Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies BCS Products Security Handbook Instructions Manual
Lucent Technologies BCS Products Security Handbook Instructions Manual
Have a look at the manual Lucent Technologies BCS Products Security Handbook Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Voice Messaging Systems Page 5-9 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 5 nEnter the FRL number (0 through 7) in the FRL field. Assign the lowest FRL that will meet the outcalling requirements, if the outcalling feature is being utilized. The route patterns for restricted calling areas should have a higher FRL assigned to the trunk groups. nUse change route-pattern to display the Route Pattern screen. nUse a separate partition group for ARS on the ports used for outcalling, and limit the numbers that can be called. NOTE: For DEFINITY ECS and DEFINITY G3, the Restricted Call List on the Toll Analysis Table can also be used to restrict calls to specified areas. For DEFINITY G2 and System 85: nUse PROC010 WORD3 FIELD23 to assign FRLs for use with AAR/ARS/WCR trunks. Assign higher FRLs to restricted patterns in PROC309 than the FRL in the COS for the voice mail ports. nFor DEFINITY G2.2, do not use PROC314 to mark disallowed destinations with a higher FRL value. PROC314 WORD1 assigns a Virtual Nodepoint Identifier (VNI) to the restricted dial string. PROC317 WORD2 maps the VNI to the pattern, and PROC317 WORD2 shows the pattern preference, with the FRL in field 4. For earlier releases, use PROC313 to enter disallowed destinations in the Unauthorized Call Control table. Allow Calling Only to Specified Numbers A reverse strategy to preventing calls is to allow outbound calls only to certain numbers. For G1 and System 75, you must specify both the area code and the office code of the allowable numbers. For G3, you can specify the area code or telephone number of calls you allow. For DEFINITY G1 and System 75: nUse change ars fnpa xxx to display the ARS FNPA Table, where xxx is the NPA that will have some unrestricted exchanges. nRoute the NPA to an RHNPA table (for example, r1). nUse change rnhpa r1: xxx to route unrestricted exchanges to a pattern choice with an FRL equal to or lower than the originating FRL of the voice mail ports. nIf the unrestricted exchanges are in the Home NPA, and the Home NPA routes to h on the FNPA Table, use change hnpa xxx to route unrestricted exchanges to a pattern with a low FRL.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Voice Messaging Systems Page 5-10 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 5 NOTE: If assigning a low FRL to a pattern preference conflicts with requirements for other callers (it allows calls that should not be allowed), use ARS partitioning to establish separate FNPA/HNPA/RHNPA tables for the voice mail ports. For DEFINITY G2 and System 85: nUse PROC311 WORD2 to establish 6-digit translation tables for foreign NPAs, and assign up to 10 different routing designators to each foreign NPA (area code). nUse PROC311 WORD3 to map restricted and unrestricted exchanges to different routing designators. nIf the unrestricted toll exchanges are in the Home NPA, use PROC311 WORD1 to map them to a routing designator. nIf the Tenant Services feature is used, use PROC314 WORD1 to map routing designators to patterns. If Tenant Services is not used, the pattern number will be the same as the routing designator number. nUse PROC309 WORD3 to define the restricted and unrestricted patterns. For DEFINITY ECS and DEFINITY G3: nUse change ars analysis to display the ARS Analysis screen. nEnter the area codes or telephone numbers that you want to allow and assign an available routing pattern to each of them. nUse change routing pattern to give the pattern preference an FRL that is equal to or lower than the FRL of the voice mail ports. NOTE: For DEFINITY G3, the Unrestricted Call List (UCL) on the Toll Analysis Table can be used to allow calls to specified numbers through ARS/WCR. The COR for the voice mail ports should show “all-toll” restriction and access to at least one UCL. For DEFINITY G2.2: nUse PROC314 WORD1 to assign a VNI to the unrestricted dial string. Map the VNI to a routing pattern in PROC317 WORD2, and assign a low FRL to the pattern in PROC318 WORD1. If you permit only certain numbers, consider using Network 3, which contains only those numbers.