbox. This 
    allows the system manag er to then c op y the messag es to the c orrec t 
    sub sc rib er mailbox. The d efault for this maintenanc e mailb ox is the last 
    mailb ox numb er availab le on the system. For examp le, on an M2000 
    system with 4-d ig it mailb oxes, mailbox 9999 is used .
    Sinc e it is easier for an outsid e c aller attemp ting  to g ain unauthorized  
    mailb ox ac c ess to g uess a mailb ox numb er suc h as 9999, it is 
    rec ommend ed that the system mailb ox in whic h unattac hed  messag es will 
    b e p lac ed , b e sp ec ified explic itly. In ad d ition, it is strong ly rec ommend ed  
    that this mailb ox b e assig ned  a long  p assword  that c ould  not easily b e 
    g uessed  b y an outsid e c aller attemp ting  to ac c ess the system.
    When Quic k Assist is run in Rec over Mod e from the Quic k Assist ic on in 
    the Luc ent folder, use the “ Mailb ox to Rec eive Unattac hed  Messages”  
    field  on the Rec over Files d ialog  b ox to spec ify a mailb ox in whic h to p lac e 
    messag es with invalid  head er information. When Quick Assist is run from 
    the \CVR p romp t or in b atc h mod e as p art of reg ular system maintenanc e, 
    sp ec ify this mailb ox b y inc lud ing  the -M
    n p arameter, where n ind ic ates the 
    numb er of the mailb ox to b e used , in the Quic k Assist c ommand  line. 
    nAssig ning  Rand omly Generated  Password s to M2000 System Mailb oxes
    During  System Setup , M2000 allows selec tion of the typ e of p assword  
    assig ned  to new system mailboxes. You may assig n the same d efault 
    p assword  to all new mailb oxes, 
    or not req uire a p assword , or have the 
    M2000 system automatic ally assig n a random p assword  to eac h new 
    mailb ox. For sec urity p urp oses, it is rec ommend ed  that rand om password  
    assig nment b e used . This makes it muc h more d iffic ult for a c aller to 
    g uess a mailb ox’s p assword . When rand om password  assig nment is 
    used , the M2000 system d isp lays the p assword s assig ned  to the new 
    mailb oxes when they are c reated .
    nReq uiring  Password s at Least 1 Dig it Long er than Mailb ox Numb ers
    The long er the p assword s assig ned  to system mailb oxes, the hard er it is 
    for a c aller to g uess them. The Minimum Leng th of Password  p arameter on 
    the Sub sc rib er p arameters tab  in the System Setup  utility allows you to set 
    the least number of digits required in a mailbox password. It is 
    rec ommend ed that this p arameter b e set to at least 1 d igit hig her than the 
    leng th of the system’s mailb ox numb ers. For examp le, if the system uses 
    4-d ig it mailboxes, it is rec ommend ed that the Minimum Leng th of  
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    Messaging 2000 Voice Mail System 
    2-3 Maintaining Message 2000 System Security 
    2
    Password  p arameter b e set to at least 5. Note that the leng th of this 
    p arameter must b e set to b alanc e system sec urity ag ainst ease of use for 
    the sub sc rib ers. Setting  this p arameter too hig h may make it d iffic ult for 
    system sub sc rib ers to rememb er their p assword s.
    nRequiring Subscribers to Regularly Change Their Passwords
    The requirement that subscribers regularly change their passwords helps 
    p revent outsid e c allers from d etermining  sub sc rib er p assword s and  
    g aining unauthorized  acc ess to system mailb oxes. The Days Before 
    Forc ed  Password  Change p arameter on the Sub sc rib er tab  in System 
    Setup  should be used  to spec ify the req uired  internal b efore sub sc rib ers 
    are req uired to c hang e their mailb ox p assword s. When this parameter is 
    enab led , subsc rib ers must c hang e their p assword  the first time they log  
    into their mailb oxes and  after the numb er of sp ec ified  d ays exp ires b efore 
    they c an p roc eed  to the main menu.
    nMonitoring  Uninitialized  Mailb oxes
    If the Days Before Forc ed  Password  Chang e parameter in System Setup  is 
    d isab led , sub sc rib ers are not req uired  to c hang e their p assword s. This 
    c an make it easier for a c aller to g uess a sub sc rib er’s p assword, 
    esp ec ially if a d efault p assword  is used  for all mailb oxes instead  of 
    rand omly assig ned p assword s for eac h mailb ox.
