Home > Lucent Technologies > Communications System > Lucent Technologies BCS Products Security Handbook Instructions Manual

Lucent Technologies BCS Products Security Handbook Instructions Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Lucent Technologies BCS Products Security Handbook Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-9 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
    5
    nEnter the FRL number (0 through 7) in the FRL field. Assign the lowest FRL 
    that will meet the outcalling requirements, if the outcalling feature is being 
    utilized. The route patterns for restricted calling areas should have a higher 
    FRL assigned to the trunk groups.
    nUse change route-pattern to display the Route Pattern screen.
    nUse a separate partition group for ARS on the ports used for outcalling, 
    and limit the numbers that can be called.
    NOTE:
    For DEFINITY ECS and DEFINITY G3, the Restricted Call List on the Toll 
    Analysis Table can also be used to restrict calls to specified areas.
    For DEFINITY G2 and System 85:
    nUse PROC010 WORD3 FIELD23 to assign FRLs for use with 
    AAR/ARS/WCR trunks. Assign higher FRLs to restricted patterns in 
    PROC309 than the FRL in the COS for the voice mail ports.
    nFor DEFINITY G2.2, do not use PROC314 to mark disallowed destinations 
    with a higher FRL value. PROC314 WORD1 assigns a Virtual Nodepoint 
    Identifier (VNI) to the restricted dial string. PROC317 WORD2 maps the 
    VNI to the pattern, and PROC317 WORD2 shows the pattern preference, 
    with the FRL in field 4.
    For earlier releases, use PROC313 to enter disallowed destinations in the 
    Unauthorized Call Control table.
    Allow Calling Only to Specified Numbers
    A reverse strategy to preventing calls is to allow outbound calls only to certain 
    numbers. For G1 and System 75, you must specify both the area code and the 
    office code of the allowable numbers. For G3, you can specify the area code or 
    telephone number of calls you allow.
    For DEFINITY G1 and System 75:
    nUse change ars fnpa xxx to display the ARS FNPA Table, where xxx is 
    the NPA that will have some unrestricted exchanges.
    nRoute the NPA to an RHNPA table (for example, r1).
    nUse change rnhpa r1: xxx to route unrestricted exchanges to a pattern 
    choice with an FRL equal to or lower than the originating FRL of the voice 
    mail ports.
    nIf the unrestricted exchanges are in the Home NPA, and the Home NPA 
    routes to h on the FNPA Table, use change hnpa xxx to route unrestricted 
    exchanges to a pattern with a low FRL. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-10 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
    5
    NOTE:
    If assigning a low FRL to a pattern preference conflicts with requirements for 
    other callers (it allows calls that should not be allowed), use ARS partitioning 
    to establish separate FNPA/HNPA/RHNPA tables for the voice mail ports.
    For DEFINITY G2 and System 85:
    nUse PROC311 WORD2 to establish 6-digit translation tables for foreign 
    NPAs, and assign up to 10 different routing designators to each foreign 
    NPA (area code).
    nUse PROC311 WORD3 to map restricted and unrestricted exchanges to 
    different routing designators.
    nIf the unrestricted toll exchanges are in the Home NPA, use PROC311 
    WORD1 to map them to a routing designator.
    nIf the Tenant Services feature is used, use PROC314 WORD1 to map 
    routing designators to patterns. If Tenant Services is not used, the pattern 
    number will be the same as the routing designator number.
    nUse PROC309 WORD3 to define the restricted and unrestricted patterns.
    For DEFINITY ECS and DEFINITY G3:
    nUse change ars analysis to display the ARS Analysis screen.
    nEnter the area codes or telephone numbers that you want to allow and 
    assign an available routing pattern to each of them.
    nUse change routing pattern to give the pattern preference an FRL that is 
    equal to or lower than the FRL of the voice mail ports.
    NOTE:
    For DEFINITY G3, the Unrestricted Call List (UCL) on the Toll Analysis Table 
    can be used to allow calls to specified numbers through ARS/WCR. The 
    COR for the voice mail ports should show “all-toll” restriction and access to 
    at least one UCL.