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Voice Messaging Systems Page 5-11 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 5 Detecting Voice Mail Fraud Table 5-3 shows the reports that help determine if a voice mail system used with the DEFINITY ECS, DEFINITY Communications Systems, System 75, or System 85 is being used for fraudulent purposes. See ‘‘Security Tips’’ on page 5-3 for additional ways to detect voice mail fraud. NOTE: The System Administrator can also view a logfile to see if a mailbox is being hacked. For the AUDIX Voice Mail System R1, the administrator can view the logfile by typing system:log:display. For the DEFINITY AUDIX and Lucent Technologies I NTUITY Voice Mail Systems, the administrator can view the logfile by typing display administration-log. Call Detail Recording (CDR) / Station Message Detail Recording (SMDR) With Call Detail Recording activated for the incoming trunk groups, you can check the calls into your voice mail ports. A series of short holding times may indicate repeated attempts to enter voice mailbox passwords. See also ‘‘ Security Violation Notification Feature (DEFINITY ECS and DEFINITY G3 only)’’ on page 3-53. Table 5-3. Reports and Monitoring Techniques for Voice Mail Monitoring Technique Switch Page # Call Detail Recording (SMDR) All5-11 Traffic Measurements and PerformanceAll5-13 Automatic Circuit Assurance All5-14 Busy Verification All5-15 Call Traffic Report All5-13 Trunk Group Report G1, G3, System 755-13 Traffic Reports Any with the AUDIX Voice Mail System5-15 Call Detail Recording Any with the AUDIX Voice Mail System R1V5 with Digital Networking5-18
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Voice Messaging Systems Page 5-12 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 5 NOTE: Most call accounting packages discard this valuable security information. If you are using a call accounting package, check to see if this information can be stored by making adjustments in the software. If it cannot be stored, be sure to check the raw data supplied by the CDR. Review CDR for the following symptoms of voice mail abuse: nShort holding times on any trunk group where voice mail is the originating endpoint or terminating endpoint nCalls to international locations not normal for your business nCalls to suspicious destinations nNumerous calls to the same number nUndefined account codes NOTE: For DEFINITY G2 and System 85, since CDR only records the last extension on the call, internal toll abusers transfer unauthorized calls to another extension before they disconnect so that the CDR does not track the originating station. If the transfer is to your voice mail system, it could give a false indication that your voice mail system is the source of the toll fraud. For DEFINITY ECS, DEFINITY G1, G3, and System 75: nTo display the Features-Related System Parameters screen, use the change system-parameters feature (G1 and System 75 only) or the change system-parameters cdr feature (G3 only). NOTE: Also using direct TACs on some SMDRs/CDRs can result in the non-recording of fraudulent calls. nAdminister the appropriate format to collect the most information. The format depends on the capabilities of your CDR analyzing and recording device. nUse change trunk-group to display the Trunk Group screen. nEnter y in the SMDR/CDR Reports field. For DEFINITY G2: nUse PROC275 WORD1 FIELD14 to turn on the CDR for incoming calls. nUse PROC101 WORD1 FIELD8 to specify the trunk groups.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Voice Messaging Systems Page 5-13 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 5 Call Traffic Report This report provides hourly port usage data and counts the number of calls originated by each port. By tracking normal traffic patterns, you can respond quickly if an unusually high volume of calls begins to appear, especially after business hours or during weekends, which might indicate hacker activity. For DEFINITY ECS, DEFINITY G1, G3, and System 75, traffic data reports are maintained for the last hour and the peak hour. For DEFINITY G2 and System 85, traffic data is available via Monitor I which can store the data and analyze it over specified periods. Trunk Group Report This report tracks call traffic on trunk groups at hourly intervals. Since trunk traffic is fairly predictable, you can easily establish over time what is normal usage for each trunk group. Use this report to watch for abnormal traffic patterns, such as unusually high off-hour loading. SAT, Manager I, and G3-MT Reporting Traffic reporting capabilities are built-in and are obtained through the System Administrator Tool (SAT), Manager I, and G3-MT terminals. These programs track and record the usage of hardware and software features. The measurements include peg counts (number of times accessed) and call seconds of usage. Traffic measurements are maintained constantly and are available on demand. However, reports are not archived and should therefore be printed to monitor a history of traffic patterns. For DEFINITY ECS, DEFINITY G1, G3, and System 75: nTo record traffic measurements: —Use change trunk-group to display the Trunk Group screen. — In the Measured field, enter both if you have BCMS and CMS, internal if you have only BCMS, or external if you have only CMS. nTo review the traffic measurements, use list measurements followed by one of the measurement types (trunk-groups, call-rate, call-summary, or outage-trunk) and the timeframe (yesterday-peak, today-peak, or last-hour). nTo review performance, use list performance followed by one of the performance types (summary or trunk-group) and the timeframe (yesterday or today).