    The Uninitialized  Mailb ox rep ort lists all mailb oxes for which the p assword  
    has not yet b een c hanged  from the initially assig ned  p assword . It is 
    rec ommend ed that this rep ort b e regularly reviewed  to d etermine whic h 
    sub sc rib ers have not yet c hang ed  their p assword s. Sub sc rib ers should  
    b e reminded  that they should  c hang e their p assword s reg ularly to p revent 
    anyone b ut themselves from ac c essing their mailb oxes. If it is found  that 
    many subsc ribers are not c hanging  their p asswords, the Days Before 
    Forc ed  Password  Chang e p arameter in the System Setup utility should  b e 
    enab led  to req uire them to reg ularly c hang e their p assword s.
    nU s in g  Ex t e n d e d  Pa s sw o rd  Se c u r it y
    Extend ed  p assword sec urity req uires sub sc rib ers to p ress the “ #”  key 
    after entering  their p assword s to ac c ess their mailb oxes. If sub sc rib ers d o 
    not p ress the “ #”  key, the system p auses b efore allowing  mailbox ac c ess. 
    The Enab le Extend ed Password  Sec urity parameter on the Sub sc rib er tab  
    in System Setup  d etermines whether the system waits for the sub sc rib er to 
    p ress “ #”  or allows immed iate mailb ox ac c ess after suc c essful p assword  
    entry.
    This p arameter help s p revent unauthorized  users from d etermining  the 
    numb er of d ig its in M2000 system mailbox password s.
    NOTE:
    It is rec ommend ed  that this feature b e enab led . 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    Messaging 2000 Voice Mail System 
    2-4 Maintaining Message 2000 System Security 
    2
    nProvid ing  Notific ation of Unsuc c essful Mailb ox Login Attemp ts
    The M2000 system c an send  voic e notific ation to sub sc rib ers when one or 
    more unsuc c essful log in attemp ts have been mad e to their mailb oxes. 
    This feature informs sub sc rib ers that someone may have attemp ted  to 
    g ain unauthorized  ac c ess to their mailb oxes.
    The Failed  Log in Notific ation op tion on the Class of Servic e d ialog  b ox 
    determines whether this feature is enabled. The Failed Login Notify option 
    on the Sub sc rib er Setting s d ialog  b ox c ontrols this feature b y ind ivid ual 
    mailb ox.
    When an unsuc c essful log in attempt oc c urs, it is rec ommend ed that the 
    sub sc rib er c hang e their mailb ox p assword  immed iately and  notify the 
    system manag er of the attemp ted  log in.
    NOTE:
    It is rec ommend ed  that this feature b e enab led  for all mailb oxes.
    nLoc king  Sub sc rib er Mailb oxes After Unsuc c essful Login Attemp ts
    The M2000 system can lock a mailbox when a caller attempting to log into 
    the mailb ox is d isc onnec ted  after entering the inc orrec t p assword  a 
    sp ec ified  numb er of times. A loc ked  mailb ox p revents any c aller, 
    inc lud ing  the sub sc rib er, from log ging  into the mailb ox until the system 
    manag er manually unloc ks the mailb ox.
    Mailbox Lock-Out Option on the Class of Service dialog box determines 
    whether this feature is enab led . The Mailb ox Loc k-Out op tion on the 
    Sub sc rib er Setting s d ialog b ox c ontrols this feature by ind ivid ual mailb ox. 
    The Consec utive Login Failures Before Loc k-Out p arameter on the 
    Sub sc rib er Parameters tab in System Setup  d etermines the number of 
    failed log in attempts allowed  b efore the mailb ox is loc ked , if the Mailb ox 
    Loc k-Out op tion is enab led  for the mailb ox.
