Home > Lucent Technologies > Communications System > Lucent Technologies BCS Products Security Handbook Instructions Manual

Lucent Technologies BCS Products Security Handbook Instructions Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Lucent Technologies BCS Products Security Handbook Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							Security Risks 
    Page 2-1 Overview 
    2
    BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    2
    2Security Risks
    Overview
    In order for your system to be secure against toll fraud, you need to address 
    access, egress, and system administration. This handbook addresses those 
    concerns. In addition, the risk of PBX-based toll fraud increases when any of the 
    following products and features are used:
    nRemote Access
    nAutomated Attendant
    nOther port security risks
    nVoice Messaging
    nAdministration and Maintenance Access
    nVectors associated with the DEFINITY ECS and DEFINITY 
    Communications Systems
    All these features offer benefits which allow companies to increase their 
    availability to their customers and the productivity of their workforce. However, this 
    chapter takes a look at these features from a different point-of-view: how can 
    these features, when combined with other outgoing features, such as dial access 
    to trunks, make a PBX system more vulnerable to toll fraud?
    The remainder of this chapter discusses general security measures you can take 
    to protect your system. Chapters 3 through 6 discuss the specific actions that help 
    prevent these features from being the target of unauthorized use. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Security Risks 
    Page 2-2 Remote Access 
    2
    Remote Access
    Remote Access, or Direct Inward System Access (DISA), permits callers from the 
    public network to access a customer premises equipment-based system to use its 
    features and services. Callers dial into the system using CO, FX, DID, or 800 
    service trunks.
    After accessing the feature, the user hears system dial tone, and, for system 
    security, may be required to dial a barrier code, depending on the system. If a 
    valid barrier code is dialed, the user again hears dial tone, and can place calls the 
    same as an on-premises user.
    For the DEFINITY ECS, DEFINITY G1 and G3, and for the System 75, incoming 
    calls are routed to a Remote Access extension. For DEFINITY G2 and System 85, 
    callers are connected to the Remote Access feature when they dial the number 
    for an incoming Remote Access trunk group.
    Different product releases have different restrictions, as follows. When a Remote 
    Access call is answered, the caller can be requested to enter either a barrier code 
    or an authorization code (the DEFINITY ECS, DEFINITY G1, G2.2 Issue 3.0 and 
    later), G3, and System 75 R1V3 can require both) before calls are processed. 
    When both maximum length barrier codes and authorization codes are required, 
    hackers need to decipher up to 14 digits to gain access to the feature.
    Hackers frequently call toll-free 800 numbers to enter customer premises 
    equipment-based PBX systems so that they do not pay for the inbound calls. After 
    they are connected, hackers use random number generators and password 
    cracking programs to find a combination of numbers that gives them access to an 
    outside facility.
    Unprotected Remote Access numbers (those that do not require barrier codes or 
    authorization codes) are favorite targets of hackers. After being connected to the 
    system through the Remote Access feature, a hacker may make an unauthorized 
    call by simply dialing  and the telephone number. Even when the Remote 
    Access feature is protected, hackers try to decipher the codes. When the right 
    combination of digits is discovered (accidentally or otherwise), hackers can then 
    make and sell calls to the public.
    For these reasons, all switches in the network should be protected. Refer to 
    Chapter 3 for more information on Remote Access for the DEFINITY ECS, 
    DEFINITY Communications Systems, System 75, and System 85. Refer to 
    Chapter 4 for more information on Remote Access for the MERLIN II, MERLIN 
    LEGEND, MERLIN Plus, PARTNER II, PARTNER Plus, and System 25 
    Communications Systems.
    9 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Security Risks 
    Page 2-3 Automated Attendant 
    2
    Automated Attendant
    Automated attendant systems direct calls to pre-designated stations by offering 
    callers a menu of available options. Automated attendant devices are connected 
    to a port on the main system and provide the necessary signaling to the switch 
    when a call is being transferred. When hackers connect to an automated 
    attendant system, they try to find a menu choice (even one that is unannounced) 
    that leads to an outside facility.