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Voice Messaging Systems Page 5-14 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 5 ARS Measurement Selection The ARS Measurement Selection can monitor up to 20 routing patterns (25 for G3) for traffic flow and usage. For DEFINITY ECS, DEFINITY G1, G3, and System 75: nUse change ars meas-selection to choose the routing patterns you want to track. nUse list measurements route-pattern followed by the timeframe (yesterday, today, or last-hour) to review the measurements. For DEFINITY G2, use Monitor I to perform the same function. Automatic Circuit Assurance This monitoring technique detects a number of short holding time calls or a single long holding time call which may indicate hacker activity. Long holding times on Trunk-to-Trunk calls can be a warning sign. The ACA feature allows you to establish time limit thresholds defining what is considered a short holding time and a long holding time. When a violation occurs, a designated station is visually notified. When notification occurs, determine if the call is still active. If toll fraud is suspected, use the busy verification feature (see ‘‘ Busy Verification’’ on page 5-15) to monitor the call in progress. For DEFINITY ECS, DEFINITY G1, G3, and System 75: nUse change system-parameters feature to display the Features-Related System Parameters screen. nEnter y in the Automatic Circuit Assurance (ACA) Enabled field. nEnter local, primary, or remote in the ACA Referral Calls field. If primary is selected, calls can be received from other switches. Remote applies if the PBX being administered is a DCS node, perhaps unattended, that wants ACA referral calls to go to an extension or console at another DCS node. nUse change trunk group to display the Trunk Group screen. nEnter y in the ACA Assignment field. nEstablish short and long holding times. The defaults are 10 seconds (short holding time) and one hour (long holding time). nTo review, use list measurements aca. nAdminister an aca button on the console or display station to which the referral will be sent.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Voice Messaging Systems Page 5-15 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 5 For DEFINITY G2 and System 85: nUse PROC285 WORD1 FIELD5 and PROC286 WORD1 FIELD1 to enable ACA system-wide. nUse PROC120 WORD1 to set ACA call limits and number of calls thresholds. nUse PROC286 WORD1 FIELD3 to send the alarms and/or reports to an attendant. Busy Verification When toll fraud is suspected, you can interrupt the call on a specified trunk group and monitor the call in progress. Callers will hear a long tone to indicate the call is being monitored. For DEFINITY ECS, DEFINITY G1, G3, and System 75: nUse change station to display the Station screen for the station that will be assigned the Busy Verification button. nIn the Feature Button Assignment field, enter verify. nTo activate the feature, press the Verify button and then enter the Trunk Access Code and member number to be monitored. For DEFINITY G2 and System 85: nAdminister a Busy Verification button on the attendant console. nTo activate the feature, press the button and enter the trunk access code and the member number. Protecting the AUDIX, DEFINITY AUDIX, and Lucent Technologies INTUITY Voice Mail Systems Toll fraud is possible when the application allows the incoming caller to make a network connection with another person. Thus, bridging to an outbound call, call transfer, and 3-way-conferencing are vulnerable areas and should be protected. Unauthorized System Use You can minimize the risk of unauthorized people gaining access to your system by strictly following the compliance guidelines for, and using the aging feature of, your Voice Mail (vm) and AUDIX System Administration (sa) passwords. Additionally, a new option — the trusted server — has been introduced in this release. The trusted server has direct access to AUDIX and its functionality. The same strict adherence to guidelines of trusted server passwords as with administration passwords is strongly recommended. This section discusses security considerations for these topics.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Voice Messaging Systems Page 5-16 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 5 Administration Passwords Your INTUITY AUDIX system comes equipped with administrative password features and options that you control to assist you in securing your system. These include: nChange default administrator password nAdministrator password standards nAdministrator password aging Changing the Default Administrator Password. When you first get your system, both the sa (system administrator) and vm (voice mail administrator) logins come with a default password. You are required to change this password immediately. Administrator Password Standards. There are certain minimum standards passwords must follow to comply with the system’s standards. Administration of Password Aging. You can administer several parameters of the password aging feature that will enhance the level of security the system maintains. Password aging ensures that administration passwords are changed at reasonable intervals. Use the Password Expiration feature for administrative logins to reduce the danger of unauthorized system access. Some people tend to change a password when they must do so and then, shortly afterwards, to change back to an old familiar password. Administering the Minimum Age Before Changes feature makes it inconvenient to use this tactic. Three new items were added to the Lucent I NTUITY menu system to define the limits associated with password aging. They are listed below: nPassword Expiration nMinimum Age Before Changes nExpiration Warning These items can be located by selecting Customer/Services Administration from the Main Menu. Trusted Server Security A trusted server is a computer or a software application in a domain outside of I NTUITY AUDIX that uses its own login and password to launch a Lucent INTUITY Messaging Applications Programming Interface (IMAPI) LAN session and access AUDIX mailboxes. Two examples of trusted servers are: nSynchronizer software running on an e-mail server nEnhanced List Application (ELA) software running as a server on the Lucent I NTUITY