    NOTE:
    It is rec ommend ed  that this feature b e enab led  for all mailb oxes.
    nMonitoring Failed Login Attempts
    The Login Failure report provides a list of all unsuccessful login attempts 
    to system mailb oxes. This report should  b e reviewed  p eriod ic ally to 
    d etermine if there are a lot of failed log in attempts to a p artic ular mailbox 
    and  when the failed  attemp ts oc c ur. A hig h numb er of failed  log in 
    attemp ts may ind ic ate the mailb ox owner req uires ad d itional training or 
    that an unauthorized  user is attemp ting  to g ain ac c ess to the mailb ox.
    nHaving  Sub sc rib ers Rec ord  Their Name Promp ts
    When sub sc rib ers rec ord  their Name promp ts, those p romp ts are voic ed  
    as c onfirmation to c allers send ing  messag es to system mailb oxes. This 
    ensures that messag es will b e sent to the c orrec t mailboxes. If a Name 
    p rompt is not rec ord ed  for a sub sc rib er mailbox, only the mailb ox numb er 
    is voic ed  to c allers sending  messages to that mailb ox. 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    Messaging 2000 Voice Mail System 
    2-5 Maintaining Message 2000 System Security 
    2
    nDeleting Unused Mailboxes Immediately
    If a mailb ox is no longer b eing  used , it is rec ommend ed  that the mailb ox 
    b e immed iately d eleted  from the M2000 system. This will p revent anyone 
    from g aining  unauthorized  system ac c ess throug h the mailb ox. If a 
    mailbox is being reassigned to a new mailbox owner, it is strongly 
    rec ommend ed that the mailb ox b e d eleted , then re-c reated .
    nReq uiring  Callers to Enter Passwords to Proc eed  in V-Trees
    If V-Trees are used  to d istribute or c ollec t sensitive information, suc h as 
    p ric ing  d ata or c ustomer d ata, it is strong ly rec ommend ed  that you use 
    the Require Password  to Proc eed  to Next Level op tion. This op tion 
    requires c allers to a V-Tree to correctly enter a predefined password 
    b efore they are allowed  to p roc eed  in the V-Tree. You c an use this op tion 
    on multip le levels to p rotec t ind ivid ual op tions, or it c an b e used  on the 
    first level of the V-Trees to limit ac c ess to the entire V-Tree. This ensures 
    that only authorized c allers c an g ain ac c ess to the information p rovid ed  in 
    the V-Tree.
    nSec uring  the M2000 System PC
    It is imp erative that the M2000 system PC b e p rotec ted  from unauthorized  
    system manag ement ac c ess. Unauthorized  ac c ess to the M2000 system 
    PC could  result in system setup  chang es, loss of mailb oxes and 
    messag es, and  d atabase c orrup tion. The b est way to p revent 
    unauthorized  system manag ement ac c ess to the M2000 system PC is to 
    store the PC in a sec ure area, suc h as a loc ked  room.
    If the M2000 system PC c annot b e stored  in a sec ure area, the b uilt-in PC 
    sec urity features, suc h as p assword s, must b e used  to p rovid e a d eg ree 
    of p rotec tion. Refer to your PC d oc umentation for information on sec urity 
    features available on the PC.
    Note that b efore imp lementing  sec urity features on the PC, a Luc ent 
    tec hnic al sup p ort rep resentative should  b e c ontac ted  to assure that these 
    features will not d isrup t M2000 system p erformanc e.
    nUtilizing  Phone System Sec urity Features
    Luc ent Communic ation systems have sec urity features that allow one to 
    help  p revent unauthorized  ac c ess to system p orts. A Luc ent system 
    rep resentative should  b e c ontac ted  to determine what sec urity features 
    are availab le for the Merlin Leg end  system and  how to implement them.
    nUsing  Supervisor Password s to Restrict System Manag ement Acc ess
    Ac c ess to M2000 system manag ement features is p assword -protec ted . 
