Home > Lucent Technologies > Communications System > Lucent Technologies BCS Products Security Handbook Instructions Manual

Lucent Technologies BCS Products Security Handbook Instructions Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Lucent Technologies BCS Products Security Handbook Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-49 PARTNER II Communications System 
    5
    — Assign a Class of Service that provides outcalling privileges (for 
    PARTNER MAIL Release 1, assign 4, 5, 6, or 8; for PARTNER MAIL 
    Release 3, assign 3,4, or 6) only to those mailboxes requiring these 
    privileges.
    — Assign Classes of Service 1-6 (for PARTNER MAIL Release 1) or 
    1-4 and 20-23 (for PARTNER MAIL Release 3), Transfer Permitted, 
    only to mailboxes for which the mailbox number is a real extension 
    on the PARTNER II Communications System. Use Classes of 
    Service 7-9 (for PARTNER MAIL Release 1) or 5, 6, and 15-19 (for 
    PARTNER MAIL Release 3), Transfer Not Permitted, for all 
    mailboxes for which there is no corresponding extension on the 
    PARTNER II Communications System.
    — If outcalling is not used, assign system mailboxes (90 to 98, and 
    9997 to 9999) to Class of Service (COS) 7 or 9 (for PARTNER MAIL 
    Release 1) or 5, 15-17,18, 19 (for PARTNER MAIL 
    Release 3).
    nRequire employees who have voice mailboxes to use passwords to protect 
    their mailboxes.
    nRequire the System Administrator and all voice mailbox owners to change 
    their password from the default.
    nThe System Administrator can set the Minimum Password Length to any 
    value from 0-15 digits. The default value is six digits. Every subscriber’s 
    mailbox password and the System Administration Password must be 
    at 
    least
     six digits.
    NOTE:
    A Minimum Password Length of at least six digits is strongly 
    recommended. The shorter the Minimum Password Length, the more 
    vulnerable your system is to abuse by unauthorized persons. Choose 
    the largest acceptable minimum length in order to maximize the 
    security of your system.
    nInstruct employees not to make a statement, in their recorded greeting, 
    indicating that they will accept collect calls.
    nHave the voice messaging System Administrator delete unneeded voice 
    mailboxes from the system immediately.
    nThe Security Violation Notification feature enables the System 
    Administrator to choose to be warned about possible mailbox break-in 
    attempts. The System Administrator can choose from the following options:
    nMailbox Lock — Locks the subscriber’s mailbox and sends a 
    warning message to the mailbox owner’s mailbox and the System 
    Administrator’s mailbox.
    nWarning Message — Sends a warning message to the mailbox 
    owner’s mailbox and the System Administrator’s mailbox (factory 
    setting). 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-50 PARTNER Plus Communications System 
    5
    nNo Security Notification (strongly discouraged).
    nProgram the PARTNER II Communications System to:
    — Block direct access to outgoing lines and force the use of account 
    codes and/or authorization codes. 
    — Assign toll restrictions to individual’s phones, especially in public 
    areas.
    — If you do not need to use the Outcalling feature of the PARTNER 
    MAIL System, completely restrict the outward calling capability of its 
    system ports by using Inside Calls Only.
    — If outcalling is required, assign outgoing call restriction local only 
    with the appropriate toll call prefix to ports used for outcalling. 
    Assign applicable allowed and disallowed number lists to the 
    PARTNER MAIL System ports used for outcalling. Two-port 
    PARTNER MAIL Systems use port 2 for outcalling. Four-port 
    systems use port 4 for outcalling. Six-port systems use ports 5 and 6 
    for outcalling. Outward restrict all other ports.
    PARTNER Plus Communications 
    System 
    The PARTNER Plus Communications System R3.1 and later releases support the 
    PARTNER MAIL System, and the PARTNER MAIL VS System.
    For information on these systems, see ‘‘
    Protecting the PARTNER MAIL and 
    PARTNER MAIL VS Systems’’ on page 5-50.
    Also see ‘‘Related Documentation’’ in the ‘‘About This Document’’ section for a list 
    of manuals on these products.
    Protecting the PARTNER MAIL and PARTNER
    MAIL VS Systems
    The PARTNER MAIL and PARTNER MAIL VS Systems provide automated 
    attendant, call answer, and voice mail functionality. The automated attendant 
    feature answers incoming calls and routes them to the appropriate department or 
    person. The call answer feature provides call coverage to voice mailboxes. The 
    voice mail feature provides a variety of voice messaging features.
