Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies BCS Products Security Handbook Instructions Manual
Lucent Technologies BCS Products Security Handbook Instructions Manual
Have a look at the manual Lucent Technologies BCS Products Security Handbook Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-9 Administering the SVN Feature D nAnnouncement Extension Enter an extension that is assigned to an SVN authorization code announcement. The announcement must be recorded for the SVN referral call to be made. A repeating announcement is suggested, especially if the SVN referral call might go to an answering machine. 3.Administer an “asvn-halt” button on any station/attendant console. The location of the SVN button can be determined by entering the display svn-button-location command. Activation of this button stops the placement of authorization code referral calls until the button is deactivated. Administering the Station Security Code Component Page 2 of the Security-Related System Parameters form allows the user to administer parameters relevant to Station Security Codes. This page appears only for Release 5 versions or later of G3. To administer parameters for Station Security Codes, do the following: 1. Access the Security-Related System Parameters form by entering the change system-parameters security command from the command line interface. 2. Populate the following fields: nMinimum Station Security Code Length Enter a minimum Station Security Code length (3 through 8). This value is used to verify all subsequent security code changes; however, any existing security codes are assumed to be valid. Default is 4. nSVN Station Security Code Violation Notification Enabled? Activate (by entering y) or deactivate (by entering n) the security violation notification for Station Security Codes. Default is n. nOriginating Extension This is a dynamic field that is displayed only whenever the “SVN Station Security Code Violation Enabled” field is set to y. Whenever a Station Security Code Security Violation Notification Referral call is made, the extension in this field is internally the originating extension. It has no other significance than that it is not available for use as a normal extension. Enter any unassigned extension containing five digits. nReferral Destination This is a dynamic field that is displayed only whenever the “SVN Station Security Code Violation Notification Enabled” field is set to y. Whenever a Station Security Code SVN Referral call is made, it is made either to the extension (if provided) in this field or to the
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-10 Administering the SVN Feature D attendant (if the field contains attd). If the destination is a station, and if the “Announcement Extension” field is set to blank, the destination must be equipped with a display module. Enter one of the following: an assigned extension containing 5 digits or attd for attendant. nStation Security Code Threshold This value in this field functions in conjunction with the value in the “Time Interval” field. The value in the former field indicates a noteworthy count of invalid attempts in using Station Security Codes which, if exceeded within the time period indicated in the latter field, constitutes a security violation. Whenever this occurs, a Station Security Code Violation Notification Referral call is made. Also, invalid attempts are logged, but they are ignored unless the count of such attempts exceeds the administered threshold. This is a dynamic field that is displayed only whenever the “SVN Station Security Code Violation Notification Enabled” field is set to y. Enter a number between 1 and 255. Default is 10. nTime Interval This value in this field functions in conjunction with the value in the “Station Security Code Threshold” field. The value in the latter field indicates a noteworthy count of invalid attempts in using Station Security Codes which, if exceeded within the time period indicated in the former field, constitutes a security violation. Whenever this occurs, a Station Security Code Violation Notification Referral call is made (unless this capability has been suppressed). This is a dynamic field that is displayed only whenever the “SVN Station Security Code Violation Notification Enabled” field is set to y. Enter a value from 0:01 to 7:59. The first digit represents the hour, and the second and third digits represent the minutes. Default is 0:03. nAnnouncement Extension This field contains an extension corresponding to a recorded announcement that is to be played whenever a Station Security Code SVN Referral call is made. This allows the referral destination to be a phone without a display. This is a dynamic field that is displayed whenever the corresponding “SVN Violation Notification Enabled” field is set to y. Enter a 5-digit extension to be assigned to the appropriate announcement.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-11 Administering Barrier Code Aging D Administering Barrier Code Aging To administer Barrier Code Aging, do the following: 1. Log in with the proper permissions and display the Remote Access form by entering the command change remote access. 2. Once the Remote Access form is displayed, administer Remote Access/Barrier Code Aging by filling in the following fields: nRemote Access Extension Enter an extension number (not a VDN extension) for Remote Access. This extension is associated with each trunk that supports the Remote Access feature. The default for this field is blank. The Remote Access extension is used as if it were a DID extension. Only one DID extension may be assigned as the Remote Access extension. Calls to that number are treated the same as calls on the Remote Access trunk. When a trunk group is dedicated to Remote Access, the Remote Access extension number is administered on the trunk group’s incoming destination field. nBarrier Code Length Enter the desired barrier code length (4 to 7 digits), or leave this field blank indicating that a barrier code is not required. Assigning a barrier code length of 7 provides maximum security. nAuthorization Code Required Enter y if an authorization code must be dialed by Remote Access users to access the system’s Remote Access facilities. The default for this field is “n.” Use of an authorization code in conjunction with barrier codes increases the security of the Remote Access feature. nRemote Access Dial Tone This field appears on the form if the Authorization Code Required field has been set to yes. Enter y in this field if Remote Access dial tone is required as a prompt to the user. For maximum security do not use Authorization Code dial tone. nBarrier Code Assign a barrier code that conforms to the number entered in the barrier code length field. All codes must be 4- to 7-digits. The code can be any combination of the digits 0 through 9. If the Barrier Code length field is blank, the first barrier code field must be specified as none. Duplicate entries are not allowed. The system default for this field is a blank. Assign a 7-digit number in this field for maximum security.