    For DEFINITY G2.2:
    nUse PROC314 WORD1 to assign a VNI to the unrestricted dial string. Map 
    the VNI to a routing pattern in PROC317 WORD2, and assign a low FRL to 
    the pattern in PROC318 WORD1. If you permit only certain numbers, 
    consider using Network 3, which contains only those numbers. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-11 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
    5
    Detecting Voice Mail Fraud
    Table 5-3 shows the reports that help determine if a voice mail system used with 
    the DEFINITY ECS, DEFINITY Communications Systems, System 75, or 
    System 85 is being used for fraudulent purposes.
    See ‘‘Security Tips’’ on page 5-3 for additional ways to detect voice mail fraud.
    NOTE:
    The System Administrator can also view a logfile to see if a mailbox is being 
    hacked. For the AUDIX Voice Mail System R1, the administrator can view 
    the logfile by typing system:log:display. For the DEFINITY AUDIX and 
    Lucent Technologies I
    NTUITY Voice Mail Systems, the administrator can 
    view the logfile by typing display administration-log.
    Call Detail Recording (CDR) / Station Message 
    Detail Recording (SMDR)
    With Call Detail Recording activated for the incoming trunk groups, you can check 
    the calls into your voice mail ports. A series of short holding times may indicate 
    repeated attempts to enter voice mailbox passwords. See also ‘‘
    Security Violation 
    Notification Feature (DEFINITY ECS and DEFINITY G3 only)’’ on page 3-53.
    Table 5-3. Reports and Monitoring Techniques for Voice Mail
    Monitoring Technique Switch Page #
    Call Detail Recording (SMDR) All5-11
    Traffic Measurements and 
    PerformanceAll5-13
    Automatic Circuit Assurance All5-14
    Busy Verification All5-15
    Call Traffic Report All5-13
    Trunk Group Report G1, G3, System 755-13
    Traffic  Reports Any with the AUDIX 
    Voice Mail System5-15
    Call Detail Recording Any with the AUDIX 
    Voice Mail System 
    R1V5 with Digital 
    Networking5-18 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-12 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
    5
    NOTE:
    Most call accounting packages discard this valuable security information. If 
    you are using a call accounting package, check to see if this information can 
    be stored by making adjustments in the software. If it cannot be stored, be 
    sure to check the raw data supplied by the CDR.
    Review CDR for the following symptoms of voice mail abuse:
    nShort holding times on any trunk group where voice mail is the originating 
    endpoint or terminating endpoint
    nCalls to international locations not normal for your business
    nCalls to suspicious destinations
    nNumerous calls to the same number 
    nUndefined account codes
    NOTE:
    For DEFINITY G2 and System 85, since CDR only records the last 
    extension on the call, internal toll abusers transfer unauthorized calls to 
    another extension before they disconnect so that the CDR does not track 
    the originating station. If the transfer is to your voice mail system, it could 
    give a false indication that your voice mail system is the source of the toll 
    fraud.
    For DEFINITY ECS, DEFINITY G1, G3, and System 75:
    nTo display the Features-Related System Parameters screen, use the 
    change system-parameters feature (G1 and System 75 only) or the 
    change system-parameters cdr feature (G3 only).
    NOTE:
    Also using direct TACs on some SMDRs/CDRs can result in the 
    non-recording of fraudulent calls.
    nAdminister the appropriate format to collect the most information. The 
    format depends on the capabilities of your CDR analyzing and recording 
    device.
    nUse change trunk-group to display the Trunk Group screen.
    nEnter y in the SMDR/CDR Reports field.
    For DEFINITY G2: 
    nUse PROC275 WORD1 FIELD14 to turn on the CDR for incoming calls.
    nUse PROC101 WORD1 FIELD8 to specify the trunk groups. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-13 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
    5
    Call Traffic Report
    This report provides hourly port usage data and counts the number of calls 
    originated by each port. By tracking normal traffic patterns, you can respond 
    quickly if an unusually high volume of calls begins to appear, especially after 
    business hours or during weekends, which might indicate hacker activity.
