Home > Lucent Technologies > Communications System > Lucent Technologies BCS Products Security Handbook Instructions Manual

Lucent Technologies BCS Products Security Handbook Instructions Manual

Here you can view all the pages of manual Lucent Technologies BCS Products Security Handbook Instructions Manual. The Lucent Technologies manuals for Communications System are available online for free. You can easily download all the documents as PDF.

Page 31

Security Risks 
Page 2-1 Overview 
2
BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
2
2Security Risks
Overview
In order for your system to be secure against toll fraud, you need to address 
access, egress, and system administration. This handbook addresses those 
concerns. In addition, the risk of PBX-based toll fraud increases when any of the 
following products and features are used:
nRemote Access
nAutomated Attendant
nOther port security risks
nVoice Messaging
nAdministration and...

Page 32

BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-2 Remote Access 
2
Remote Access
Remote Access, or Direct Inward System Access (DISA), permits callers from the 
public network to access a customer premises equipment-based system to use its 
features and services. Callers dial into the system using CO, FX, DID, or 800 
service trunks.
After accessing the feature, the user hears system dial tone, and, for system 
security, may be required to dial a barrier code,...

Page 33

BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-3 Automated Attendant 
2
Automated Attendant
Automated attendant systems direct calls to pre-designated stations by offering 
callers a menu of available options. Automated attendant devices are connected 
to a port on the main system and provide the necessary signaling to the switch 
when a call is being transferred. When hackers connect to an automated 
attendant system, they try to find a menu choice (even one...

Page 34

BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-4 Voice Messaging Systems 
2
Voice Messaging Systems
Voice messaging systems provide a variety of voice messaging applications; 
operating similarly to an electronic answering machine. Callers can leave 
messages for employees (subscribers) who have voice mailboxes assigned to 
them. Subscribers can play, forward, save, repeat, and delete the messages in 
their mailboxes. Many voice messaging systems allow callers...

Page 35

BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-5 Administration / Maintenance Access 
2
The following is a list of customer logins for systems in this handbook that provide 
login capabilities. For information on password parameters, see the applicable 
system chapter. For information on how to change passwords, see Appendix E.
nAUDIX Voice Mail System: cust
nAUDIX Voice Power System: audix (or is on the Integrated 
Solution-equipped system)
nDEFINITY AUDIX...

Page 36

BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-6 Administration / Maintenance Access 
2
Increasing Adjunct Access Security
Since system adjuncts can be used to log in to otherwise “protected” systems, you 
also should secure access to the following products:
nG3 Management Applications (G3-MA)
nCSM (Centralized System Management)
nCMS (Call Management System)
nManager III/IV
nTrouble Tracker
nVMAAP
Logins and passwords should be changed and managed in the same...

Page 37

BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-7 General Security Measures 
2
example, if voice mail extensions have a COR of 9, and extensions assigned to 
NETCON channels have a COR of 2, ensure that COR 9 does not have access to 
COR 2. Anyone not authorized to use the NETCON channel should not be able to 
access it.
NOTE:
To determine how the NETCON channels have been assigned, use the list 
data module command. The output from this command identifies the...

Page 38

BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-8 General Security Measures 
2
nAttendants should tell their system manager if they answer a series of calls 
where there is silence on the other end or the caller hangs up.
nUsers who are assigned voice mailboxes should frequently change 
personal passwords and should not choose obvious passwords (see 
‘‘
Choosing Passwords’’ on page 2-5).
nAdvise users with special telephone privileges (such as Remote Access,...

Page 39

BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-9 Security Goals Tables 
2
— If the terminated employee had access to the system administration 
interface, their login ID should be removed (G3V3 or later). Any 
associated passwords should be changed immediately.
nBack up system files regularly to ensure a timely recovery should it be 
required. Schedule regular, off-site backups.
Physical Security
You should always limit access to the system console and...

Page 40

BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Security Risks 
Page 2-10 Security Goals Tables 
2
Table 2-1. Security Goals: DEFINITY ECS, DEFINITY Communications 
Systems, System 75 and System 85
Security Goal Method Security Tool Steps
Protect Remote 
Access featureLimit access to 
authorized usersBarrier codes Set to maximum 
length 
Set COR/COS
Authorization 
codesSet to maximum 
length 
Set FRL on COR
Use VDNs to route 
callsCall Vectoring (G2 
and G3 only)Administer Call...
Start reading Lucent Technologies BCS Products Security Handbook Instructions Manual

Related Manuals for Lucent Technologies BCS Products Security Handbook Instructions Manual

All Lucent Technologies manuals