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-12 Administering Barrier Code Aging D nClass of Restriction (COR) Enter the COR (0 through 95) associated with the barrier code that defines the call restriction features. The default for this field is 1. Assigning the most restrictive COR that will provide only the level of service required will provided the maximum security. nClass of Service (COS) Enter the COS (0 through 15) associated with the barrier code that defines access permissions for call processing features. The system default for this field is 1. Assigning the most restrictive COS that will provide only the level of service required will provide the maximum security. nExpiration Date Assign an expiration date based on the expected length of time the barrier code will be needed. Enter the date the Remote Access barrier code will expire. Valid entries are a date greater than the current date or a blank. The default is the following day’s date. If you expect the barrier code to be used for a two-week period, assign a date two weeks from the current date. If the Expiration Date is assigned, a warning message will be displayed on the system copyright screen seven days prior to the expiration date, indicating that a barrier code is due to expire. The system administer may modify the expiration date to extend the time interval if needed. nNo. of Calls This field specifies the number of Remote Access calls that can be placed using the associated barrier code. Valid entries are any number from 1 to 9999, or a blank. The default is one call. The Expiration Date field and No. of Calls field can be used independently or, to provide maximum security, they can be used in conjunction with each other. If both the Expiration Date and No. of Calls fields are assigned, the corresponding barrier code will expire when the first of these criteria is satisfied. nCalls Used This field is a display-only field that specifies the number of calls that have been placed using the corresponding barrier code. The Calls Used field is incremented each time a barrier code is successfully used to access the Remote Access feature. NOTE: A usage that exceeds the expected rate may indicate improper use. nPermanently Disable A y entered in this field will permanently disable the Remote Access feature. The Remote Access form will no longer be accessible.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-13 Administering Customer Logins and Forced Password Aging D nDisable following a Security Violation? A y entered in this field will disable the Remote Access feature following a Remote Access security violation. The system administrator may re-enable Remote Access with the enable remote access command. Administering Customer Logins and Forced Password Aging This section contains the following subsections: 1. Adding Customer Logins and Assigning Initial Password 2.Changing a Login’s Attributes 3. Administering Login Command Permissions Adding Customer Logins and Assigning Initial Password For DEFINITY G3V3 and later releases, which includes DEFINITY ECS, the two types of customer logins are: nsuperuser—Provides access to the add, change, display, list, and remove commands for all customer logins and passwords. The superuser can administer any mix of superuser/nonsuperuser logins up to ten system logins. nnonsuperuser—Limits permissions according to restrictions specified by the superuser when administering the nonsuperuser login. A nonsuperuser may change his/her password with permission set by the superuser; however, once a password has been changed, the nonsuperuser must wait 24 hours before changing the password again. The superuser may administer up to ten nonsuperuser logins. To add a customer login you must be a superuser, have administrative permissions, and follow these steps: NOTE: Always use your own unique login — never a Lucent Technologies customer login or variation thereof (for example, “cust,” “rcust,” “cust1,” “rcust1,” etc.). 1. Access the Login Administration form by entering the add login command. The 3- to 6-character login name (numbers 0 to 9, characters a to z or A to Z) you entered is displayed in the Login’s Name field.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-14 Administering Customer Logins and Forced Password Aging D 2. Enter your superuser password in the Password of Login Making Change field. 3. Enter customer in the Login Type field. The system default for this field is customer. The maximum number of customer logins of all types is 11. 4. Enter superuser or nonsuperuser in the Service Level field. 5. Enter y in the Disable Following a Security Violation field to disable a login following a login security threshold violation. This field is a dynamic field and only appears on the Login Administration form when the SVN Login Violation Notification feature is enabled. The system default for this field isy. 6. For G3V4 only, enter y or n in the Access to INADS Port? field to specify whether the customer login will be accessible through the INADS remote administration port. The system default for this field is n. This field is a dynamic field and only appears on the Login Administration form if the Login Type field is set to “customer,” and the Customer Access to INADS Port field (on the change system-parameters maintenance form) is set toy. NOTE: In DEFINITY G3V4, the Lucent Technologies login must be through the INADS port. 7. Enter a password for the new login in the Login’s Password field. A password must be 4 to 11 characters and contain at least one alphabetic and one numeric symbol; valid characters include numbers, and the following symbols: ! & * ? ; ’ ^ ( ) , : - @ # $ % . The system does not echo the password to the screen as you type. 8. Re-enter the password in the Re-enter Login’s Password field. The system does not echo the password to the screen as you type. 9. In the Password Aging Cycle Length field, enter the number of days (from the current day) when you wish the password to expire. If a blank is entered in this field, password aging will not apply to the specified login. Valid entries are from 1 to 99 days or a blank. When a login password is within seven days or less from the expiration date, a warning message is displayed when the user logs in: WARNING: your password will expire in xx days. 10. For DEFINITY G3V4 only, enter y or n in the Facility Test Call Notification? field to specify whether this login will be notified in the event that Facility Test Call feature is used. The system default for this field is y. 11. If y was entered in step 12, enter y or n in the Acknowledgment Required? field to specify whether acknowledgment of the notification is required before logoff is permitted. The system default for this field is y. This field is a dynamic field and only appears on the Login Administration form if the Facility Test Call Notification? field is set to y.