Home > Lucent Technologies > Communications System > Lucent Technologies BCS Products Security Handbook Instructions Manual

Lucent Technologies BCS Products Security Handbook Instructions Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Lucent Technologies BCS Products Security Handbook Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS 
    Page D-9 Administering the SVN Feature 
    D
    nAnnouncement Extension
    Enter an extension that is assigned to an SVN authorization code 
    announcement. The announcement must be recorded for the SVN 
    referral call to be made. A repeating announcement is suggested, 
    especially if the SVN referral call might go to an answering machine. 
    3.Administer an “asvn-halt” button on any station/attendant console. The 
    location of the SVN button can be determined by entering the display 
    svn-button-location command. Activation of this button stops the 
    placement of authorization code referral calls until the button is 
    deactivated.
    Administering the Station Security Code 
    Component
    Page 2 of the Security-Related System Parameters form allows the user to 
    administer parameters relevant to Station Security Codes. This page appears only 
    for Release 5 versions or later of G3. To administer parameters for Station 
    Security Codes, do the following:
    1. Access the Security-Related System Parameters form by entering the 
    change system-parameters security command from the command line 
    interface.
    2. Populate the following fields:
    nMinimum Station Security Code Length
    Enter a minimum Station Security Code length (3 through 8). This 
    value is used to verify all subsequent security code changes; 
    however, any existing security codes are assumed to be valid. 
    Default is 4.
    nSVN Station Security Code Violation Notification Enabled?
    Activate (by entering y) or deactivate (by entering n) the security 
    violation notification for Station Security Codes. Default is n.
    nOriginating Extension
    This is a dynamic field that is displayed only whenever the “SVN 
    Station Security Code Violation Enabled” field is set to y. Whenever 
    a Station Security Code Security Violation Notification Referral call 
    is made, the extension in this field is internally the originating 
    extension. It has no other significance than that it is not available for 
    use as a normal extension. Enter any unassigned extension 
    containing five digits.
    nReferral Destination
    This is a dynamic field that is displayed only whenever the “SVN 
    Station Security Code Violation Notification Enabled” field is set to y. 
    Whenever a Station Security Code SVN Referral call is made, it is 
    made either to the extension (if provided) in this field or to the  
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS 
    Page D-10 Administering the SVN Feature 
    D
    attendant (if the field contains attd). If the destination is a station, 
    and if the “Announcement Extension” field is set to blank, the 
    destination must be equipped with a display module. Enter one of 
    the following: an assigned extension containing 5 digits or attd for 
    attendant.
    nStation Security Code Threshold
    This value in this field functions in conjunction with the value in the 
    “Time Interval” field. The value in the former field indicates a 
    noteworthy count of invalid attempts in using Station Security Codes 
    which, if exceeded within the time period indicated in the latter field, 
    constitutes a security violation. Whenever this occurs, a Station 
    Security Code Violation Notification Referral call is made. Also, 
    invalid attempts are logged, but they are ignored unless the count of 
    such attempts exceeds the administered threshold. This is a 
    dynamic field that is displayed only whenever the “SVN Station 
    Security Code Violation Notification Enabled” field is set to y. Enter a 
    number between 1 and 255. Default is 10.
    nTime Interval
    This value in this field functions in conjunction with the value in the 
    “Station Security Code Threshold” field. The value in the latter field 
    indicates a noteworthy count of invalid attempts in using Station 
    Security Codes which, if exceeded within the time period indicated 
    in the former field, constitutes a security violation. Whenever this 
    occurs, a Station Security Code Violation Notification Referral call is 
    made (unless this capability has been suppressed). This is a 
    dynamic field that is displayed only whenever the “SVN Station 
    Security Code Violation Notification Enabled” field is set to y. Enter a 
    value from 0:01 to 7:59. The first digit represents the hour, and the 
    second and third digits represent the minutes. Default is 0:03.
    nAnnouncement Extension
    This field contains an extension corresponding to a recorded 
    announcement that is to be played whenever a Station Security 
    Code SVN Referral call is made. This allows the referral destination 
    to be a phone without a display. This is a dynamic field that is 
    displayed whenever the corresponding “SVN Violation Notification 
    Enabled” field is set to y. Enter a 5-digit extension to be assigned to 
    the appropriate announcement. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS 
    Page D-11 Administering Barrier Code Aging 
    D
    Administering Barrier Code Aging
    To administer Barrier Code Aging, do the following:
    1. Log in with the proper permissions and display the Remote Access form by 
    entering the command change remote access. 
