Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies BCS Products Security Handbook Instructions Manual
Lucent Technologies BCS Products Security Handbook Instructions Manual
Have a look at the manual Lucent Technologies BCS Products Security Handbook Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Large Business Communications Systems Page 3-5 Keeping Unauthorized Third Parties from Entering the System 3 Figure 3-1. Remote Access Call Path INCOMING REMOTE ACCESS CALL YES YES NO YES CODE?VALID CODE ENTERED CODE?VALID STOP BARRIER CODE REQUIRED?NO APPLY SECURITY VIOLATION NOTIFICATION STOP NO STOP YES ROUTE TO ATTENDANT OR DISCONNECT STOPNO CODE ENTERED ACCESS DIAL TONE? LOG INVALID ATTEMPT DISCONNECT CALL SYSTEM DIAL TONECALL PLACED CALL PLACED SYSTEM DIAL TONE SYSTEM DIAL TONENO YES CODE AUTHORIZATION REQUIRED? REMOTE SYSTEM DIAL TONE
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Large Business Communications Systems Page 3-6 Keeping Unauthorized Third Parties from Entering the System 3 For DEFINITY ECS, DEFINITY G1, G3, and System 75, you can assign up to 10 barrier codes to provide the first checkpoint. When barrier codes are required for Remote Access, callers hear a special dial tone, and then must enter a valid barrier code before they can access the PBX system. NOTE: With DEFINITY ECS, DEFINITY G1, G3, and System 75 R1V3, you can require the entry of an authorization code after the barrier code prior to callers receiving system dial tone for placing calls. Barrier codes can be up to seven digits (use all seven for maximum security). Each barrier code can be assigned a different Class of Restriction (COR) and Class of Service (COS) to identify the calling privileges available to the user who enters it. For Remote Access calls, dialing a barrier code overrides the COR set for the incoming facility; if no barrier code is required, the default COR on the Trunk Group is used. NOTE: The COS assigned to the barrier code should be set to console permission = n. For DEFINITY G3V3 and later (which includes DEFINITY ECS), the Remote Access Barrier Code Aging feature provides a means of limiting the time that remote access barrier codes are valid, and/or specifying the number of remote access calls that can be placed per barrier code. The ability to define a barrier code’s lifespan and automatically retire it at the end of its usefulness, or to specify the number of times it can be used before it is retired can significantly reduce the opportunity for unauthorized, fraudulent use of the remote access feature. For more information, see ‘‘ Remote Access Barrier Code Aging/Access Limits (DEFINITY G3V3 and Later)’’ on page 3-61, and ‘‘Administering Barrier Code Aging’’ on page D-11. For DEFINITY G3V3 and later, which includes DEFINITY ECS, the security violation notification feature alerts the switch administrator of a login violation. When a violation is detected for a valid login ID, the login ID is disabled, prohibiting its further use until the security violation is investigated and the login ID re-enabled. For more information, see ‘‘ Administering Login ID Kill After N Attempts’’ on page D-7. For DEFINITY G3V4 and later, which includes DEFINITY ECS, the Remote Access Notification feature provides automatic reporting when Remote Access is in use. For more information, see ‘‘ Adding Customer Logins and Assigning Initial Password’’ on page D-13. For DEFINITY G2 and System 85, either a barrier code or an authorization code (see below) can be required before callers can access switch features or trunks. There is only one 4-digit barrier code for Remote Access. This can be changed using a Feature Access Code, and is normally assigned by the attendant. When callers enter the wrong barrier code, the calls are given intercept treatment. (When no barrier code is entered, the call can be routed to an attendant.) A barrier
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Large Business Communications Systems Page 3-7 Keeping Unauthorized Third Parties from Entering the System 3 code should be used to screen entry into Remote Access; authorization codes can then be used to screen outgoing calls on Automatic Alternate Routing (AAR), Automatic Route Selection (ARS), and World Class Routing (WCR) (G2.2) trunks. Authorization Codes1 NOTE: For all systems, once established, the number of digits (four to seven) in the authorization code remains fixed unless all codes are removed and re-entered. All authorization codes used in the system must be the same length. For DEFINITY ECS, DEFINITY G1, G3, and System 75 R1V3, the calling privileges of an authorization code overrides the privileges established by the barrier