Home > Lucent Technologies > Communications System > Lucent Technologies BCS Products Security Handbook Instructions Manual

Lucent Technologies BCS Products Security Handbook Instructions Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Lucent Technologies BCS Products Security Handbook Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							BCS Products
    Security Handbook  
    555-025-600  
    Issue 6
    December 1997
    Contents 
    Page xi  
    nToll Fraud Contact ListG-5
    H Product Security Checklists H-1
    nGeneral Security ProceduresH-3
    nAUDIX, DEFINITY AUDIX and INTUITY AUDIX Voice 
    Messaging SystemsH-5
    nAUDIX Voice Power SystemH-7
    nBasicWorksH-9
    nCONVERSANT Voice Information SystemH-13
    nDEFINITY ECS, DEFINITY G1 and G3, and System75H-15
    nDEFINITY G2 and System85H-21
    nDIMENSION PBX SystemH-25
    nLucent Technologies/Bay NetworksH-28
    nMERLIN II Communications SystemH-29
    nMERLIN LEGEND Communications SystemH-31
    nMERLIN MAIL Voice Messaging SystemH-34
    nMERLIN MAIL-ML Voice Messaging SystemH-36
    nMERLIN MAIL R3 Voice Messaging SystemH-38
    nMERLIN Plus Communications SystemH-41
    nMultimedia Communications Exchange ServerH-42
    nMultipoint Conferencing Unit
    (MCU)/Conference Reservation and
    Control System (CRCS)H-43
    ESM Security ChecklistH-45
    CRCS Security ChecklistH-47
    MSM Security ChecklistH-48
    nPARTNER II and PARTNER Plus
    Communications SystemsH-53
    nPARTNER MAIL and PARTNER MAIL VS SystemsH-56
    nSystem25H-58
    nPassageWay Telephony ServicesH-60
    I Large Business Communications
    Systems Security Tools by Release I-1
    GL Glossary 1
    IN Index IN-1 
    						
    							BCS Products
    Security Handbook  
    555-025-600  
    Issue 6
    December 1997
    Contents 
    Page xii   
    						
    							About This Document 
    Page xiii Scope of this Handbook 
    BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    About This Document
    Scope of this Handbook
    This handbook discusses security risks and measures that can help prevent 
    external telecommunications fraud involving the following Lucent Technologies 
    products:
    Communications Server:
    nDEFINITY® Enterprise Communications Server (ECS) Release 5 and later 
    PBX systems:
    nDEFINITY® Generic 1, 2, and 3 Communications Systems 
    nMERLIN® II Communications System
    nMERLIN LEGEND® Communications System
    nMERLIN® Plus Communications System
    nPARTNER® II Communications System
    nPARTNER® Plus Communications System
    nSystem 25 Communications System
    nSystem 75 (R1V1, R1V2, R1V3)
    nSystem 85 (R1, R2V2, R2V3, R2V4)
    Voice processing systems:
    nAUDIX® Voice Mail System
    nAUDIX® Voice Power® System
    nCONVERSANT® Voice Information System 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    About This Document 
    Page xiv Scope of this Handbook 
    nDEFINITY® AUDIX® System
    nINTUITY™ AUDIX® Voice Messaging System
    nINTUITY™ CONVERSANT® Voice Information System
    nMERLIN MAIL® Voice Messaging System
    nMERLIN MAIL®-ML Voice Messaging System
    nMERLIN MAIL® R3 Voice Messaging System
    nPARTNER MAIL® System
    nPARTNER MAIL VS® System
    Other products and services:
    nCall Management System (R3V2)
    nCallMaster® PC
    nMultipoint Conferencing Unit (MCU)
    nPassageWay® Telecommunications Interface
    nTransTalk™ 9000 Digital Wireless System
    nTelephony Services for Netware®
    NOTE:
    Although the DIMENSION® Call Management System is not covered 
    explicitly in this handbook, the information supplied for System 85 Release 2 
    applies to the DIMENSION PBX System as well.
    NOTE:
    This document describes switch features and how they are related to 
    security. It is not designed to fully describe the capabilities of each feature. 
    For further details about all the security features and their interactions with 
    other system features, refer to the appropriate system manual for your 
    telecommunications system. (See ‘‘
    Related Documentation’’ in this chapter 
    for titles and document numbers.)