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Voice Messaging Systems Page 5-17 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 5 Trusted servers can access and manipulate an AUDIX message just as the AUDIX application can do. (See Lucent Technologies INTUITY Messaging Solutions Release 4 Administration , 585-310-564 for in-depth discussions and definitions of trusted servers, domains, and integration of e-mail and other trusted server software with AUDIX.) Securing a system that allows access from another domain involves a two-pronged approach. You must consider security from both an internal and an external perspective. External security involves administration to prevent access from an unauthorized source, such as a trusted server or trusted server administrator. Internal security focuses on preventing, or recovering from, damage if a breach occurs (for example, a virus is transmitted in a message component, such as an attached software file). External Security for Trusted Servers. The trusted server is empowered to do everything to a user mailbox that an AUDIX user can do. You must administer a password that the trusted server application uses to request a connection to the AUDIX server. Additionally, to prevent unauthorized access through IMAPI into your system from an external source, such as a trusted server, you can administer an IMAPI password that the trusted server must also use when connecting to AUDIX. This IMAPI password prevents an unauthorized source from starting an IMAPI session and is used as a secondary layer of security in addition to the required trusted server password. While administration of the IMAPI password is optional, it is strongly recommended . If you choose to administer this password, it is further recommended that you change it on a regular basis (for example, monthly). (If you have your administrator’s password set to age automatically, you could use the system prompt telling you that your password must be changed as a reminder to change the IMAPI password, as well.) The two new trusted server screens that have been added for Release 4 are Trusted-Server Profile and IMAPI-Password. Instructions for their administration are in Lucent Technologies INTUITY Messaging Solutions Release 4 Administration , 585-310-564. Internal Security. I NTUITY AUDIX R4 allows the transmission between domains of two new message components, including text (e-mail) and binary (software) file attachments. Within the AUDIX system, Message Manager supports these message components as well. With these new components come new security considerations, namely the inadvertent delivery of a “virus” that may be embedded in a file attachment. This can occur in any system that supports the delivery of binary files. While the AUDIX machine cannot be infected with viruses embedded in these software files, client machines may become infected when a user launches the application associated with the software file. AUDIX does not perform any virus detection. Your company should carefully evaluate the security risks of file attachments and make provisions for virus detection software on PCs running an e-mail application or Message Manager. Your PC/LAN administrator(s) likely has considerable experience detecting and
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Voice Messaging Systems Page 5-18 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 5 preventing the transmission of software viruses that you can use when planning for e-mail. Furthermore, your administrator has minimum requirements that the AUDIX server and e-mail server must meet to be allowed on the company network at all. At a minimum, you should advise your users that file attachments should be detached ( not launched) and scanned for viruses before use. Traffic Reports (AUDIX Voice Mail System Only) The AUDIX Voice Mail System provides tracking of traffic data over various timespans. Reviewing these reports on a regular basis helps to establish traffic trends. If increased activity or unusual usage patterns occur, such as heavy call volume on ports assigned to outcalling, they can be investigated immediately. Beginning with AUDIX Voice Mail System R1V2, the AUDIX Data Acquisition Package (ADAP) uses a PC to provide extended storage and analysis capabilities for the traffic data. Call Detail Recording (AUDIX Voice Mail System Only) For the AUDIX Voice Mail System R1V5 and later, this optional feature provides a detailed view of the activity associated with each voice mail session, outgoing calls, and system-wide activity. Voice Session Record (AUDIX Voice Mail System Only) The activity for each individual voice mailbox is recorded in a Voice Session Record. A voice session begins whenever a caller attempts to log into the AUDIX Voice Mail System, is redirected to the voice mail system for call answering, enters , or , transfers from one automated attendant to another (nested), or is transferred by the Enhanced Automated Attendant feature. The record reveals the routing of the call, including the caller (if internal), recipient, port, community, Mailbox IDs (corresponds to the voice mail system subscriber’s extension number input during a login or as input by the calling party), the time and duration of the call, the type of session (voice mail, call answer, guest password, or automated attendant), the message activity, and number of login attempts. Also reported is the session termination method. Each possible termination method is assigned a value as shown in Table 5-4 . This information can be downloaded to a PC using ADAP to be available on demand or at scheduled intervals. *R**R