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-15 Administering Customer Logins and Forced Password Aging D 12. For DEFINITY G3V4 only, enter y or n in the Remote Access Notification? field to specify whether this login will be notified in the event that Remote Access is used. The system default for this field is y. 13. If y was entered in step 12, enter y or n in the Acknowledgment Required? field to specify whether acknowledgment of the notification is required before logoff is permitted. The system default for this field is y. This field is a dynamic field and only appears on the Login Administration form if the Remote Access Notification? field is set to y. Changing a Login’s Attributes To change a customer login’s attributes, you must be a superuser, have administrative permissions, and do the following: 1. Access the Login Administration form by entering the change login command. The 3- to 6-character login name (numbers 0 to 9, characters a to z or A to Z) you entered is displayed in the Login’s Name field. 2. Enter your superuser password in the Password of Login Making Change field. 3. Enter customer in the Login Type field. The system default for this field is customer. The maximum number of customer logins of all types is 11. 4. Enter superuser or nonsuperuser in the Service Level field. 5. Enter y in the Disable Following a Security Violation field to disable a login following a login security threshold violation. This field is a dynamic field and will only appear on the Login Administration form when the SVN Login Violation Notification feature is enabled. The system default for this field isy. 6. Enter a password for the new login in the Login’s Password field. A password must be 4 to 11 characters and contain at least 1 alphabetic and 1 numeric symbol; valid characters include numbers, and the following symbols: ! & * ? ; ’ ^ ( ) , : - . The system will not echo the password to the screen as you type. 7. Re-enter the password in the Re-enter Login’s Password field. The system will not echo the password to the screen as you type. 8. In the Password Aging Cycle Length field, enter the number of days (from the current day) when you wish the password to expire. If a blank is entered in this field, password aging will not apply to the specified login. Valid entries are from 1 to 99 days or a blank. When a login password is within seven days or less from the expiration date, a warning message is displayed when the user logs in: WARNING: your password will expire in xx days.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-16 Administering Customer Logins and Forced Password Aging D Administering Login Command Permissions Users with superuser permissions can set the permissions of the logins they create by means of the Command Permissions Categories form. The DEFINITY commands for G3V3 and later releases, which include the DEFINITY ECS, are divided into three categories: 1. Common Commands 2. Administration Commands 3. Maintenance Commands Each category has subcategories that, when set to y, give permission to use the commands sets associated with that category. When the Command Permissions Categories form is displayed for a login, the subcategory fields appear with the fields set to give the login full permissions for that login type. The superuser administering login permissions can set any fields to deny access to a command category for the specified login. To administer command permissions, log in as superuser and do the following: 1. Enter change permissions login to access the Command Permissions Categories form. When the form is displayed for a login, the default permissions for that login type appear on the form. The superuser administering the login may change a y to an n for each subcategory field on the form. 2. Select a category for the login and enter y in each field where permission to perform an administrative or maintenance action is needed. The command object you select must be within the permissions for the login type you are administering. If the Maintenance option is set to y on the Customer Options form, the superuser may enter y in the Maintain Switch Circuit Packs or Maintain Process Circuit Packs fields. 3. A superuser with full superuser permissions can restrict additional administrative or maintenance actions for a specified login by entering y in the Additional Restrictions field on the Command Permission Categories form. (A superuser administering the login must not have the Additional Restrictions field set to y for his/her own login.) 4. Enter the additional restrictions for a login in the Restricted Object List field on the Command Permission Categories Restricted Object List form. You may enter up to 40 command names (object names) to block actions associated with a command category for a specified login. You may enter two pages of commands (objects) to be restricted (20 commands per page, for a total of 40 commands per login).
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS Page D-17 Administering the Security Violations Reports D Display a Specified Login To display a specified login, enter the command display login . The system displays the specified login’s service level, status, and password aging cycle length. List Logins To list all of the system logins and the status of each login, enter the command list login. The system displays a list of all current logins and their service level, status, and password aging cycle length. Remove a Login To remove a login from the system, enter the command remove login . The system displays the Login Administration form. Press to remove the login, or select to exit the remove login procedure without making a change. Administering the Security Violations Reports The Security Violations reports provide current status information for invalid login or Remote Access (barrier code) or authorization code attempts. The following Security Violations reports are available: nLogin Violations nRemote Access Barrier Code Violations nAuthorization Code Violations nStation Security Code (SSC) Violations NOTE: Station Security Codes are used with the Personal Station Access feature and the Extended User Administration of Redirected Calls feature. The data displayed in these reports is updated at 30 second intervals. A total of 16 entries are maintained for each type of violation. The oldest information is overwritten by the new entries at each 30-second update. To access the Security Violations reports, enter the monitor security-violations command, where report name is either login, remote-access, or authorization-code. Return Cancel