    Hackers also may try entering a portion of the toll number they are trying to call to 
    see if the automated attendant system passes the digits directly to the switch. To 
    do this, the hacker matches the length of a valid extension number by dialing only 
    a portion of the long distance telephone number. For example, if extension 
    numbers are four digits long, the hacker enters the first four digits of the long 
    distance number. After the automated attendant sends those numbers to the 
    switch and disconnects from the call, the hacker provides the switch with the 
    remaining digits of the number.
    Many voice messaging systems incorporate automated attendant features. The 
    security risks associated with automated attendant systems are common to voice 
    messaging systems as well. Refer to Chapter 6 for more information on securing 
    automated attendant systems.
    Other Port Security Risks
    Many of the security risks from voice mail, Remote Access, and automated 
    attendant arise from allowing incoming callers to access outside facilities. 
    However, there are other endpoints within your system that should also be denied 
    to incoming callers. Many of these endpoints can be dialed as internal calls within 
    the system, and can be reached from either voice mail, auto attendant, or Remote 
    Access.
    For example, the NETCON (Network Control) data channels provide internal 
    access to the system management capabilities of the system and can be reached 
    on a call transfer from an AUDIX Voice Mail System if not protected by appropriate 
    restrictions. [See ‘‘
    Increasing Product Access (Port) Security’’ on page 2-6.] Any 
    features or endpoints that can be dialed, but are to be denied to incoming callers, 
    should be placed in restriction groups that cannot be reached from the incoming 
    facility or from endpoints that could transfer a call.
    Sophisticated modems being used today, if not protected, offer incoming callers 
    the ability to remotely request the modem to flash switch-hook, returning second 
    dial tone to the incoming caller. Modem pool ports need to be appropriately 
    protected or otherwise denied access to second (recall) dial tone. Outgoing-only 
    modem pools are at risk if they can be dialed as extensions from any of the 
    remote access or voice mail ports as in the example above. (See ‘‘
    Recall 
    Signaling (Switchhook Flash)’’ on page 3-17.) 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Security Risks 
    Page 2-4 Voice Messaging Systems 
    2
    Voice Messaging Systems
    Voice messaging systems provide a variety of voice messaging applications; 
    operating similarly to an electronic answering machine. Callers can leave 
    messages for employees (subscribers) who have voice mailboxes assigned to 
    them. Subscribers can play, forward, save, repeat, and delete the messages in 
    their mailboxes. Many voice messaging systems allow callers to transfer out of 
    voice mailboxes and back into the PBX system. When hackers connect to the 
    voice messaging system, they try to enter digits that connect them to an outside 
    facility. For example, hackers enter a transfer command (the AUDIX Voice Mail 
    System uses  ), followed by an outgoing trunk access number for an outside 
    trunk. Most hackers do not realize how they gained access to an outside facility; 
    they only need to know the right combination of digits. See Chapter 5 for 
    information on securing your voice messaging system.
    Sometimes hackers are not even looking for an outside facility. They enter a voice 
    messaging system to find unassigned voice mailboxes. When they are 
    successful, they assign the mailboxes to themselves, relatives, and friends, and 
    use them to exchange toll-free messages. Hackers can even use cellular phones 
    to break into voice mailboxes. (See ‘‘
    Protecting Voice Messaging Systems’’ on 
    page 5-2.) In addition, unauthorized access to voice messaging systems can 
    allow hackers to access the switch and change administration data. See 
    ‘‘
    Increasing Product Access (Port) Security’’ on page 2-6.
    Administration / Maintenance Access
    Expert toll hackers target the administration and maintenance capabilities of 
    customer premises equipment-based systems. Once criminals gain access to the 
    administration port, they are able to change system features and parameters so 
    that fraudulent calls can be made. The following measures can be taken to 
    prevent high level access to system administration.