    For the latest updates on the security of products, the following options are 
    available:
    nPurchase the Toll Fraud Prevention training video
    This videotape is divided into three segments: general information to 
    illustrate the impact of toll fraud, testimony taken from a real hacker, and 
    interviews with toll fraud victims. Covered topics include hacker access 
    techniques, toll fraud issues, safeguard features, effective system 
    management, security plans, and security monitoring solutions. To order, 
    call the Lucent Technologies Sourcebook Catalog at 1 800 635-8866, then 
    select prompt #1, PEC 1469-021. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    About This Document 
    Page xv Reason for Reissue 
    nEnroll in Lucent Technologies BCS Advanced Security for DEFINITY 
    ECS
    This advanced 2-day training course provides additional technical methods 
    and procedures in recognizing and preventing toll fraud for the DEFINITY 
    user. To enroll, call 1 800 255-8988, PEC 1460-095.
    Reason for Reissue
    This issue, Issue 6 of the GBCS Products Security Handbook, updates 
    information to include the following:
    nChanges in the text to reflect the addition of the DEFINITY Enterprise 
    Communications Server Release 5 and Release 6
    nThe Security Violations Measurement Reports used with the DEFINITY 
    switch
    nMERLIN LEGEND Release 3.1, 4.0, 4.1, 4.2, and 5.0
    nMERLIN LEGEND MAIL
    nPARTNER MAIL Release 3
    nINTUITY AUDIX® used with MERLIN LEGEND
    Minor edits and other additions have also been included in this issue.
    Intended Audience
    Telecommunications managers, console operators, and security organizations 
    within a company should be aware of the information in Chapters 1 and 2. 
    Chapter 3 introduces more technical information and is directed at people 
    responsible for implementing and administering the security aspects of systems.
    Appendices A through D expand upon technical information in the handbook and 
    are intended for use by the system administrator. Appendices E, F, H, and I have 
    application throughout the organization. Appendix G is specifically intended for 
    telecommunications management personnel with responsibilities for implementing 
    a security policy. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    About This Document 
    Page xvi How this Guide is Organized 
    How this Guide is Organized
    The GBCS Products Security Handbook has the following chapters and 
    appendices:
    Chapter 1: Introduction Provides a background for toll fraud.
    Chapter 2: Security 
    RisksDiscusses the major areas in which customer 
    premises equipment-based systems are vulnerable, 
    and introduces available security measures.
    Chapter 3: Large 
    Business 
    Communications 
    SystemsProvides information on protecting the DEFINITY 
    ECS Release 5 and later, DEFINITY 
    Communications System Generic 1, Generic 2, and 
    Generic 3, System 75, and System 85. Details how 
    Remote Access is vulnerable to toll fraud, explains 
    numerous system security features, and provides 
    detailed procedures.
    Chapter 4: Small 
    Business 
    Communications 
    SystemsProvides information on protecting the MERLIN II, 
    MERLIN LEGEND, MERLIN Plus, PARTNER II, 
    PARTNER Plus, and System 25 Communications 
    Systems. Details product features that are 
    vulnerable to toll fraud, such as Remote Access 
    and Remote Call Forwarding, and recommends 
    security measures.
    Chapter 5: Voice 
    Messaging SystemsProvides information on protecting voice messaging 
    systems. Explains the tools available and 
    recommends security measures.
    Chapter 6: Automated 
    AttendantProvides information on protecting Automated 
    Attendant systems. Explains the features available 
    and recommends security measures.
    Chapter 7: Other 
    Products and ServicesProvides information to protect other Lucent 
    Technologies products and services from toll fraud.
    Appendix A: Call 
    RoutingDetails call flow through a customer premises 
    equipment-based system.
    Appendix B: Blocking 
    CallsProvides procedures for blocking calls to common 
    toll fraud destinations.
    Appendix C: Remote 
    Access Example (G1, 
    G3, and System 75)Offers an example of how to set up Remote Access 
    and an example of how to disable it.
    Appendix D: 
    Administering Features 
    of the DEFINITY G3V3 
    and LaterProvides information on administering features 
    available in DEFINITY Releases G3V3 and later, 
    including the DEFINITY ECS Release 5 and 6. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    About This Document 
    Page xvii Lucent Technologies’ Statement of Direction 
    Lucent Technologies’ Statement of 
    Direction
    The telecommunications industry is faced with a significant and growing problem 
    of theft of customer services. To aid in combating these crimes, Lucent 
    Technologies intends to strengthen relationships with its customers and its 
    support of law enforcement officials in apprehending and successfully prosecuting 
    those responsible.