    2. Once the Remote Access form is displayed, administer Remote 
    Access/Barrier Code Aging by filling in the following fields: 
    nRemote Access Extension 
    Enter an extension number (not a VDN extension) for Remote 
    Access. This extension is associated with each trunk that supports 
    the Remote Access feature. The default for this field is blank.
    The Remote Access extension is used as if it were a DID extension. 
    Only one DID extension may be assigned as the Remote Access 
    extension. Calls to that number are treated the same as calls on the 
    Remote Access trunk.
    When a trunk group is dedicated to Remote Access, the Remote 
    Access extension number is administered on the trunk group’s 
    incoming destination field.
    nBarrier Code Length 
    Enter the desired barrier code length (4 to 7 digits), or leave this field 
    blank indicating that a barrier code is not required. Assigning a 
    barrier code length of 7 provides maximum security.
    nAuthorization Code Required 
    Enter y if an authorization code must be dialed by Remote Access 
    users to access the system’s Remote Access facilities. The default 
    for this field is “n.” Use of an authorization code in conjunction with 
    barrier codes increases the security of the Remote Access feature.
    nRemote Access Dial Tone 
    This field appears on the form if the Authorization Code Required 
    field has been set to yes. Enter y in this field if Remote Access dial 
    tone is required as a prompt to the user. For maximum security do 
    not use Authorization Code dial tone.
    nBarrier Code
    Assign a barrier code that conforms to the number entered in the 
    barrier code length field. All codes must be 4- to 7-digits. The code 
    can be any combination of the digits 0 through 9. 
    If the Barrier Code length field is blank, the first barrier code field 
    must be specified as none. Duplicate entries are not allowed. The 
    system default for this field is a blank. Assign a 7-digit number in this 
    field for maximum security. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS 
    Page D-12 Administering Barrier Code Aging 
    D
    nClass of Restriction (COR) 
    Enter the COR (0 through 95) associated with the barrier code that 
    defines the call restriction features. The default for this field is 1. 
    Assigning the most restrictive COR that will provide only the level of 
    service required will provided the maximum security.
    nClass of Service (COS)
    Enter the COS (0 through 15) associated with the barrier code that 
    defines access permissions for call processing features. The system 
    default for this field is 1. Assigning the most restrictive COS that will 
    provide only the level of service required will provide the maximum 
    security.
    nExpiration Date
    Assign an expiration date based on the expected length of time the 
    barrier code will be needed. Enter the date the Remote Access 
    barrier code will expire. Valid entries are a date greater than the 
    current date or a blank. The default is the following day’s date. If you 
    expect the barrier code to be used for a two-week period, assign a 
    date two weeks from the current date. If the Expiration Date is 
    assigned, a warning message will be displayed on the system 
    copyright screen seven days prior to the expiration date, indicating 
    that a barrier code is due to expire. The system administer may 
    modify the expiration date to extend the time interval if needed.
    nNo. of Calls
    This field specifies the number of Remote Access calls that can be 
    placed using the associated barrier code. Valid entries are any 
    number from 1 to 9999, or a blank. The default is one call. The 
    Expiration Date field and No. of Calls field can be used 
    independently or, to provide maximum security, they can be used in 
    conjunction with each other. If both the Expiration Date and No. of 
    Calls fields are assigned, the corresponding barrier code will expire 
    when the first of these criteria is satisfied.
    nCalls Used
    This field is a display-only field that specifies the number of calls that 
    have been placed using the corresponding barrier code. The Calls 
    Used field is incremented each time a barrier code is successfully 
    used to access the Remote Access feature. 
    NOTE:
    A usage that exceeds the expected rate may indicate improper 
    use.
    nPermanently Disable
    A y entered in this field will permanently disable the Remote Access 
    feature. The Remote Access form will no longer be accessible. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS 
    Page D-13 Administering Customer Logins and Forced Password Aging 
    D
    nDisable following a Security Violation? 
    A y entered in this field will disable the Remote Access feature 
    following a Remote Access security violation. The system 
    administrator may re-enable Remote Access with the enable 
    remote access command. 
    Administering Customer Logins and
    Forced Password Aging
    This section contains the following subsections:
    1. Adding Customer Logins and Assigning Initial Password
    2.Changing a Login’s Attributes
    3. Administering Login Command Permissions
    Adding Customer Logins and Assigning Initial
    Password
    For DEFINITY G3V3 and later releases, which includes DEFINITY ECS, the two 
    types of customer logins are:
    nsuperuser—Provides access to the add, change, display, list, and 
    remove commands for all customer logins and passwords. 