    For DEFINITY ECS, DEFINITY G1, G3, and System 75, traffic data reports are 
    maintained for the last hour and the peak hour. For DEFINITY G2 and System 85, 
    traffic data is available via Monitor I which can store the data and analyze it over 
    specified periods.
    Trunk Group Report
    This report tracks call traffic on trunk groups at hourly intervals. Since trunk traffic 
    is fairly predictable, you can easily establish over time what is normal usage for 
    each trunk group. Use this report to watch for abnormal traffic patterns, such as 
    unusually high off-hour loading. 
    SAT, Manager I, and G3-MT Reporting
    Traffic reporting capabilities are built-in and are obtained through the System 
    Administrator Tool (SAT), Manager I, and G3-MT terminals. These programs track 
    and record the usage of hardware and software features. The measurements 
    include peg counts (number of times accessed) and call seconds of usage. Traffic 
    measurements are maintained constantly and are available on demand. However, 
    reports are not archived and should therefore be printed to monitor a history of 
    traffic patterns.
    For DEFINITY ECS, DEFINITY G1, G3, and System 75:
    nTo record traffic measurements: 
    —Use change trunk-group to display the Trunk Group screen.
    — In the Measured field, enter both if you have BCMS and CMS, 
    internal if you have only BCMS, or external if you have only 
    CMS.
    nTo review the traffic measurements, use list measurements followed by 
    one of the measurement types (trunk-groups, call-rate, call-summary, or 
    outage-trunk) and the timeframe (yesterday-peak, today-peak, or 
    last-hour).
    nTo review performance, use list performance followed by one of the 
    performance types (summary or trunk-group) and the timeframe 
    (yesterday or today). 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-14 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
    5
    ARS Measurement Selection
    The ARS Measurement Selection can monitor up to 20 routing patterns 
    (25 for G3) for traffic flow and usage.
    For DEFINITY ECS, DEFINITY G1, G3, and System 75:
    nUse change ars meas-selection to choose the routing patterns you want 
    to track.
    nUse list measurements route-pattern followed by the timeframe 
    (yesterday, today, or last-hour) to review the measurements.
    For DEFINITY G2, use Monitor I to perform the same function.
    Automatic Circuit Assurance
    This monitoring technique detects a number of short holding time calls or a single 
    long holding time call which may indicate hacker activity. Long holding times on 
    Trunk-to-Trunk calls can be a warning sign. The ACA feature allows you to 
    establish time limit thresholds defining what is considered a short holding time and 
    a long holding time. When a violation occurs, a designated station is visually 
    notified.
    When notification occurs, determine if the call is still active. If toll fraud is 
    suspected, use the busy verification feature (see ‘‘
    Busy Verification’’ on page 
    5-15) to monitor the call in progress.
    For DEFINITY ECS, DEFINITY G1, G3, and System 75:
    nUse change system-parameters feature to display the Features-Related 
    System Parameters screen.
    nEnter y in the Automatic Circuit Assurance (ACA) Enabled field.
    nEnter local, primary, or remote in the ACA Referral Calls field. If 
    primary is selected, calls can be received from other switches. Remote 
    applies if the PBX being administered is a DCS node, perhaps unattended, 
    that wants ACA referral calls to go to an extension or console at another 
    DCS node.
    nUse change trunk group to display the Trunk Group screen.
    nEnter y in the ACA Assignment field.
    nEstablish short and long holding times. The defaults are 10 seconds (short 
    holding time) and one hour (long holding time).
    nTo review, use list measurements aca.
    nAdminister an aca button on the console or display station to which the 
    referral will be sent. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-15 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
    5
    For DEFINITY G2 and System 85:
    nUse PROC285 WORD1 FIELD5 and PROC286 WORD1 FIELD1 to enable 
    ACA system-wide.
    nUse PROC120 WORD1 to set ACA call limits and number of calls 
    thresholds.
    nUse PROC286 WORD1 FIELD3 to send the alarms and/or reports to an 
    attendant.
    Busy Verification 
    When toll fraud is suspected, you can interrupt the call on a specified trunk group 
    and monitor the call in progress. Callers will hear a long tone to indicate the call is 
    being monitored.
