Home > Lucent Technologies > Communications System > Lucent Technologies BCS Products Security Handbook Instructions Manual

Lucent Technologies BCS Products Security Handbook Instructions Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Lucent Technologies BCS Products Security Handbook Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							Small Business Communications Systems 
    Page 4-1  
    4
    BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    4
    4Small Business 
    Communications 
    Systems
    This chapter provides information on protecting the following communications 
    systems:
    nMERLIN II Communications System (page 4-6)
    nMERLIN LEGEND Communications System (page 4-8)
    nMERLIN Plus Communications System (page 4-16)
    nPARTNER II Communications System (page 4-18)
    nPARTNER Plus Communications System (page 4-18)
    nSystem 25 (page 4-19)
    Other chapters detail additional security measures to protect your equipment:
    nChapter 5 contains security measures to protect the attached voice 
    messaging system. For general security measures, refer to ‘‘
    Protecting 
    Voice Messaging Systems’’ on page 5-2. For product-specific security 
    measures, refer to:
    —‘‘
    MERLIN II Communications System’’ on page 5-33
    —‘‘MERLIN LEGEND Communications System’’ on page 5-36
    —‘‘PARTNER II Communications System’’ on page 5-48
    —‘‘PARTNER Plus Communications System’’ on page 5-50
    —‘‘System 25’’ on page 5-52
    nChapter 6 contains security measures to protect the Automated Attendant 
    feature of your communications system. For product-specific security 
    measures, refer to:
    —‘‘
    MERLIN II Communications System R3’’ on page 6-18
    —‘‘MERLIN LEGEND Communications System’’ on page 6-19 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Small Business Communications Systems 
    Page 4-2  
    4
    —‘‘PARTNER II Communications System’’ on page 6-20
    —‘‘PARTNER Plus Communications System’’ on page 6-20
    —‘‘System25’’ on page 6-21 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Small Business Communications Systems 
    Page 4-3 Features for the MERLIN Systems 
    4
    Features for the MERLIN Systems
    The following table indicates MERLIN II and MERLIN LEGEND security features 
    by release number.
    Table 4-1. MERLIN II and MERLIN LEGEND Security Features
    FeaturesMII
     R3ML 
    R1.0/
     1.1ML 
    R2.0/
     2.1ML 
    R3.0/
    3.1ML 
    R4.0/
     4.1/ 
    4.2ML 
    R5.0 Comments
    Automatic Route 
    Selection (ARS)xxxxxx
    Administration 
    Securityx x x x x 5-character password 
    on SPM program
    Allowed List x x x x x x 2- to 11-digit code
    Barrier Code x x x x x x MII: one code, four 
    digits
    ML R1/R2: 16 codes, 
    four digits each, default 
    is 16 codes
    ML R3/R4/R5: 
    16 codes, digits 
    increased to 4 through 
    11, default is 7 digits
    Dial Access to 
    Poolsx x x x x x Factory setting 
    specifies no users are 
    able to use any pool 
    dial-out codes
    Direct Inward 
    System Access
    NOTE: For 
    MERLIN Legend 
    systems, see 
    “Remote Access.”N/A N/A N/A N/A N/A Users limited to dialing 
    inside users or 
    pool/line codes; ARS 
    cannot be used by 
    DISA callers; feature 
    can be set for inward 
    access only or full 
    access
    Disallowed List x x x x x x Default is List 7
    Facility 
    Restriction 
    Levels (FRLs)x x x x x Levels 0 through 6; 
    ARS related
    Forced Entry of 
    Account Codesx x x x x x Affects only outgoing 
    calls 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Small Business Communications Systems 
    Page 4-4 Features for the MERLIN Systems 
    4
    Night Service x x x x x Whenever Night 
    Service is on and 
    Shared Remote 
    Access is 
    administered, calls 
    normally routed to 
    internal stations are 
    provided remote access 
    treatment.