    The superuser can administer any mix of superuser/nonsuperuser logins 
    up to ten system logins.
    nnonsuperuser—Limits permissions according to restrictions specified by 
    the superuser when administering the nonsuperuser login. 
    A nonsuperuser may change his/her password with permission set by the 
    superuser; however, once a password has been changed, the 
    nonsuperuser must wait 24 hours before changing the password again. 
    The superuser may administer up to ten nonsuperuser logins.
    To add a customer login you must be a superuser, have administrative 
    permissions, and follow these steps:
    NOTE:
    Always use your own unique login — never a Lucent Technologies customer 
    login or variation thereof (for example, “cust,” “rcust,” “cust1,” “rcust1,” etc.).
    1. Access the Login Administration form by entering the add login  
    command.
    The 3- to 6-character login name (numbers 0 to 9, characters a to z or 
    A to Z) you entered is displayed in the Login’s Name field. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS 
    Page D-14 Administering Customer Logins and Forced Password Aging 
    D
    2. Enter your superuser password in the Password of Login Making Change 
    field. 
    3. Enter customer in the Login Type field. The system default for this field is 
    customer. The maximum number of customer logins of all types is 11.
    4. Enter superuser or nonsuperuser in the Service Level field. 
    5. Enter y in the Disable Following a Security Violation field to disable a login 
    following a login security threshold violation. This field is a dynamic field 
    and only appears on the Login Administration form when the SVN Login 
    Violation Notification feature is enabled. The system default for this field 
    isy.
    6. For G3V4 only, enter y or n in the Access to INADS Port? field to specify 
    whether the customer login will be accessible through the INADS remote 
    administration port. The system default for this field is n. This field is a 
    dynamic field and only appears on the Login Administration form if the 
    Login Type field is set to “customer,” and the Customer Access to INADS 
    Port field (on the change system-parameters maintenance form) is 
    set toy.
    NOTE:
    In DEFINITY G3V4, the Lucent Technologies login must be through 
    the INADS port.
    7. Enter a password for the new login in the Login’s Password field. A 
    password must be 4 to 11 characters and contain at least one alphabetic 
    and one numeric symbol; valid characters include numbers, and the 
    following symbols: ! & * ? ; ’ ^ ( ) , : - @ # $ % .
    The system does not echo the password to the screen as you type.
    8. Re-enter the password in the Re-enter Login’s Password field. The system 
    does not echo the password to the screen as you type.
    9. In the Password Aging Cycle Length field, enter the number of days (from 
    the current day) when you wish the password to expire. If a blank is 
    entered in this field, password aging will not apply to the specified login. 
    Valid entries are from 1 to 99 days or a blank. When a login password is 
    within seven days or less from the expiration date, a warning message is 
    displayed when the user logs in: 
    WARNING: your password will expire in xx days.
    10. For DEFINITY G3V4 only, enter y or n in the Facility Test Call Notification? 
    field to specify whether this login will be notified in the event that Facility 
    Test Call feature is used. The system default for this field is y.
    11. If y was entered in step 12, enter y or n in the Acknowledgment Required? 
    field to specify whether acknowledgment of the notification is required 
    before logoff is permitted. The system default for this field is y. This field is 
    a dynamic field and only appears on the Login Administration form if the 
    Facility Test Call Notification? field is set to y. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS 
    Page D-15 Administering Customer Logins and Forced Password Aging 
    D
    12. For DEFINITY G3V4 only, enter y or n in the Remote Access Notification? 
    field to specify whether this login will be notified in the event that Remote 
    Access is used. The system default for this field is y.
    13. If y was entered in step 12, enter y or n in the Acknowledgment Required? 
    field to specify whether acknowledgment of the notification is required 
    before logoff is permitted. The system default for this field is y. This field is 
    a dynamic field and only appears on the Login Administration form if the 
    Remote Access Notification? field is set to y.
    Changing a Login’s Attributes
    To change a customer login’s attributes, you must be a superuser, have 
    administrative permissions, and do the following:
    1. Access the Login Administration form by entering the change login 
     command.
    The 3- to 6-character login name (numbers 0 to 9, characters a to z or 
    A to Z) you entered is displayed in the Login’s Name field.
    2. Enter your superuser password in the Password of Login Making Change 
    field. 
    3. Enter customer in the Login Type field. The system default for this field is 
    customer. The maximum number of customer logins of all types is 11.
