Home > Lucent Technologies > Communications System > Lucent Technologies BCS Products Security Handbook Instructions Manual

Lucent Technologies BCS Products Security Handbook Instructions Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Lucent Technologies BCS Products Security Handbook Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Product Security Checklists 
    Page H-39 MERLIN MAIL R3 Voice Messaging System 
    H
    Login attempts before warning 
    message < 6
    Login attempts before mailbox 
    lockout < 6
    Outcalling privileges not assigned 
    or assigned only to those requiring 
    them
    MERLIN LEGEND 
    Communications System voice mail 
    port(s) outward restricted (FRL 0) if 
    no outcalling
    MERLIN LEGEND 
    Communications System voice mail 
    port(s) used for outcalling 
    restricted via allow list to specific 
    areas if outcalling is needed. All 
    other MERLIN LEGEND 
    Communications System voice mail 
    ports outward restricted.
    On MERLIN LEGEND 
    Communications System, create 
    disallow list containing 0, 011, 10, 
    700, 800, 1800, 809, 1809, 411, 
    1411, 900, and 9999. All MERLIN 
    LEGEND Communications System 
    voice mail ports assigned to this list.
    Remote Call Forwarding used only 
    with trunks that provide reliable 
    disconnect (such as ground-start)
    Automated Attendant
    No pooled facility access codes 
    translated on menus
    No ARS codes translated on menus
    Table H-14.MERLIN MAIL R3 Voice Messaging System — Continued
    Y/N1Note N/A 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Product Security Checklists 
    Page H-40 MERLIN MAIL R3 Voice Messaging System 
    H
    1.If “NO” (N), provide Note reference number and explain.
    Remote call forwarding used offnet 
    only with trunks that provide reliable 
    disconnect (for example, 
    ground-start)
    End User Education
    Passwords changed from default 
    for new subscribers
    Passwords are difficult to guess
    Passwords are changed quarterly
    Table H-14.MERLIN MAIL R3 Voice Messaging System — Continued
    Y/N1Note N/A 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Product Security Checklists 
    Page H-41 MERLIN Plus Communications System 
    H
    MERLIN Plus Communications 
    System
    Also see the general security checklist on page H-3, and the security checklist for 
    any attached adjuncts.
    1.If “NO” (N), provide Note reference number and explain.
    Customer: _________________________________________
    Location: _________________________________________
    PBX Type: _________________________________________
    New Install: _________________________________________
    System Upgrade: _________________________________________
    Major Addition: _________________________________________
    Table H-15. MERLIN Plus Communications System
    Y/N
    1Note N/A
    System Features
    900, 976 calls blocked
    Operator calls restricted
    011/LD calls limited by FRLs
    Restrict remote call forwarding 
    (MERLIN Plus Communications 
    System R2 only) to those with need
    Implement “Automatic Timeout” 
    feature for remote call forwarding 
    (MERLIN Plus Communications 
    System R2 only)
    Product Monitoring
    SMDR reports monitored daily 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Product Security Checklists 
    Page H-42 Multimedia Communications Exchange Server 
    H
    Multimedia Communications 
    Exchange Server
    Also see the general security checklist on page H-3.
    1.If “NO” (N), provide Note reference number and explain.
    Customer: _________________________________________
    System & Version: _________________________________________
    Location: _________________________________________
    New Install: _________________________________________
    System Upgrade: _________________________________________
    Major Addition: _________________________________________
    Table H-16. Multimedia Communications Exchange Server
    Y/N
    1Note N/A
    System Administration
    Root password changed from default
    Administration login(s) password 
    secured
    Remote Maintenance Access
    Remote Maintenance (RMB) 
    installed
    RMB telephone number is 
    unpublished
    System Features
    Administered licensed number of 
    users
    Audit log advised to be checked daily 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Product Security Checklists 
    Page H-43 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System 
    H
    Multipoint Conferencing Unit
    (MCU)/Conference Reservation and
    Control System (CRCS)
    Also see the general security checklist on page H-3.
    Customer: _________________________________________
    Location: _________________________________________
    MSM SW Version 
    and Install Date:
    ________________________________________
    ESM SW Version 
    and Install Date:
    _________________________________________
    CRCS SW Version 
    and Install Date:
    _________________________________________
    CRCS is 
    Single-User or 
    Multi-User?_________________________________________
    Table H-17. MCU/CRCS 
    Y/N
    1Note N/A
    Physical Security
    MCU room and wiring closets 
    locked
    All equipment documentation 
    secured
    CRCS secured at night
    MCU Local and Remote 
    administration equipment secured
    Remote Port Security Devices 
    (RPSD) installed
    Call logs and printed reports 