    Reliable/Un-reliab
    le Disconnectxxxxxx“Un-reliable” setting 
    allows the user to dial 
    without system 
    screening if the far end 
    disconnects.
    Remote Access x x x x x Access controlled by 
    restrictions associated 
    with the barrier codes.
    Remote Access 
    Kill After “N” 
    AttemptsxxxxxxN=3
    Remote Call 
    Forwardingxxxxx
    Restrict Incoming 
    Tie Lines* x x x x x MII (*) allows access to 
    stations only on ML; 
    default prohibits 
    access to outgoing 
    facilities via tie lines; 
    access is allowed if the 
    tie line is set for remote 
    access, but access is 
    controlled by an 
    assigned barrier code.
    Station Message 
    Detail Recording 
    (SMDR)x x x x x x For ML R3 w/ Call ID, 
    remote access number 
    is recorded if received. 
    For ML R4.2 and later 
    releases, the optional 
    ML Reporter Talk Time 
    feature is disabled.
    Table 4-1. MERLIN II and MERLIN LEGEND Security Features — Continued
    FeaturesMII
     R3ML 
    R1.0/
     1.1ML 
    R2.0/
     2.1ML 
    R3.0/
    3.1ML 
    R4.0/
     4.1/ 
    4.2ML 
    R5.0 Comments 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Small Business Communications Systems 
    Page 4-5 Features for the MERLIN Systems 
    4
    Station 
    Restrictionsx x x x x x Outward, toll, and 
    unrestricted
    Transfer to 
    Scriber Onlyx x x x x Related to mail system 
    in use
    Trunk-to-Trunk 
    Transferx x x x x Cannot be deactivated.
    For ML R3.1 and later 
    releases, trunk-to-trunk 
    transfer can be blocked 
    for an extension.
    Table 4-1. MERLIN II and MERLIN LEGEND Security Features — Continued
    FeaturesMII
     R3ML 
    R1.0/
     1.1ML 
    R2.0/
     2.1ML 
    R3.0/
    3.1ML 
    R4.0/
     4.1/ 
    4.2ML 
    R5.0 Comments 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Small Business Communications Systems 
    Page 4-6 MERLIN II Communications System 
    4
    MERLIN II Communications System
    This section provides information on protecting the MERLIN II Communications 
    System. 
    Additional security measures are required to protect adjunct equipment.
    nChapter 5 contains security measures to protect the attached voice 
    messaging system. For general security measures, refer to ‘‘
    Protecting 
    Voice Messaging Systems’’ on page 5-2. For product-specific security 
    measures, refer to ‘‘
    MERLIN II Communications System’’ on page 5-33.
    nChapter 6 contains security measures to protect the Automated Attendant 
    feature of your communications system. See ‘‘
    MERLIN II Communications 
    System R3’’ on page 6-18.
    Protecting Direct Inward System Access (DISA)
    The Direct Inward System Access feature allows users to call into the MERLIN II 
    Communications System from a remote location (for example, a satellite office, or 
    while traveling) and use the system to make calls. However, unauthorized 
    persons might learn the DISA telephone number and password, call into the 
    system, and make long distance calls.
    The following security measures assist you in managing the DISA feature to help 
    prevent unauthorized use.
    Security Tips
    nTo reduce the system’s vulnerability to toll fraud, outward restrict the port to 
    which the Remote Maintenance Device is connected.
    nEvaluate the necessity for DISA. If this feature is not vital to your 
    organization, consider not using it or limiting its use. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Small Business Communications Systems 
    Page 4-7 MERLIN II Communications System 
    4
    To restrict DISA lines, do the following:
    — With a BIS-34D Console:
    1. Move the TP switch to P.
    2. Press the conference button twice.
    3. Press the message button.
    4. Dial #325.
    5. Dial 0 for Outward Restriction.
    6. Press the message button again.
    — With a MERLIN II Communications System display console:
    1. From the administration menu, press these buttons:  
    .