    Unauthorized persons try to locate unused or unprotected mailboxes and use 
    them as dropoff points for their own messages, especially if inbound calls are free 
    (for example, 800 inbound service). 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-51 PARTNER Plus Communications System 
    5
    Protecting Passwords
    For PARTNER MAIL Release 1 and all releases of PARTNER MAIL VS, 
    passwords can be up to four digits. For PARTNER MAIL Release 3, passwords 
    can be up to 15 digits in length. See ‘‘
    Administration / Maintenance Access’’ on 
    page 2-4 and ‘‘General Security Measures’’ on page 2-7 for secure password 
    guidelines. See Appendix E for information on how to change passwords in the 
    PARTNER MAIL System and the PARTNER MAIL VS System.
    Security Tips
    nMonitor SMDR reports and/or Call Accounting System reports for outgoing 
    calls that might be originated by internal and external abusers.
    nFor PARTNER MAIL System mailboxes, exercise caution when assigning a 
    Class of Service.
    — Assign a Class of Service that provides outcalling privileges (for 
    PARTNER MAIL Release 1 and PARTNER VS, assign 4, 5, 6, or 8; 
    for PARTNER MAIL Release 3, assign 3,4, or 6) only to those 
    mailboxes requiring these privileges.
    — Assign Classes of Service 1-6 (for PARTNER MAIL Release 1 and 
    PARTNER VS) or 1-4 and 20-23 (for PARTNER MAIL Release 3), 
    Transfer Permitted, only to mailboxes for which the mailbox number 
    is a real extension on the PARTNER Plus Communications System. 
    Use Classes of Service 7-9 (for PARTNER MAIL Release 1 and 
    PARTNER VS) or 5, 6, and 15-19 (for PARTNER MAIL Release 3), 
    Transfer Not Permitted, for all mailboxes for which there is no 
    corresponding extension on the PARTNER Plus Communications 
    System.
    — If outcalling is not used, assign system mailboxes (90 to 98, and 
    9997 to 9999) to Class of Service (COS) 7 or 9 (for PARTNER MAIL 
    Release 1) or 5, 15-17,18, 19 (for PARTNER MAIL 
    Release 3).
    nRequire employees who have voice mailboxes to use passwords to protect 
    their mailboxes.
    nRequire the System Administrator and all voice mailbox owners to change 
    their password from the default.
    nThe System Administrator can set the Minimum Password Length to any 
    value from 0-15 digits. The default value is six digits. Every subscriber’s 
    mailbox password and the System Administration Password must be 
    at 
    least
     six digits.
    NOTE:
    A Minimum Password Length of at least six digits is strongly 
    recommended. The shorter the Minimum Password Length, the more 
    vulnerable your system is to abuse by unauthorized persons. Choose  
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-52 System 25 
    5
    the largest acceptable minimum length in order to maximize the 
    security of your system.
    nInstruct employees not to make a statement, in their recorded greeting, 
    indicating that they will accept collect calls.
    nHave the voice messaging System Administrator delete unneeded voice 
    mailboxes from the system immediately.
    nThe Security Violation Notification feature enables the System 
    Administrator to choose to be warned about possible mailbox break-in 
    attempts. The System Administrator can choose from the following options:
    nMailbox Lock — Locks the subscriber’s mailbox and sends a 
    warning message to the mailbox owner’s mailbox and the System 
    Administrator’s mailbox.
    nWarning Message — Sends a warning message to the mailbox 
    owner’s mailbox and the System Administrator’s mailbox (factory 
    setting).
    nNo Security Notification (strongly discouraged).
    nProgram the PARTNER Plus Communications System to:
    — Block direct access to outgoing lines and force the use of account 
    codes and/or authorization codes. 
    — Assign toll restrictions to individual’s phones, especially in public 
    areas.
    — If you do not need to use the Outcalling feature of the PARTNER 
    MAIL System, completely restrict the outward calling capability of its 
    system ports by using Inside Calls Only.
    — If outcalling is required, assign outgoing call restriction local only 
    with the appropriate toll call prefix to ports used for outcalling. 
    Assign applicable allowed and disallowed number lists to the 
    PARTNER MAIL System ports used for outcalling. Two-port 
    PARTNER MAIL Systems use port 2 for outcalling. Four-port 
    systems use port 4 for outcalling. Six-port systems use ports 5 and 6 
    for outcalling. Outward restrict all other ports.
    System 25
    System 25 may be used with the AUDIX Voice Power System. (For information on 
    this system, see ‘‘
    Protecting the AUDIX Voice Power System’’ on page 5-53.)
    Also see ‘‘Related Documentation’’ in the ‘‘About This Document’’ section for a list 
    of manuals on this product.