    secured 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Product Security Checklists 
    Page H-44 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System 
    H
    1.If “NO” (N), provide Note reference number and explain
    Customer Education
    System manager/administrator has 
    copy of Security Handbook/Toll 
    Fraud Overview
    System security policy established 
    and distributed
    System security policy reviewed 
    periodically
    Security policy included in new-hire 
    orientation
    Employees know how to detect 
    potential toll fraud
    Employees know where to report 
    suspected toll fraud
    Authorization codes not sequential
    Remote access phone number(s) 
    not published
    Barrier codes and passwords are 
    chosen to be difficult to guess
    Barrier codes, passwords (including 
    ESM and CRCS) and authorization 
    codes are removed/changed when 
    employees are terminated
    Authorization codes, account 
    codes, and passwords are not 
    written down or translated on 
    auto-dial buttons
    HackerTracker thresholds 
    established
    Social Engineering explained
    MCU Product Checksheets Attached: (Check all that apply)
    (__) Multimedia Server Module (MSM)
    (__) Expansion Services Module (ESM)
    (__) Conference Reservation and Control System (CRCS)
    Table H-17.MCU/CRCS  — Continued
    Y/N
    1Note N/A 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Product Security Checklists 
    Page H-45 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System 
    H
    ESM Security Checklist
    NOTE:
    See the appropriate security checklist for the host MSM.
    Customer: _________________________________________
    ESM Type: _________________________________________
    Location: _________________________________________
    New Install: _________________________________________
    System Upgrade: _________________________________________
    Major Addition: _________________________________________
    Table H-18. ESM 
    Y/N
    1Note N/A
    System Administration
    Root Login changed from default
    All other UNIX login passwords 
    changed (INADS)
    Remote Maintenance Access
    Remote Maintenance Board (RMB) 
    installed (if NO, skip to “Using 
    External Modem...”)
    nRMB (INADS) telephone 
    number unpublished
    nLevel 1 and Level 2 passwords 
    protected
    nLevel 1 and Level 2 passwords 
    changed from default
    Using external Modem off COM2 
    rather than RMB
    nBusy lamp on modem port
    nModem dial-up password 
    administered 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Product Security Checklists 
    Page H-46 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System 
    H
    1.If “NO” (N), provide Note reference number and explain.
    System Features
    Administered UNIX license number 
    of system
    Periodic reboot advised to be 
    enabled
    Host MSM 
    (See checklist for the host MSM)
    Table H-18.ESM  — Continued
    Y/N
    1Note N/A 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Product Security Checklists 
    Page H-47 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System 
    H
    CRCS Security Checklist
    Customer: _________________________________________
    CRCS Type: _________________________________________
    Location: _________________________________________
    New Install: _________________________________________
    System Upgrade: _________________________________________
    Port Additions: _________________________________________
    Table H-19. CRCS 
    Y/N
    1Note N/A
    System Administration
    Is CRCS type Single User (SU) or 
    Multi-User (MU)?
    Is the proper serial number 
    assigned to the system?
    System Administrator password 
    changed to a maximum-length, 
    difficult-to-guess value
    Client Administrator(s) passwords 
    changed (MU only) to a maximum 
    length, difficult to guess value
    Forced password change for new 
    clients (MU only)
    System Features
    Login attempts before warning 
    message < 6 (R3 only)
    Outcalling privileges not assigned, 
    or assigned only to those requiring 
    them 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Product Security Checklists 
    Page H-48 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System 
    H
    MSM Security Checklist
    See the appropriate security checklist for the attached ESM or CRCS.
    1.If “NO” (N), provide Note reference number and explain.
    End User Education
    Passwords changed for new 
    subscribers
    Passwords are difficult to guess
    Passwords are changed quarterly
    Customer: _________________________________________
    System & Version: _________________________________________
    Location: _________________________________________
    New Install: _________________________________________
    System Upgrade: _________________________________________
    Major Addition: _________________________________________
    Table H-20. MSM 
    Y/N
    1Note N/A
    System Administration
    Customer advised of all logins under their 
    control. Passwords changed from factory 
    defaults.
    Passwords are customer-entered, 
    maximum length, unique alphanumeric 
    words.
    NETCON access restricted by 
    COR-to-COR restrictions.
    Table H-19.CRCS  — Continued
    Y/N
    1Note N/A 
    						
    All Lucent Technologies manuals Comments (0)

    Related Manuals for Lucent Technologies BCS Products Security Handbook Instructions Manual