    2. If callers must dial a password to make DISA calls, dial a 
    4-digit password.
    3. Press .
    4. Press   for no restriction, or   for inward 
    restriction.
    5. Press the line buttons until the lights next to them show the 
    appropriate code:
    Green light on = line or line pool can be used for DISA
    Green light off = line or line pool cannot be used for DISA
    6. Press Conference to return to the administration menu or 
    leave administration mode.
    If you need the feature, use as many of the security measures presented in 
    this section as you can.
    nProgram DISA to require the caller to enter a system password before the 
    system will allow the caller access. See ‘‘
    Administration / Maintenance 
    Access’’ on page 2-4 and ‘‘General Security Measures’’ on page 2-7 for 
    secure password guidelines.
    nUse the system’s toll restriction capabilities to restrict the long distance 
    calling ability of DISA users as much as possible, consistent with the needs 
    of your business.
    nBlock out-of-hours calling by turning off Remote Access features at an 
    intercom 10 administration telephone whenever possible.
    nProtect your DISA telephone number and password. Only give them to 
    people who need them, and impress upon these people the need to keep 
    the telephone number and password secret.
    nMonitor your SMDR records and/or your Call Accounting System reports 
    regularly for signs of irregular calls. Review these records and reports for 
    the following symptoms of abuse:
    Lines
    DISA
    Enter
    NoRestrInwdOnly 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Small Business Communications Systems 
    Page 4-8 MERLIN LEGEND Communications System 
    4
    — Short holding times on one trunk group
    — Calls to international locations not normal for your business
    — Calls to suspicious destinations
    — High numbers of “ineffective call attempts” indicating attempts at 
    entering invalid barrier codes
    — Numerous calls to the same number 
    — Undefined account codes
    MERLIN LEGEND Communications 
    System
    This section provides information on protecting the MERLIN LEGEND 
    Communications System. 
    Unauthorized persons concentrate their activities in the following two areas with 
    the MERLIN LEGEND Communications System:
    nTransfer out of the MERLIN LEGEND Communications System to gain 
    access to an outgoing trunk and make long distance calls. 
    nLocate unused or unprotected mailboxes and use them as drop-off points 
    for their own messages.
    Additional security measures are required to protect adjunct equipment.
    nChapter 5 contains security measures to protect the attached voice 
    messaging system. For general security measures, refer to ‘‘
    Protecting 
    Voice Messaging Systems’’ on page 5-2. For product-specific security 
    measures, refer to ‘‘
    MERLIN LEGEND Communications System’’ on page 
    5-36.
    nChapter 6 contains security measures to protect the Automated Attendant 
    feature of your communications system. See ‘‘
    MERLIN LEGEND 
    Communications System’’ on page 6-19.
    The MERLIN LEGEND Communications System permits trunk-to-trunk transfers 
    from Voice Mail Integrated (VMI) ports starting with Release 2.1. Starting with 
    Release 3.1, the following are in effect:
    nVMI ports are assigned outward restrictions by default
    nTrunk-to-trunk transfer can be allowed or disallowed on a per-station basis, 
    and the default setting for all stations is restricted. Trunk-to-trunk transfer is 
    the transferring of an outside call to another outside number. Whenever 
    trunk-to-trunk transfer is disabled, users cannot transfer an outside call to 
    an outside line. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Small Business Communications Systems 
    Page 4-9 MERLIN LEGEND Communications System 
    4
    NOTE:
    The ability to transfer internal calls to outside numbers cannot be 
    blocked for an individual extension. However, Calling Restrictions or 
    Disallowed Lists can be assigned to individual extensions to prevent 
    outward or toll calls. Also, a call transfer to an outside destination is 
    disconnected if the original call is on a trunk that does not have 
    reliable disconnect, or if another user joined the call, and the call is 
    now a conference call (which cannot be transferred).
    nPool dial-out codes are restricted for all extensions by default. No 
    extension or remote access user with a barrier code has access to pools 
    until the restriction is removed by the system manager.