code. With Remote Access calls, dialing an authorization code overrides the COR set for the barrier code. Individual users should be assigned unique authorization codes from four to seven digits (use all seven for maximum security). Authorization codes serve as a second layer of protection when combined with barrier codes for Remote Access. When authorization codes are required, the caller hears a special dial tone (optional) and must then enter a valid authorization code to access the system. NOTE: If a Remote Access caller is to be restricted from long distance but allowed other ARS calls (for example, local), then the authorization code COR should have an appropriately low FRL. NOTE: Authorization codes are also recorded by the PBX’s call detail recording feature (SMDR/CDR), allowing for call verification by the individual assigned the authorization code. Proper security must be followed to protect any printed copies of the call records. For DEFINITY G2 and System 85, authorization codes can replace barrier codes on incoming Remote Access facilities or can be used to screen outgoing calls on AAR/ARS/WCR trunks. Only authorization codes with the Network Access Flag set are permitted to make outgoing calls. The authorization code option requires that the caller enter a valid authorization code to receive switch dial tone. The authorization code used for Remote Access has an FRL value used by AAR/ARS/WCR trunks for outgoing calls [see ‘‘ Facility Restriction Level (FRL)’’ on page 3-15]. Up to 5,000 authorization codes can be issued to System 75 R1V3 and DEFINITY G1 users, and up to 90,000 for 1. Authorization codes are standard only in System 85 and DEFINITY G2. They are an option for System 75 R1V3, DEFINITY G1, and G3, and DEFINITY ECS require the customer to purchase the appropriate right to use.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Large Business Communications Systems Page 3-8 Keeping Unauthorized Third Parties from Entering the System 3 System 85, DEFINITY G2, and G3 users. However, it is best to keep the number of authorized users to a minimum. To maximize the security of the system, follow these steps: nWhen assigning authorization codes, give the users the lowest possible FRL needed for their calling requirements. nBe sure to remove any unused authorization codes from the system, including those assigned to employees who have changed assignments or left the company. nAssign each authorization code the minimum level of calling permissions required. nMake authorization codes nonconsecutive (random). nAdminister each authorization code to the maximum length allowed by the system (7 digits). NOTE: When a call directed to a VDN points to a vector containing a Route To step, and that Route To step attempts to utilize an authorization code, the call will be denied. Feature Access Code Administration Certain Feature Access Codes may facilitate egress from the system and should be used with care. These include: Data Origination, Data Privacy, Data Restriction, Abbreviated Dialing, ARS/AAR, Call Forwarding, and Facility Test Calls. Trunk Administration When trunk groups are administered they are assigned a Trunk Access Code (TAC). Unless they are needed, prohibit both direct dial access and facility test call access to trunk groups. This prevents callers from using TACs to obtain an outgoing trunk. Remote Access Dial Tone For DEFINITY ECS, DEFINITY G1, G3, and System 75 R1V3, when a user reaches the Remote Access port, if authorization codes are administered and barrier codes are not used, the system can be administered so the caller will hear a dial tone, a Remote Access tone, or silence as a prompt for the authorization code. Night Service You can control the time of day that Remote Access is available by using the night service feature. This limits the amount of time Remote Access is available and thus reduces risks.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Large Business Communications Systems Page 3-9 Keeping Unauthorized Third Parties from Entering the System 3 For DEFINITY ECS, DEFINITY G1, G3, and System 75, trunks translated for Remote Access can be given a night service destination. Although it is not recommended, trunks accessing the system can be assigned a Remote Access extension as a night service destination. The system will change to either allow or deny access for a feature. A night service button can be assigned to implement this capability. When night service is activated for these trunk groups, the Remote Access feature is available. When night service is deactivated, calls can be routed to an attendant for handling. For DEFINITY G2 and System 85, when the Remote