    Follow the steps listed below for securing a voice processing system on the 
    System 25.
    nOutward restrict the voice processing ports whenever possible. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-53 System 25 
    5
    nUse the voice processing system’s maximum extension length, valid 
    extension range, and transfer to subscriber only feature, if available.
    nTightly control system administration access to these systems.
    nProgram the System 25 to:
    — Block direct access to outgoing lines and force the use of account 
    codes and/or authorization codes.
    — Disallow trunk-to-trunk transfer unless it is required.
    NOTE:
    This parameter only applies to loop start lines.
    nDo not administer the voice mail/coverage ports for remote call forwarding.
    nMonitor SMDR reports and/or Call Accounting System reports for outgoing 
    calls that might be originated by internal and external abusers.
    Protecting the AUDIX Voice Power System
    The AUDIX Voice Power System provides both automated attendant and voice 
    mail functionality. The automated attendant feature answers incoming calls and 
    routes them to the appropriate department or person. The voice mail feature 
    provides call coverage to voice mailboxes along with a variety of voice messaging 
    features.
    Unauthorized persons concentrate their activities in two areas with the AUDIX 
    Voice Power System:
    nThey try to transfer out of the AUDIX Voice Power System to gain access to 
    an outgoing trunk and make long distance calls.
    nThey try to locate unused or unprotected mailboxes and use them as 
    dropoff points for their own messages.
    Protecting Passwords
    The AUDIX Voice Power System offers password protection to help restrict 
    unauthorized access. Subscribers should use a maximum length password and 
    should change it routinely. Passwords can be up to 9 digits. See ‘‘
    Administration / 
    Maintenance Access’’ on page 2-4 and ‘‘General Security Measures’’ on page 2-7 
    for secure password guidelines. See Appendix E for information on how to change 
    passwords.
    Security Tips
    The following security measures assist you in managing features of the AUDIX 
    Voice Power System to help prevent unauthorized use.
    nSet Transfer to Subscribers Only to yes. This limits transfers to valid 
    extensions. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-54 System 25 
    5
    nIf you have Release 1.0 of the AUDIX Voice Power System, implement all 
    appropriate security measures on the PBX side.
    nRequire employees who have voice mailboxes to use passwords to protect 
    their mailboxes. See ‘‘
    Administration / Maintenance Access’’ on page 2-4 
    and ‘‘
    General Security Measures’’ on page 2-7 for secure password 
    guidelines.
    nMake sure subscribers change the default password the first time they log 
    in to the AUDIX Voice Power System.
    nHave the AUDIX Voice Power System Administrator delete unneeded 
    voice mailboxes from the system immediately.
    nOn the System Parameters form, use the maximum number of digits 
    allowable for extension entry (six). This will make it more difficult for 
    criminals to guess the login and password combinations of your users.
    nSet up auto attendant selection codes so that they do not permit outside 
    line selection.
    nAssign toll restriction levels to the AUDIX Voice Power System ports.
    nIf you do not need to use the Outcalling feature of the AUDIX Voice Power 
    System, completely restrict the outward calling capability of the AUDIX 
    Voice Power System ports.
    nDisallow transfers to extensions not registered as valid subscribers.
    !WARNING:
    Entering “#” transfers calls to the switch; that is, the transfer feature is 
    always available and appropriate outgoing port restrictions must be in place 
    to avoid toll fraud.
    Security Measures
    The security measures described in this section do not apply if you are using 
    Release 1.0 of the AUDIX Voice Power System. In this case, use PBX restrictions.
    Transfer Only to System Subscribers
    The AUDIX Voice Power System has the ability to allow callers to transfer only to 
    mailbox subscribers. When an AUDIX Voice Power System caller requests a 
    transfer using     followed by an extension number, the AUDIX Voice Power 
    System can compare the extension number entered with the valid extension 
    numbers administered in the subscriber database.
    If the extension is invalid, the transfer is denied and an error message is played to 
    the caller. However, it does not prevent transfers from pre-administered dial 
    strings in the automated attendant from accessing the outgoing facilities. Refer to 
    Chapter 6 for procedures to restrict the automated attendant ports.
    nOn the AUDIX Voice Power System, within the System Parameter 
    Administration form, enter yes in the Transfer to Subscribers Only field.
    *T 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Voice Messaging Systems 
    Page 5-55 System 25 
    5
    NOTE:
    You cannot use this security measure if calls are transferred to 
    people in your company who are not AUDIX Voice Power System 
    subscribers (see ‘‘
    Limit Transfers Out of the System’’ on page 5-30). 