    Unlike the MERLIN II Communications System R3, the MERLIN LEGEND 
    Communications System does not allocate touch-tone receivers for incoming 
    calls, and thus will not interpret touch tones from a caller as an attempt to 
    circumvent toll restriction, and will not disconnect the call. This could leave the 
    MERLIN LEGEND Communications System vulnerable to toll fraud if the ports are 
    not outward restricted.
    Preventative Measures
    nProvide good physical security for the room containing your 
    telecommunications equipment and the room with administrative tools, 
    records, and system programming information. These areas should be 
    locked when not attended. 
    nProvide a secure trash disposal for all sensitive information, including 
    telephone directories, call accounting records, or anything that may supply 
    information about your communications system. This trash should be 
    shredded. 
    nEducate employees that hackers may try to trick them into providing them 
    with dial tone or dialing a number for them. All reports of trouble, requests 
    for moving extensions, or any other administrative details associated with 
    the MERLIN LEGEND Communications System should be handled by one 
    person (the system manager) or within a specified department. Anyone 
    claiming to be a telephone company representative should be referred to 
    this person or department. 
    nNo one outside of Lucent Technologies needs to use the MERLIN 
    LEGEND Communications System to test facilities (lines/trunks). If a caller 
    identifies himself or herself as an Lucent Technologies employee, the 
    system manager should ask for a telephone number where the caller can 
    be reached. The system manager should be able to recognize the number 
    as an Lucent Technologies telephone number. 
    Before connecting the caller 
    to the administrative port of the MERLIN LEGEND Communications 
    system, the system manager should feel comfortable that a good reason to  
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Small Business Communications Systems 
    Page 4-10 MERLIN LEGEND Communications System 
    4
    do so exists. In any event, it is not advisable to give anyone access to 
    network facilities or operators, or to dial a number at the request of the 
    caller.
    nAny time a call appears to be suspicious, call the Lucent Technologies BCS 
    Fraud Intervention Center at 1 800 628-2888 (fraud intervention for 
    System 25, PARTNER and MERLIN systems). 
    nCustomers should also take advantage of Lucent Technologies monitoring 
    services and devices, such as the NetPROTECTSM family of 
    fraud-detection services, CAS with HackerTracker
    ® and CAT Terminal with 
    Watchdog. Call 1 800 638-7233 to get more information on these Lucent 
    Technologies fraud detection services and products. 
    Protection Via Star Codes and
    Allowed/Disallowed Lists
    Starting with MERLIN LEGEND Release 3.1, star codes can be added to Allowed 
    and Disallowed Lists to help prevent toll fraud. These codes are dialed usually 
    before an outgoing call, and they allow telephone users to obtain special services 
    provided by the central office (CO). For example, in many areas, a telephone user 
    can dial *67 before a telephone number to disable CO-supplied caller 
    identification at the receiving party’s telephone. 
    Whenever a user dials a star code, the system checks the Allowed and 
    Disallowed Lists to determine whether the star code is allowed. If the star code is 
    allowed, the star code is passed to the CO, the Calling Restrictions are reset, and 
    the digits following the star code are checked by the Allowed Lists, Disallowed 
    Lists, and Calling Restrictions.
    The system recognizes star codes containing two digits ranging from either 00 
    through 19 or 40 through 99 (for example, *14). It also recognizes star codes 
    containing three digits ranging from 200 through 399 (for example, *234).
    Therefore, for example, if a caller dials *67280, the system checks *67 against the 
    Allowed and Disallowed Lists. If this code is allowed, the system then checks 280 
    against the Allowed and Disallowed Lists.
    Multiple leading star codes (such as *67*70) are also handled by the system: the 
    dialed number is checked against the Allowed and Disallowed Lists after each star 
    code is detected. 
    						
    All Lucent Technologies manuals Comments (0)

    Related Manuals for Lucent Technologies BCS Products Security Handbook Instructions Manual