Access feature is “shared” with Listed Directory Number (LDN) service, a Remote Access call is routed to the attendant under normal (business hours) conditions, and the attendant extends the call like any other LDN call. When Unattended Console Service is active, “shared” non-DID LDN service becomes inactive, and Remote Access calls are handled as direct dialed access calls. In effect, with “shared” non-DID LDN service, the Remote Access feature is turned off while the attendant is on duty. This provides a degree of security for Remote Access during normal business hours by allowing the attendant to screen Remote Access calls before extending them. Call Vectoring (DEFINITY ECS and DEFINITY G3 only) For DEFINITY ECS and DEFINITY G3, administering access to the Remote Access feature through the use of Vector Directory Numbers (VDNs) can help make the feature more secure. Call Vectoring allows incoming and internal calls to be processed according to a programmed set of vector commands. To restrict the use of Remote Access at night, a DID/DNIS VDN can be translated to route to a vector that has a step to route to the Remote Access extension. The vector can check time of day and day of week to route the call to an announcement or intercept tone if Remote Access is not allowed at certain times. Protecting Vectors That Contain Call Prompting Hackers try to enter unanticipated digit strings and deceive the switch into transferring the call to a dial tone source. The Call Prompting feature can collect digits from the user and route calls to a destination specified by those digits and/or do conditional processing according to the digits dialed. Examples of destinations include: non-premises or off-premises destinations na hunt group or split na specific call treatment such as an announcement, forced disconnect or delay treatment Calls access call vectors, or the different destinations, by means of VDNs, “soft” switch extensions not assigned to a physical equipment location but having many of the properties of a normal extension number, including a COR. The VDN, when
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Large Business Communications Systems Page 3-10 Keeping Unauthorized Third Parties from Entering the System 3 dialed (or inferred), routes calls to the vector. Calls processed by the vector carry the permissions and restrictions associated with the COR of the VDN . In order to deny incoming callers access to outgoing facilities, including tie lines, configure the COR of the VDN to prohibit outgoing access. To do this, follow the steps listed below. Also see ‘‘ Trunk-to-Trunk Transfer’’ on page 3-19. nAssign a Calling Party Restriction of “Outward” and deny Facility Test Call capability. nLower the FRL in the COR to the lowest acceptable value and use COR-to-COR restrictions to deny access to specific outgoing trunk groups. (FRL=0 would deny access to network routing preferences.) nBlock access to specific CORs assigned to outgoing trunk groups by using the Calling Permissions section of the Class of Restriction screen. For DEFINITY ECS and DEFINITY G3, use of Call Vectoring with Prompting for Remote Access allows the PBX to require a touch-tone response before the caller hears a Remote Access dial tone. If no response is given, the call can be routed to an attendant, announcement, or intercept tone. This makes it more difficult for hackers to detect a Remote Access port. NOTE: Lucent Technologies strongly recommends, for both security and performance reasons, that the Ethernet connectivity between the MFB and the set of hosts with which it will communicate be a separate LAN segment. Otherwise, an unscrupulous person could gain unauthorized access to the DEFINITY LAN Gateway application in order to commit toll fraud and/or tamper with the real-time aspects of CTI applications. For additional information, refer to CallVisor ASAI Over the DEFINITY LAN Gateway , 555-230-223. Status Remote Access Command For DEFINITY G3V4 and later, which includes DEFINITY ECS, the status remote-access command provides the status of remote access. The display provides data on whether or not a barrier code has expired, the expiration date and time of the barrier code, the cause of the expiration, whether Remote Access is disabled (SVN or command), the time and date when it was disabled, and barrier codes. Logoff Screen Notification For DEFINITY G3V4 and later, which includes DEFINITY ECS, a notification is provided on the logoff screen that identifies when Remote Access is enabled and when the Facility Test Call Feature Access Code is active. The user has the option of acknowledging these notifications.