    4. Enter superuser or nonsuperuser in the Service Level field. 
    5. Enter y in the Disable Following a Security Violation field to disable a login 
    following a login security threshold violation. This field is a dynamic field 
    and will only appear on the Login Administration form when the SVN Login 
    Violation Notification feature is enabled. The system default for this field 
    isy.
    6. Enter a password for the new login in the Login’s Password field. A 
    password must be 4 to 11 characters and contain at least 1 alphabetic and 
    1 numeric symbol; valid characters include numbers, and the following 
    symbols: ! & * ? ; ’ ^ ( ) , : - .
    The system will not echo the password to the screen as you type.
    7. Re-enter the password in the Re-enter Login’s Password field. The system 
    will not echo the password to the screen as you type.
    8. In the Password Aging Cycle Length field, enter the number of days (from 
    the current day) when you wish the password to expire. If a blank is 
    entered in this field, password aging will not apply to the specified login. 
    Valid entries are from 1 to 99 days or a blank. When a login password is 
    within seven days or less from the expiration date, a warning message is 
    displayed when the user logs in:
    WARNING: your password will expire in xx days. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS 
    Page D-16 Administering Customer Logins and Forced Password Aging 
    D
    Administering Login Command Permissions
    Users with superuser permissions can set the permissions of the logins they 
    create by means of the Command Permissions Categories form. The DEFINITY 
    commands for G3V3 and later releases, which include the DEFINITY ECS, are 
    divided into three categories:
    1. Common Commands
    2. Administration Commands
    3. Maintenance Commands 
    Each category has subcategories that, when set to y, give permission to use the 
    commands sets associated with that category. When the Command Permissions 
    Categories form is displayed for a login, the subcategory fields appear with the 
    fields set to give the login full permissions for that login type. The superuser 
    administering login permissions can set any fields to deny access to a command 
    category for the specified login. 
    To administer command permissions, log in as superuser and do the following:
    1. Enter change permissions login  to access the Command 
    Permissions Categories form. When the form is displayed for a login, the 
    default permissions for that login type appear on the form. The superuser 
    administering the login may change a y to an n for each subcategory field 
    on the form.
    2. Select a category for the login and enter y in each field where permission 
    to perform an administrative or maintenance action is needed.
    The command object you select must be within the permissions for the 
    login type you are administering.
    If the Maintenance option is set to y on the Customer Options form, the 
    superuser may enter y in the Maintain Switch Circuit Packs or Maintain 
    Process Circuit Packs fields.
    3. A superuser with full superuser permissions can restrict additional 
    administrative or maintenance actions for a specified login by entering y in 
    the Additional Restrictions field on the Command Permission Categories 
    form. (A superuser administering the login must not have the Additional 
    Restrictions field set to y for his/her own login.)
    4. Enter the additional restrictions for a login in the Restricted Object List field 
    on the Command Permission Categories Restricted Object List form. You 
    may enter up to 40 command names (object names) to block actions 
    associated with a command category for a specified login. You may enter 
    two pages of commands (objects) to be restricted (20 commands per page, 
    for a total of 40 commands per login). 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS 
    Page D-17 Administering the Security Violations Reports 
    D
    Display a Specified Login
    To display a specified login, enter the command display login . 
    The system displays the specified login’s service level, status, and password 
    aging cycle length.
    List Logins
    To list all of the system logins and the status of each login, enter the command list 
    login. The system displays a list of all current logins and their service level, 
    status, and password aging cycle length.
    Remove a Login
    To remove a login from the system, enter the command remove login . The system displays the Login Administration form. Press   to 
    remove the login, or select   to exit the remove login procedure without 
    making a change.
    Administering the Security Violations 
    Reports
    The Security Violations reports provide current status information for invalid login 
    or Remote Access (barrier code) or authorization code attempts. The following 
    Security Violations reports are available:
    nLogin Violations
    nRemote Access Barrier Code Violations
    nAuthorization Code Violations
    nStation Security Code (SSC) Violations
    NOTE:
    Station Security Codes are used with the Personal Station Access 
    feature and the Extended User Administration of Redirected Calls 
    feature.
    The data displayed in these reports is updated at 30 second intervals. A total of 16 
    entries are maintained for each type of violation. The oldest information is 
    overwritten by the new entries at each 30-second update.
    To access the Security Violations reports, enter the monitor security-violations 
     command, where 
    report name is either login, remote-access, 
    or authorization-code.
    Return
    Cancel 
    						
    All Lucent Technologies manuals Comments (0)

    Related Manuals for Lucent Technologies BCS Products Security Handbook Instructions Manual