    Limit Transfers Out of the System
    When you need to allow transfers to people who are not AUDIX Voice Power 
    System subscribers, you can add their extension numbers to the AUDIX Voice 
    Power System subscriber database, but restrict access to their voice mailboxes. 
    nOn the System Parameter Administration form, enter yes in the Transfer to 
    Subscriber Only field.
    nOn the Subscriber Administration form, add each extension number for 
    non-AUDIX Voice Power System subscribers.
    nEnter # in the Subscriber Password field to prevent access to the 
    corresponding voice mail.
    nEnter yes in the Does the subscriber have switch call coverage field. On 
    the switch side, do not specify the AUDIX Voice Power System extension 
    as a coverage point for any of these added extensions.
    NOTE:
    Although these restricted voice mailboxes cannot receive Call Answer 
    messages, they do receive broadcast messages and even may receive a 
    misdirected message from another subscriber. To save storage space, you 
    should periodically clean out these mailboxes by accessing the restricted 
    mailboxes and deleting all messages.
    NOTE:
    On AUDIX Voice Power System 2.1.1, mailboxes can be set individually to 
    “1 minute,” reducing the clean-up required to service these mailboxes. 
    						
    							Automated Attendant 
    Page 6-1 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
    6
    BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    6
    6Automated Attendant
    DEFINITY ECS, DEFINITY 
    Communications Systems, System 75, 
    and System 85
    Automated attendant is a service that connects to the PBX/communications 
    system to help route calls to the appropriate extension. A menu of options allows 
    callers to choose a predefined destination, such as a department, announcement, 
    or an attendant, or a user-defined destination, such as an extension number.
    Many automated attendant systems are vulnerable to toll fraud and are easy 
    targets for toll hackers. Although there are some steps you can take to tighten the 
    security of the automated attendant itself, additional steps must be taken on 
    the switch side to reduce the risk of toll fraud.
    Security Tips
    nNever allow a menu choice to transfer to an outgoing trunk without a 
    specific destination.
    nWhen a digit (  through  ) is not a menu option, program it to transfer to 
    an attendant, an announcement, a disconnect, or other intercept treatment.
    nThis tip does not apply to the AUDIX Voice Mail System:
    When   or   are Feature Access Codes for the switch, make sure the 
    same numbers on the automated attendant menu are either translated to 
    an extension or, if not a menu option, are programmed to transfer to an 
    attendant, an announcement, a disconnect, or other intercept treatment.
    nAUDIX Voice Mail System owners: use Enhanced Call Transfer. Apply the 
    appropriate security measures described in Chapter 5.
    09
    89 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Automated Attendant 
    Page 6-2 DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85 
    6
    Tools that Prevent Unauthorized Calls
    You can help prevent unauthorized callers who enter the automated attendant 
    system from obtaining an outgoing facility by using the security tools shown in 
    Table 6-1
    .
    Facility Restriction Levels
    The switch treats all the PBX ports used by automated attendant systems as 
    stations. Therefore, each automated attendant port can be assigned a COR with 
    an FRL associated with the COR. FRLs provide for eight different levels of 
    restrictions for AAR/ARS/WCR calls. FRLs are used in combination with calling 
    permissions and routing patterns and/or preferences to determine where calls can 
    be made. FRLs range from 0 to 7, with each number representing a different level 
    of restriction (or no restrictions at all).
    The FRL is used for the AAR/ARS/WCR feature to determine call access to an 
    outgoing trunk group. Outgoing call routing is determined by a comparison of the 
    FRLs in the AAR/ARS/WCR routing pattern to the FRL associated with the 
    COR/COS of the call originator.
    The higher the station FRL number, the greater the calling privileges. For 
    example, if a station is not permitted to make outside calls, assign it an FRL value 
    of 0. Then ensure that the FRLs on the trunk group preferences in the routing 
    patterns are 1 or higher.
    For example, when automated attendant ports are assigned to a COR with an 
    FRL of 0, outside calls are disallowed. If that is too restrictive, the automated 
    Table 6-1. Automated Attendant Security Tools
    Security ToolSwitch Page #
    Enhanced Call Transfer (see 
    ‘‘
    Protecting the AUDIX, 
    DEFINITY AUDIX, and Lucent 
    Technologies INTUITY Voice 
    Mail Systems’’)DEFINITY ECS, DEFINITY 
    G1, G2, G3, System 75 R1V3 
    Issue 2.0, System 85 R2V45-15
    Facility Restriction Levels* All6-2
    Station-to-Trunk Restrictions* All6-3
    Class of Restriction DEFINITY ECS, DEFINITY 
    G1, G3, and System 756-3
    Class of Service DEFINITY G2 and System 856-3
    Toll Analysis DEFINITY ECS, DEFINITY 
    G1, G2, G3, and System 856-5 
    						
    All Lucent Technologies manuals Comments (0)

    Related Manuals for Lucent Technologies BCS Products Security Handbook Instructions Manual