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Large Business Communications Systems Page 3-11 Tools that Restrict Unauthorized Outgoing Calls 3 Use of the acknowledgment option is strongly recommended for those systems utilizing both Remote Access and Facility Test Call (for notification if the feature is inadvertently left enabled), or those systems requiring notification if Facility Test Call is linked to hacking activity. Tools that Restrict Unauthorized Outgoing Calls Use the following tools to prevent fraudulent calls and monitor long distance usage. (See Table 3-2.) Table 3-2. Security Tools for Outgoing Calls Security Tool Switch Page Class of Restriction DEFINITY ECS, DEFINITY G1, G3, and System 753-12 Class of Service All3-14 Facility Restriction Levels All3-15 Alternate Facility Restriction Levels DEFINITY ECS, DEFINITY G2, G3, and System 853-16 Toll Analysis DEFINITY ECS and DEFINITY G33-16 Free Call List All3-16 AAR/ARS Analysis DEFINITY ECS, DEFINITY G1, G2.1, G3, System 75, System 853-17 ARS Dial Tone All3-17 Station Restrictions All3-17 Fully Restricted Service All3-27 Recall Signaling DEFINITY ECS, DEFINITY G1, G3, and System 753-17 Attendant-Controlled Voice Terminals All3-18 Restrictions—Individual and Group-ControlledDEFINITY ECS, DEFINITY G1, G3, and System 753-18 Central Office Restrictions All3-19 Restricting Incoming Tie Trunks All3-19 Monitoring Trunks DEFINITY ECS and DEFINITY G1 and G33-41 Terminal Translation Initialization DEFINITY ECS, DEFINITY G2, G3r, G3V2, System 853-42 Authorization Codes DEFINITY ECS, DEFINITY G1, G2, G3, System 75 (R1V3), System 85 3-19
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Large Business Communications Systems Page 3-12 Tools that Restrict Unauthorized Outgoing Calls 3 Class of Restriction For DEFINITY ECS, DEFINITY G1, G3, and System 75, the Class of Restriction (COR) places calling permissions and restrictions on both the calling party and the called extension. Up to 64 CORs can be defined in the system. For DEFINITY ECS, DEFINITY G3rV1, G3i-Global, and G3V2, the number of CORs has been increased to 96. For DEFINITY ECS and DEFINITY G3V3, each COR may be assigned a unique name via the Class of Restriction Form. CORs are assigned to trunks, stations, authorization codes, attendant consoles (as a group), remote access barrier codes, and loudspeaker paging access zones. CORs provide or prevent the ability to make specific types of calls or calls to trunks and stations with other specified CORs. You can use the COR calling permissions (COR-to-COR restrictions) that set calling permissions on the COR to disallow stations to access trunks, and to disallow trunk groups to access other trunk groups. The COR also assigns Facility Restriction Levels (FRLs) for use by WCR/AAR/ARS routing. NOTE: When a call is routed to a VDN, the COR of the VDN determines where the call can be routed. If the COR is not restricted and the vector contains a collect digit step, the caller could dial 9 or a TAC and be routed out of the system to the network. For DEFINITY G3 systems prior to DEFINITY ECS Release 5, as well as for G1 and System 75 systems, the default value of the “FRL” field on the COR form is 7. Starting with DEFINITY ECS Release 5, the default value of the field is 0. This is true for all CORs except for CORs 10 through 17, whose defaults are 0 through 7, respectively. These defaults help ensure that FRLs with greater calling privileges are assigned only when appropriate. To help maximize system security, follow these steps: nAssign a separate COR to incoming and outgoing trunk groups, and then restrict calling between the two groups. nLimit the calling permissions as much as possible by setting appropriate Calling Party Restrictions and FRLs. nRestrict the port COR of adjuncts from accessing the trunk group CORs. Calling Party and Called Party Restrictions For DEFINITY G3 systems prior to DEFINITY ECS Release 5, as well as for G1 and System 75 systems, the default value of the “Calling Party Restriction” field on the COR form is “none.” Starting with DEFINITY ECS Release 5, the default value of the field is “outward.” This default ensures that the ability to place calls that access public network facilities is assigned only when appropriate.