    For DEFINITY ECS, DEFINITY G1, G3, and System 75:
    nUse change station to display the Station screen for the station that will be 
    assigned the Busy Verification button.
    nIn the Feature Button Assignment field, enter verify.
    nTo activate the feature, press the Verify button and then enter the Trunk 
    Access Code and member number to be monitored.
    For DEFINITY G2 and System 85:
    nAdminister a Busy Verification button on the attendant console.
    nTo activate the feature, press the button and enter the trunk access code 
    and the member number.
    Protecting the AUDIX, DEFINITY AUDIX, and 
    Lucent Technologies INTUITY Voice Mail Systems
    Toll fraud is possible when the application allows the incoming caller to make a 
    network connection with another person. Thus, bridging to an outbound call, call 
    transfer, and 3-way-conferencing are vulnerable areas and should be protected.
    Unauthorized System Use
    You can minimize the risk of unauthorized people gaining access to your system 
    by strictly following the compliance guidelines for, and using the aging feature of, 
    your Voice Mail (vm) and AUDIX System Administration (sa) passwords. 
    Additionally, a new option — the trusted server — has been introduced in this 
    release. The trusted server has direct access to AUDIX and its functionality. The 
    same strict adherence to guidelines of trusted server passwords as with 
    administration passwords is strongly recommended.
    This section discusses security considerations for these topics. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-16 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
    5
    Administration Passwords
    Your INTUITY AUDIX system comes equipped with administrative password 
    features and options that you control to assist you in securing your system. These 
    include:
    nChange default administrator password
    nAdministrator password standards
    nAdministrator password aging
    Changing the Default Administrator Password. When you first get your system, 
    both the 
    sa (system administrator) and vm (voice mail administrator) logins come 
    with a default password. You are required to change this password immediately. 
    Administrator Password Standards. There are certain minimum standards 
    passwords must follow to comply with the system’s standards.
    Administration of Password Aging. You can administer several parameters of 
    the password aging feature that will enhance the level of security the system 
    maintains. Password aging ensures that administration passwords are changed at 
    reasonable intervals. Use the 
    Password Expiration feature for administrative 
    logins to reduce the danger of unauthorized system access.
    Some people tend to change a password when they must do so and then, shortly 
    afterwards, to change back to an old familiar password. Administering the 
    Minimum Age Before Changes feature makes it inconvenient to use this tactic.
    Three new items were added to the Lucent I
    NTUITY menu system to define the 
    limits associated with password aging. They are listed below:
    nPassword Expiration
    nMinimum Age Before Changes
    nExpiration Warning
    These items can be located by selecting Customer/Services 
    Administration from the Main Menu.
    Trusted Server Security
    A trusted server is a computer or a software application in a domain outside of 
    I
    NTUITY AUDIX that uses its own login and password to launch a Lucent INTUITY 
    Messaging Applications Programming Interface (IMAPI) LAN session and access 
    AUDIX mailboxes. Two examples of trusted servers are:
    nSynchronizer software running on an e-mail server
    nEnhanced List Application (ELA) software running as a server on the 
    Lucent I
    NTUITY 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-17 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
    5
    Trusted servers can access and manipulate an AUDIX message just as the 
    AUDIX application can do. (See 
    Lucent Technologies INTUITY Messaging 
    Solutions Release 4 Administration
    , 585-310-564 for in-depth discussions and 
    definitions of trusted servers, domains, and integration of e-mail and other trusted 
    server software with AUDIX.)
    Securing a system that allows access from another domain involves a 
    two-pronged approach. You must consider security from both an internal and an 
    external perspective. External security involves administration to prevent access 
    from an unauthorized source, such as a trusted server or trusted server 
    administrator. Internal security focuses on preventing, or recovering from, damage 
    if a breach occurs (for example, a virus is transmitted in a message component, 
    such as an attached software file).