    Passwords
    Changing Default Passwords
    To simplify initial setup and allow for immediate operation, either the switch and 
    adjuncts are assigned default administration passwords, or passwords are 
    disabled, depending on the date of installation. Hackers who have obtained 
    copies of customer premises equipment-based and adjunct system 
    documentation circulate the known default passwords to try to gain entry into 
    systems. To date, the vast majority of hacker access to maintenance ports has 
    been through default customer passwords. Be sure to change or void all default 
    passwords to end this opportunity for hackers. 
    *T 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Security Risks 
    Page 2-5 Administration / Maintenance Access 
    2
    The following is a list of customer logins for systems in this handbook that provide 
    login capabilities. For information on password parameters, see the applicable 
    system chapter. For information on how to change passwords, see Appendix E.
    nAUDIX Voice Mail System: cust
    nAUDIX Voice Power System: audix (or is on the Integrated 
    Solution-equipped system)
    nDEFINITY AUDIX System: cust
    nDEFINITY ECS, DEFINITY G1, G3V1, G3V2, and System 75: cust, rcust, 
    bcms1, browse*, NMS*
    nLucent Technologies INTUITY System: sa, vm
    nMERLIN LEGEND Communications System: admin on Integrated Voice 
    Response platform-supported systems
    nMERLIN MAIL and MERLIN MAIL-ML Voice Messaging Systems: 1234
    nPARTNER MAIL and PARTNER MAIL VS Systems: 1234
    nSystem 25: systemx5
    Choosing Passwords
    Follow the guidelines listed below when choosing passwords.
    nPasswords should be as long as allowed. See the section specific to your 
    system for maximum password length information.
    nPasswords should be hard to guess and should not contain:
    — all the same characters (for example, 1111, xxxx)
    — sequential characters (for example, 1234, abcd)
    — character strings that can be associated with you or your business, 
    such as your name, birthday, business name, phone number, or 
    social security number
    — words and commonly-used names. Many of the war dialers used by 
    hackers are programmed to try all of the names from books listing 
    potential baby names. In one documented case, the contents of an 
    entire dictionary were used to try and crack passwords.
    nPasswords should use as great a variety of characters as possible. For 
    example, if both numbers and letters are permitted, the password should 
    contain both.
    nPasswords should be changed regularly, at least on a quarterly basis. 
    Recycling old passwords is not recommended.
    1. Not available in System 75 R1V1 (bcms is not available in System 75 at all.) 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Security Risks 
    Page 2-6 Administration / Maintenance Access 
    2
    Increasing Adjunct Access Security
    Since system adjuncts can be used to log in to otherwise “protected” systems, you 
    also should secure access to the following products:
    nG3 Management Applications (G3-MA)
    nCSM (Centralized System Management)
    nCMS (Call Management System)
    nManager III/IV
    nTrouble Tracker
    nVMAAP
    Logins and passwords should be changed and managed in the same manner as 
    the system being managed (for example, the switch or the AUDIX Voice Mail 
    System). See ‘‘
    Administration Security’’ on page 3-47 for additional information.
    Increasing Product Access (Port) Security
    You need to protect your security measures from being changed by the hacker 
    who gains access to the administration or maintenance ports of your customer 
    premises equipment-based system or its adjuncts. See ‘‘
    Logins for INADS Port’’ 
    on page 3-47.
    If you use PC-based emulation programs to access administration capabilities, 
    never store dial-up numbers, logins, or passwords as part of an automatically 
    executed script.
    For greater security, you may want to purchase and use the optional Remote Port 
    Security Device (RPSD). The RPSD consists of two modem-sized devices, a lock, 
    installed on the receiving modem (for example, at the PBX), and a Key, which is 
    placed on the originating modem (for example, at the remote administration 
    terminal). The lock and key must match before a communications pathway is 
    opened. Refer to Appendix G for more information.