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Large Business Communications Systems Page 3-13 Tools that Restrict Unauthorized Outgoing Calls 3 The following restrictions can be placed on the originating station or trunk: nOutward Restricted: cannot make Public Network Calls via AAR/ARS or TACs. Calls can be placed to internal stations, to tie trunks via TACs, and off-switch via the Uniform Dial Plan (UDP). NOTE: Some states require that all telephones be able to dial emergency numbers, such as 911. nToll Restriction: cannot make toll calls unless the numbers are specified on an unrestricted call list. For G3, you can specify if the restriction applies to all toll calls or only TAC toll calls over CO/FX trunks. NOTE: The switch identifies all public network calls with or as the first or second digit as toll calls. For G3, toll calls and private network calls are defined on the Toll Analysis screen. For G2.2, only the first digit, or , identifies it as a toll call. nCode Restriction: for DEFINITY G1 and System 75, denies outgoing calls to selected office and area codes administered in the code table. nFully Restricted: for DEFINITY ECS and DEFINITY G3, denies outgoing calls, including dial access to trunks. Allows no incoming calls via Public Network trunks. See also ‘‘ Fully Restrict Service’’ on page 3-27. COR-to-COR Restrictions/Calling Permissions If it is not practical to dial-access-restrict outgoing or two-way trunk groups, then COR-to-COR restrictions should be used to prevent direct access to those trunk groups. These restrictions can give no calling permissions to CORs assigned to trunk groups or data stations. The following options are available: nVoice Terminal—Public Restriction: restricts callers at specified voice terminals from receiving public network calls. A denied call is routed to an intercept tone, a recorded announcement, or the attendant. Calls can redirect to a public-restricted voice terminal. The COR of the originally called extension number is the only one checked. nVoice Terminal—Termination Restriction: restricts voice terminal users on specified extension numbers from receiving any calls. However, voice terminal users CAN originate calls. Direct Inward Dialing or Advanced Private Line Termination calls are routed to a recorded announcement or the attendant. NOTE: When a call is to a VDN extension, the COR of the caller and the VDN are compared to determine if the associated Call Vector can be 01 01
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Large Business Communications Systems Page 3-14 Tools that Restrict Unauthorized Outgoing Calls 3 accessed. After the vector is accessed, the COR of the VDN is used for further call permission checking. See also ‘‘ Restriction Override (3-way COR Check)’’ on page 3-14. Restriction Override (3-way COR Check) The Restriction Override feature, which is available only with DEFINITY G3i-Global and G3V2 and later, determines whether or not there is a 3-way COR check made on Conference and Transfer Calls. For DEFINITY G3 systems prior to DEFINITY ECS Release 5, as well as for G1 and System 75 systems, the default value of the “Restriction Override” field on the COR form is “all.” Starting with DEFINITY ECS Release 5, the default value of the field is “none” for all CORs. This helps ensure that the feature is assigned only when appropriate. If Restriction Override=all, only the controlling party’s COR is checked against the CORs of all other parties on the conference and/or transfer call for station-controlled transfers and conferences, not attendant-controlled conferences and attendant-extended calls. If Restriction Override=none, the new party’s COR is always checked against the CORs of all other parties on attendant extended calls and attendant-controlled conferences, as well as on all station-controlled conferences and transfers. Class of Service For DEFINITY G2 and System 85, station access to various switch features is controlled by options in the Class of Service (COS) associated with the extension number. The following COS options are related to toll fraud prevention: nCall Forward Off-Net: allows a user to call forward outside the switch to non-toll locations (G2.1). In G2.2, the user may be allowed to forward to a toll location (including international destinations), depending on the permissions and restrictions for that extension, as defined in PROC000, WORD3, FIELD7. nCall Forward Follow Me: allows a user to forward calls outside the switch when other options are set. nMiscellaneous Trunk Restrictions: restricts certain stations from calling certain trunk groups via dial access codes. nAPLT Off-Net: allows callers to dial public network numbers over the EPSCS private network. nTerminal-to-Terminal Restriction: restricts the user from placing or receiving any calls except to and from other stations on the switch. nOutward Restriction: restricts the user from placing calls over the CO, FX, or WATS trunks using dial access codes to trunks. Outward restriction also restricts the user from placing calls via ARS/WCR. Use ARS/WCR with WCR toll restrictions instead.