    External Security for Trusted Servers. The trusted server is empowered to do 
    everything to a user mailbox that an AUDIX user can do. You must administer a 
    password that the trusted server application uses to request a connection to the 
    AUDIX server. Additionally, to prevent unauthorized access through IMAPI into 
    your system from an external source, such as a trusted server, you can administer 
    an IMAPI password that the trusted server must also use when connecting to 
    AUDIX. This IMAPI password prevents an unauthorized source from starting an 
    IMAPI session and is used as a secondary layer of security in addition to the 
    required trusted server password.
    While administration of the IMAPI password is optional, it is 
    strongly 
    recommended
    . If you choose to administer this password, it is further 
    recommended that you change it on a regular basis (for example, monthly). (If you 
    have your administrator’s password set to age automatically, you could use the 
    system prompt telling you that your password must be changed as a reminder to 
    change the IMAPI password, as well.)
    The two new trusted server screens that have been added for Release 4 are 
    Trusted-Server Profile and IMAPI-Password. Instructions for their 
    administration are in 
    Lucent Technologies INTUITY Messaging Solutions 
    Release 4 Administration
    , 585-310-564.
    Internal Security. I
    NTUITY AUDIX R4 allows the transmission between domains of 
    two new message components, including text (e-mail) and binary (software) file 
    attachments. Within the AUDIX system, Message Manager supports these 
    message components as well. With these new components come new security 
    considerations, namely the inadvertent delivery of a “virus” that may be 
    embedded in a file attachment. This can occur in 
    any system that supports the 
    delivery of binary files. While the AUDIX machine cannot be infected with viruses 
    embedded in these software files, client machines may become infected when a 
    user launches the application associated with the software file.
    AUDIX does not perform any virus detection. Your company should carefully 
    evaluate the security risks of file attachments and make provisions for virus 
    detection software on PCs running an e-mail application or Message Manager. 
    Your PC/LAN administrator(s) likely has considerable experience detecting and  
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-18 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
    5
    preventing the transmission of software viruses that you can use when planning 
    for e-mail. Furthermore, your administrator has minimum requirements that the 
    AUDIX server and e-mail server must meet to be allowed on the company 
    network at all.
    At a minimum, you should advise your users that file attachments should be 
    detached (
    not launched) and scanned for viruses before use.
    Traffic Reports (AUDIX Voice Mail System Only)
    The AUDIX Voice Mail System provides tracking of traffic data over various 
    timespans. Reviewing these reports on a regular basis helps to establish traffic 
    trends. If increased activity or unusual usage patterns occur, such as heavy call 
    volume on ports assigned to outcalling, they can be investigated immediately. 
    Beginning with AUDIX Voice Mail System R1V2, the AUDIX Data Acquisition 
    Package (ADAP) uses a PC to provide extended storage and analysis capabilities 
    for the traffic data.
    Call Detail Recording (AUDIX Voice Mail 
    System Only)
    For the AUDIX Voice Mail System R1V5 and later, this optional feature provides a 
    detailed view of the activity associated with each voice mail session, outgoing 
    calls, and system-wide activity.
    Voice Session Record (AUDIX Voice Mail System Only)
    The activity for each individual voice mailbox is recorded in a Voice Session 
    Record. A voice session begins whenever a caller attempts to log into the AUDIX 
    Voice Mail System, is redirected to the voice mail system for call answering, 
    enters    , or      , transfers from one automated attendant to another 
    (nested), or is transferred by the Enhanced Automated Attendant feature.
    The record reveals the routing of the call, including the caller (if internal), recipient, 
    port, community, Mailbox IDs (corresponds to the voice mail system subscriber’s 
    extension number input during a login or as input by the calling party), the time 
    and duration of the call, the type of session (voice mail, call answer, guest 
    password, or automated attendant), the message activity, and number of login 
    attempts.
    Also reported is the session termination method. Each possible termination 
    method is assigned a value as shown in Table 5-4
    . This information can be 
    downloaded to a PC using ADAP to be available on demand or at scheduled 
    intervals.
    *R**R 
    						
    All Lucent Technologies manuals Comments (0)

    Related Manuals for Lucent Technologies BCS Products Security Handbook Instructions Manual