    Another area that may be vulnerable to toll fraud is the System 75 and the 
    DEFINITY ECS, DEFINITY G1 and G3 (except G3r) NETCON data channel — 
    the internal extension number that can be used for administration and 
    maintenance access. If the NETCON data channel is not restricted, a hacker can 
    do a valid transfer from the voice mail port (or other ports in the system) to the 
    network extension, get dial tone, and connect to and log into the administrative 
    port, bypassing any port protection device, such as an RPSD. In a modem pool or 
    NETCON modem installation, this would permit a hacker to transfer to a NETCON 
    extension, get data tone, and get a login prompt. In a modem pool installation, this 
    would also permit the hacker to transfer out to make toll calls.
    Use COR-to-COR restrictions to restrict stations from calling the NETCON so that 
    only CORs allowed to access the maintenance port are able to do so. For  
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Security Risks 
    Page 2-7 General Security Measures 
    2
    example, if voice mail extensions have a COR of 9, and extensions assigned to 
    NETCON channels have a COR of 2, ensure that COR 9 does not have access to 
    COR 2. Anyone not authorized to use the NETCON channel should not be able to 
    access it.
    NOTE:
    To determine how the NETCON channels have been assigned, use the list 
    data module command. The output from this command identifies the 
    modules in your system. If NETCON extensions are administered, they will 
    be listed as NETCON, along with the four 3- or 4-digit extension numbers 
    associated with the data channel(s).
    NOTE:
    NETCON extensions may also be contained in a hunt group. If list data 
    module does not list the NETCON extensions, use list hunt group to see if 
    the NETCON data channels are in a hunt group.
    NOTE:
    For verification purposes, you may also enter list data module 
    , if you think you know the extension that is associated with the 
    NETCON data channel. This command will list the COR, COS, Tenant 
    Number, and name of the data module (for example, NETCON, TDM) 
    associated with the extension you entered.
    In addition, the modem port used for voice mail maintenance or administrative 
    access is often a switch extension. It should be restricted in the same manner as 
    the NETCON channel.
    General Security Measures
    General security measures can be taken systemwide to discourage unauthorized 
    use.
    Educating Users
    Everyone in your company who uses the telephone system is responsible for 
    system security. Users and attendants need to be aware of how to recognize and 
    react to potential hacker activity. Informed people are more likely to cooperate 
    with security measures that often make the system less flexible and more difficult 
    to use.
    nNever program passwords or authorization codes onto auto dial buttons. 
    Display phones reveal the programmed numbers and internal abusers can 
    use the auto dial buttons to originate unauthorized calls.
    nDiscourage the practice of writing down passwords. If a password needs to 
    be written down, keep it in a secure place and never discard it while it is 
    active. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Security Risks 
    Page 2-8 General Security Measures 
    2
    nAttendants should tell their system manager if they answer a series of calls 
    where there is silence on the other end or the caller hangs up.
    nUsers who are assigned voice mailboxes should frequently change 
    personal passwords and should not choose obvious passwords (see 
    ‘‘
    Choosing Passwords’’ on page 2-5).
    nAdvise users with special telephone privileges (such as Remote Access, 
    voice mail outcalling, and call forwarding off-switch) of the potential risks 
    and responsibilities.
    nBe suspicious of any caller who claims to be with the telephone company 
    and wants to check an outside line. Ask for a callback number, hang up, 
    and confirm the caller’s identity.
    nNever distribute the office telephone directory to anyone outside the 
    company; be careful when discarding it.
    nNever accept collect phone calls.
    nNever discuss your telephone system’s numbering plan with anyone 
    outside the company.
    Establishing a Policy
    As a safeguard against toll fraud, follow these guidelines:
    nChange passwords frequently (at least quarterly). Set password expiration 
    times and tell users when the changes go into effect. Changing passwords 
    routinely on a specific date (such as the first of the month) helps users to 
    remember to do so.
    nEstablish well-controlled procedures for resetting passwords.
    nLimit the number of invalid attempts to access a voice mail to five or less.
    nMonitor access to the dial-up maintenance port. Change the access 
    password regularly and issue it only to authorized personnel. Consider 
    using the Remote Port Security Device. (Refer to Appendix G for additional 
    information.)
    nCreate a PBX system management policy concerning employee turnover 
    and include these actions:
    — Delete all unused voice mailboxes in the voice mail system. 