    No telecommunications system can be entirely free from the risk of unauthorized 
    use. However, diligent attention to system management and to security can 
    reduce that risk considerably. Often, a trade-off is required between reduced risk 
    and ease of use and flexibility. Customers who use and administer their systems 
    make this trade-off decision. They know how to best tailor the system to meet their 
    unique needs and, necessarily, are in the best position to protect the system from 
    unauthorized use. Because the customer has ultimate control over the 
    configuration and use of Lucent Technologies services and products it purchases, 
    the customer properly bears responsibility for fraudulent uses of those services 
    and products.
    To help customers use and manage their systems in light of the trade-off 
    decisions they make and to ensure the greatest security possible, Lucent 
    Technologies commits to the following:
    nLucent Technologies products and services will offer the widest range of 
    options available in the industry to help customers secure their 
    communications systems in ways consistent with their telecommunications 
    needs. Appendix E: Changing 
    Your PasswordTells how to change passwords for systems in the 
    handbook.
    Appendix F: Toll Fraud 
    Job AidsProvides job aids to help prevent toll fraud.
    Appendix G: Special 
    Security Product and 
    Service OffersDetails special product and service offers and 
    provides a toll fraud contact list.
    Appendix H: Product 
    Security ChecklistsLists the available security features and tips by 
    product.
    Appendix I: Large 
    Business 
    Communications 
    Systems Security Tools 
    by ReleaseDetails security tools referenced in this guide, for 
    the System 75, System 85, DEFINITY ECS, and 
    DEFINITY Communications Systems by release. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    About This Document 
    Page xviii Lucent Technologies/Customer Security Roles and Responsibilities 
    nLucent Technologies is committed to develop and offer services that, for a 
    fee, reduce or eliminate customer liability for PBX toll fraud, provided the 
    customer implements prescribed security requirements in its 
    telecommunications systems.
    nLucent Technologies’ product and service literature, marketing information 
    and contractual documents will address, wherever practical, the security 
    features of our offerings and their limitations, and the responsibility our 
    customers have for preventing fraudulent use of their Lucent Technologies 
    products and services.
    nLucent Technologies sales and service people will be the best informed in 
    the industry on how to help customers manage their systems securely. In 
    their continuing contact with customers, they will provide the latest 
    information on how to do that most effectively.
    nLucent Technologies will train its sales, installation and maintenance, and 
    technical support people to focus customers on known toll fraud risks; to 
    describe mechanisms that reduce those risks; to discuss the trade-offs 
    between enhanced security and diminished ease of use and flexibility; and 
    to ensure that customers understand their role in the decision-making 
    process and their corresponding financial responsibility for fraudulent use 
    of their telecommunications system.
    nLucent Technologies will provide education programs for internal and 
    external customers to keep them apprised of emerging technologies, 
    trends, and options in the area of telecommunications fraud.
    nAs new fraudulent schemes develop, Lucent Technologies will promptly 
    initiate ways to impede those schemes, share our learning with our 
    customers, and work with law enforcement officials to identify and 
    prosecute fraudulent users whenever possible.
    We are committed to meeting and exceeding our customers’ expectations, and to 
    providing services and products that are easy to use and high in value. This 
    fundamental principle drives Lucent Technologies’ renewed assault on the 
    fraudulent use by third parties of our customers’ communications services and 
    products.
    Lucent Technologies/Customer 
    Security Roles and Responsibilities
    The purchase of a telecommunications system is a complicated process involving 
    many phases, including: system selection, design, ordering, implementation, and 
    assurance testing. Throughout these phases, customers, vendors, and their 
    agents each have specific roles and responsibilities. Insuring that systems are 
    designed, ordered, installed, and maintained in a secure fashion is a responsibility 
    each organization must understand.
    Lucent Technologies, seeking to be our customers’ Partner of Choice, clearly 
    defined its mission in this area in a Statement of Direction issued in May, 1992.  
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    About This Document 
    Page xix Lucent Technologies/Customer Security Roles and Responsibilities 
    (See the preceding section.) More specifically, Lucent Technologies BCS 
    recognized four areas where we or our agents had specific responsibilities to our 
    customers. These areas, and our responsibilities in each area, are detailed in the 
    next section, “Lucent Technologies’ Roles and Responsibilities.”