    There are two levels of system manag er p assword s. Level 2 ac c ess allows 
    a system manag er to c reate, ed it, and  d elete mailb oxes; ac c ess reports 
    and  system statistic s; c reate and  sp ec ify p rompts; maintain network 
    nod es; and  c reate V-Trees. Level 3 ac c ess allows a system manag er to 
    p erform all level 2 tasks, to set system p arameters using the System Setup  
    module, configure greetings by port, modify classes of service, and 
    c onfig ure multiling ual M2000 systems. 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    Messaging 2000 Voice Mail System 
    2-6 Security Recommendations for Remote Access 
    2
    It is rec ommend ed  that at least a 6-dig it p assword  b e used for b oth the 
    level 2 and  level 3 p assword s. The long er the level 2 and  level 3 
    p assword s, the more d iffic ult it b ec omes for someone to g uess them. It is 
    also rec ommend ed  that all sup ervisor p assword s b e c hang ed on a 
    reg ular b asis to further p rotec t ag ainst unauthorized  system manag er 
    ac c ess.
    nUsing  the Auto Log off Feature to Restric t System Manag ement Ac c ess
    The M2000 system’s “ auto log off feature”  allows one to spec ify the 
    maximum amount of time a system management session c an remain 
    inac tive b efore the M2000 system automatic ally logs out that user and  
    terminates the session. This feature help s p revent unauthorized  system 
    manag er ac c ess. To set the auto log off, the numb er of minutes of inac tivity 
    allowed  b efore log off must b e entered  in the “ Log off In_____ Minutes”  field  
    on the Sup ervisor Password  d ialog  b ox when log g ing  into the system.
    Security Recommendations for Remote 
    Access
    Remote ac c ess to the system should  b e sec ured  via the following  g uid elines:
    nAll remote ac c ess logins to the system must b e ad ministered  to req uire the 
    use of a sec ond ary p assword 
    nThe end -user must p eriod ic ally/freq uently c hang e all sec ond ary 
    passwords. After changing the secondary passwords, the end-user 
    should  notify the ap p rop riate Luc ent supp ort org anization(s) that the 
    p assword s have b een c hanged .
    n The mod em c onnec tion to the system should  b e “ d isab led ”  when it is not 
    req uired for use b y b enefit p ersonnel. This c onnec tion should  b e enab led  
    only b y the system administrator on an “ as need ed”  b asis.  
    						
    							New and Updated Security Checklists 
    3-1 Overview 
    3
    BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    3
    3New and Updated Security 
    Checklists
    Overview
    The following c hec klists d esc rib e sec urity features for a new Luc ent 
    Tec hnolog ies p rod uc t, the Messag ing  2000 Voic e Mail System, and  up d ates the 
    sec urity feature c hec klist for several PARTNER c ommunic ations systems and  
    PARTNER mail systems. 
    NOTE:
    The c hec klists p rovid e sp ac e for marking  the features as you c omplete 
    them and  for writing  notes if nec essary. 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    New and Updated Security Checklists 
    3-2 Messaging 2000 Voice Mail System 
    3
    Messaging 2000 Voice Mail System
    See also the g eneral sec urity c hec klist for all BCS Prod uc ts in the BC S Pro d u c t s 
    Sec urity Handb ook
    , 555-025-600, Ap p end ix H, and  see the sec urity list for the 
    host c ommunic ations system.
    C us tom er : _________________________________________
    PBX Typ e: _________________________________________
    Loc ati on: _________________________________________
    N ew  Ins tal l: _________________________________________
    Sys tem  U p g r ad e: _________________________________________
    Por t A d d i tio ns : _________________________________________
    Table 3-1. Messaging 2000 Voice Mail System 
    Y/N
    1Note N/A
    System Administration
    Passwords
    [ Req uired ]  Set the Minimum Leng th 
    of Password  p arameter on the 
    Sub sc rib er tab in System Setup  at 
    least 1 d ig it hig her than the numb er 
    of d ig its system mailb oxes.
    [ Req uired ]  Set the Days Before 
    Forc ed  Password  Change 
    p arameter on the Sub sc rib er tab  in 
    System Setup  to req uire 
    sub sc rib ers to reg ularly c hang e 
    their mailbox passwords. The 
    rec ommend ed  setting  is a value 
    from 182 to 365.