    — If an employee is terminated, immediately delete any voice 
    mailboxes belonging to that employee.
    — If a terminated employee had Remote Access calling privileges and 
    a personal authorization code, remove the authorization code 
    immediately. 
    — If barrier codes and/or authorization codes were shared by the 
    terminated employee, these should be changed immediately. Notify 
    the remaining users as well. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Security Risks 
    Page 2-9 Security Goals Tables 
    2
    — If the terminated employee had access to the system administration 
    interface, their login ID should be removed (G3V3 or later). Any 
    associated passwords should be changed immediately.
    nBack up system files regularly to ensure a timely recovery should it be 
    required. Schedule regular, off-site backups.
    Physical Security
    You should always limit access to the system console and supporting 
    documentation. The following are some recommendations:
    nKeep the attendant console and supporting documentation in an office that 
    is secured with a changeable combination lock. Provide the combination 
    only to those individuals having a real need to enter the office.
    nKeep telephone wiring closets and equipment rooms locked.
    nKeep telephone logs and printed reports in locations that only authorized 
    personnel can enter.
    nDesign distributed reports so they do not reveal password or trunk access 
    code information.
    Security Goals Tables
    The following tables list the security goals for each communications system, and 
    provide an overview of the methods and steps that are offered through the 
    switches to minimize the risk of unauthorized use of the system.
    nTable 2-1 on page 2-10 provides information for the DEFINITY ECS, 
    DEFINITY Communications Systems, System 75, and System 85.
    nTable 2-2 on page 2-13 provides information for the MERLIN II, MERLIN 
    LEGEND, MERLIN Plus, and System 25 Communications Systems.
    nTable 2-3 on page 2-16 provides information for the PARTNER II and 
    PARTNER Plus Communications Systems. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Security Risks 
    Page 2-10 Security Goals Tables 
    2
    Table 2-1. Security Goals: DEFINITY ECS, DEFINITY Communications 
    Systems, System 75 and System 85
    Security Goal Method Security Tool Steps
    Protect Remote 
    Access featureLimit access to 
    authorized usersBarrier codes Set to maximum 
    length 
    Set COR/COS
    Authorization 
    codesSet to maximum 
    length 
    Set FRL on COR
    Use VDNs to route 
    callsCall Vectoring (G2 
    and G3 only)Administer Call 
    Vectoring (G3 only)
    Use CORs to 
    restrict calling 
    privileges of VDNs
    Limit times when 
    Remote Access is 
    availableNight Service (G1, 
    G2, G3, and 
    System 75 only)Administer Night 
    Service
    Shared Trunk 
    Group (System 85 
    only)Assign shared 
    trunk group
    Suppress dial tone 
    after barrier code 
    enteredSuppress Remote 
    Access Dial Tone 
    — (G1, G3 and 
    System 75 R1V3 
    require the 
    concurrent use of 
    Authorization 
    codes)Turn off dial tone 
    (See Remote 
    Access form)
    Prevent 
    unauthorized 
    outgoing callsLimit calling area AAR/ARS Analysis Set FRL
    Set COR
    Digit Conversion 
    (G1, G2, G3, and 
    System 85 only)Administer digit 
    conversion
    Toll Analysis (G1, 
    G3, and System 
    75 only)Identify toll areas to 
    be restricted
    FRLs Limit access to 
    AAR/ARS route 
    patterns by setting 
    to lowest possible 
    value 
    						
    All Lucent Technologies manuals Comments (0)

    Related Manuals for Lucent Technologies BCS Products Security Handbook Instructions Manual