    In addition, customers have specific responsibilities to insure the system they are 
    installing is as secure as their requirements dictate. The following quote is from 
    A Cooperative Solution to the Fraud that Targets Telecom Systems, a position 
    paper developed by the Toll Fraud Prevention Committee (TFPC) of the Alliance 
    for Telecommunications Industry Solutions: 
    “It is necessary to stress that the business owner, the owner or lessee of 
    the CPE [Customer Premises Equipment], has the primary and paramount 
    care, custody, and control of the CPE. The owner has the responsibility to 
    protect this asset, the telecommunications system equally as well as other 
    financial assets of the business.”
    This document attempts to define industry standards for the roles and 
    responsibilities of the various organizations involved in a system implementation. 
    Portions of this document are applicable to this document and are quoted 
    throughout. Customers interested in the entire document can receive copies by 
    contacting the Alliance for Telecommunications Industry Solutions, 1200 G Street, 
    NW, Suite 500, Washington, DC 20005.
    Lucent Technologies’ Roles and Responsibilities
    1. Lucent Technologies BCS, as a manufacturer, has the responsibility to 
    PROVIDE the customer with securable technology, the information 
    resources (product documentation) to understand the capabilities of the 
    technology, and the configuration of the equipment when it shipped from 
    the factory.
    2. Lucent Technologies BCS, as a sales organization, has the responsibility to 
    INFORM the customer of potential toll fraud, how it can happen, and what 
    roles and responsibilities Lucent Technologies and the customer need to 
    accept to work together in reducing the customer’s potential for toll fraud.
    3. Lucent Technologies BCS, as a provisioning organization, has the 
    responsibility to ASSIST the customer in understanding the risks inherent 
    in the use of certain equipment features, and the methods available to 
    minimize those risks. Together with the customer Lucent Technologies 
    must come to an agreement on the desired configuration, and insure that 
    customers’ requests are carried out correctly.
    4. Lucent Technologies BCS, as a maintenance provider, has the 
    responsibility to ENSURE that no action, taken by us, serves to introduce 
    risk to the customer’s system. At the very least we must ensure the 
    customer is as secure after our assistance as they were before it. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    About This Document 
    Page xx Lucent Technologies Security Offerings 
    Customer Roles and Responsibilities
    The customer as the business owner has the responsibility to SELECT AND 
    MANAGE the security of their system. Specifically, according to the TFPC of the 
    Alliance for Telecommunications:
    “The basic responsibility of the business owner is to devote adequate 
    resources (time, talent, capital, etc.) to the selection of CPE and to its 
    management, including fraud prevention, detection and deterrence. It is an 
    essential part of managing the business. The owner must demand that the 
    internal staff and supporting external professionals, such as consultants, 
    include security concerns in the evaluation, design, and operation of the 
    telecommunications environment for his/her business.”
    Lucent Technologies Security 
    Offerings
    Lucent Technologies has developed a variety of offerings to assist in maximizing 
    the security of your system. These offerings include:
    nSecurity Audit Service of your installed systems (see Appendix G).
    nSecurity Tune-up Service (see Appendix G).
    nToll Fraud Crisis Intervention Service (see “Lucent Technologies Toll Fraud 
    Crisis Intervention” in this section).
    nThe BCS Product Security Kit, 555-025-601, includes this Security 
    Handbook, a self-paced tutorial that uses diagrams of system 
    administration screens to help customers design security into their 
    systems, and a training video tape addressing customer needs for tools to 
    share within their own companies. The video tape provides customers with 
    valuable information on ways to recognize and defend against toll fraud.
    nThe HackerTracker™ Call Accounting package that calls you when preset 
    types and thresholds of calls are established (see “Lucent Technologies 
    HackerTracker” in Appendix G).
    nRemote Port Security Device (RPSD) that makes it difficult for computer 
    hackers to access the remote maintenance ports (see Appendix G).
    nIntegrated Lock for Security Toolkit (or SoftLock) feature (see Appendix G). 
    This feature provides many of the same options as the RPSD listed above, 
    but whereas the RPSD is a hardware device, the SoftLock feature is a 
    software interface that can be installed directly in the DEFINITY ECS 
    software base. This software can be used only with the DEFINITY ECS 
    Release 6.2 and later.
    nSoftware that can identify the exact digits passed through the voice mail 
    system (AUDIX Data Acquisition Package [ADAP]). See your account 
    representative. 
    						
    All Lucent Technologies manuals Comments (0)

    Related Manuals for Lucent Technologies BCS Products Security Handbook Instructions Manual