    [ Req uired ]  Use at least 6-d ig it 
    level 2 and  level 3 sup ervisor 
    p assword s to p revent unauthorized  
    system manag er ac cess. 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    New and Updated Security Checklists 
    3-3 Messaging 2000 Voice Mail System 
    3
    [ Req uired ]  All remote ac c ess 
    logins to the system must b e 
    ad ministered  to req uire the use of a 
    sec ond ary p assword .
    [ Rec ommend ed]  Use the 
    Rand omly Generated  method of 
    assigning passwords to new 
    mailb oxes.
    [ Rec ommend ed]  Reg ularly monitor 
    the Uninitialized  Mailb ox rep ort to 
    d etermine if subsc rib ers have 
    changed their mailboxes 
    p assword s. Remind  sub scrib ers 
    that have not initialized  their 
    mailb oxes that they should  c hange 
    their p asswords immed iately to 
    p revent unauthorized  ac c ess to 
    their mailb oxes.
    [ Rec ommend ed]  Ac tivate the 
    Enab le Password  Sec urity 
    p arameter on the Sub sc rib er tab  in 
    System Setup  to req uire 
    sub sc rib ers to p ress the “ #”  key 
    after they finish entering  their 
    p assword s.
    [ Rec ommend ed]  Write d own 
    level 2 and  level 3 p assword s and  
    keep  them in a sec ure plac e.
    [ Rec ommend ed]  Notify the loc al 
    servic e p rovid er of any c hang es to 
    level 2 or level 3 sup ervisor 
    p assword s in case remote 
    maintenance is req uired.
    Log in Attemp ts
    [ Req uired ]  Enab le the Failed  Log in 
    Notific ation in sub sc ribers’ c lasses 
    of servic e and  the Failed  Log in 
    Notify op tion on the Sub sc rib er 
    Setting s d ialog  b ox so the system 
    notifies sub sc rib ers when one or 
    more unsuc c essful log in attempts 
    are mad e to their mailb oxes.
    Table 3-1. Messaging 2000 Voice Mail System  — Continued
    Y/N
    1Note N/A 
    						
    							BCS Products 
    Security Handbook Addendum  585-025-600ADD  Issue 1
    May 1999
    New and Updated Security Checklists 
    3-4 Messaging 2000 Voice Mail System 
    3
    [ Req uired ]  Set the Consec utive 
    Log in Failures Before Loc k-Out 
    p arameter on the Sub sc rib er tab  in 
    System Setup  to sp ec ify how many 
    unsuc c essful log in attemp ts are 
    allowed before mailboxes are 
    loc ked .
    [ Req uired ]  Enab le the Mailb ox 
    Loc k-Out Op tion in subsc ribers’ 
    c lasses of servic e and  the Mailb ox 
    Loc k-Out op tion on the Sub sc rib er 
    Setting s d ialog  b ox to loc k 
    sub sc rib er mailb oxes after the 
    numb er of unsuc c essful log in 
    attemp ts spec ified in the 
    Consec utive Log in Failures Before 
    Loc k-Out parameter have 
    oc c urred .
    [ Rec ommend ed]  Reg ularly monitor 
    the Log in Failure rep ort to 
    d etermine if a hig h numb er of 
    unsuc c essful log in attemp ts are 
    occ urring  on a mailb ox or if the 
    login attemp ts are oc c urring after 
    b usiness hours.
    Misc ellaneous
    [ Req uired ]  Set the Auto Log off 
    feature to a low value to ensure that 
    the M2000 system returns to 
    sec urity level 1 after a short p eriod  
    of inac tivity.
    [ Rec ommend ed]  When Quic k 
    Assist is run in recover mod e from 
    the Quic k Assist ic on in the Luc ent 
    fold er, sp ec ify a Mailb ox to 
    Receive Unattac hed Messages on 
    the Rec over Files d ialog  b ox.
    Table 3-1. Messaging 2000 Voice Mail System  — Continued
    Y/N
    1Note N/A 
    						
    All Lucent Technologies manuals Comments (0)

    Related Manuals for Lucent Technologies BCS Products Security Handbook Addendum