Home > Lucent Technologies > Communications System > Lucent Technologies BCS Products Security Handbook Instructions Manual

Lucent Technologies BCS Products Security Handbook Instructions Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Lucent Technologies BCS Products Security Handbook Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Large Business Communications Systems 
    Page 3-5 Keeping Unauthorized Third Parties from Entering the System 
    3
    Figure 3-1. Remote Access Call Path
    INCOMING
    REMOTE
    ACCESS CALL
    YES
    YES
    NO
    YES
    CODE?VALID
    CODE ENTERED
    CODE?VALID
    STOP
    BARRIER
    CODE
    REQUIRED?NO
    APPLY SECURITY
    VIOLATION NOTIFICATION
    STOP
    NO
    STOP
    YES
    ROUTE TO ATTENDANT
    OR DISCONNECT
    STOPNO
    CODE ENTERED
    ACCESS DIAL
    TONE?
    LOG INVALID ATTEMPT
    DISCONNECT CALL
    SYSTEM DIAL TONECALL PLACED
    CALL PLACED SYSTEM DIAL TONE
    SYSTEM DIAL TONENO
    YES CODE AUTHORIZATION
    REQUIRED?
    REMOTE
    SYSTEM DIAL TONE 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Large Business Communications Systems 
    Page 3-6 Keeping Unauthorized Third Parties from Entering the System 
    3
    For DEFINITY ECS, DEFINITY G1, G3, and System 75, you can assign up to 10 
    barrier codes to provide the first checkpoint. When barrier codes are required for 
    Remote Access, callers hear a special dial tone, and then must enter a valid 
    barrier code before they can access the PBX system.
    NOTE:
    With DEFINITY ECS, DEFINITY G1, G3, and System 75 R1V3, you can 
    require the entry of an authorization code after the barrier code prior to 
    callers receiving system dial tone for placing calls.
    Barrier codes can be up to seven digits (use all seven for maximum security). 
    Each barrier code can be assigned a different Class of Restriction (COR) and 
    Class of Service (COS) to identify the calling privileges available to the user who 
    enters it. For Remote Access calls, dialing a barrier code overrides the COR set 
    for the incoming facility; if no barrier code is required, the default COR on the 
    Trunk Group is used.
    NOTE:
    The COS assigned to the barrier code should be set to console 
    permission = n.
    For DEFINITY G3V3 and later (which includes DEFINITY ECS), the Remote 
    Access Barrier Code Aging feature provides a means of limiting the time that 
    remote access barrier codes are valid, and/or specifying the number of remote 
    access calls that can be placed per barrier code. The ability to define a barrier 
    code’s lifespan and automatically retire it at the end of its usefulness, or to specify 
    the number of times it can be used before it is retired can significantly reduce the 
    opportunity for unauthorized, fraudulent use of the remote access feature. For 
    more information, see ‘‘
    Remote Access Barrier Code Aging/Access Limits 
    (DEFINITY G3V3 and Later)’’ on page 3-61, and ‘‘Administering Barrier Code 
    Aging’’ on page D-11.
    For DEFINITY G3V3 and later, which includes DEFINITY ECS, the security 
    violation notification feature alerts the switch administrator of a login violation. 
    When a violation is detected for a valid login ID, the login ID is disabled, 
    prohibiting its further use until the security violation is investigated and the login ID 
    re-enabled. For more information, see ‘‘
    Administering Login ID Kill After N 
    Attempts’’ on page D-7.
    For DEFINITY G3V4 and later, which includes DEFINITY ECS, the Remote 
    Access Notification feature provides automatic reporting when Remote Access is 
    in use. For more information, see ‘‘
    Adding Customer Logins and Assigning Initial 
    Password’’ on page D-13.
    For DEFINITY G2 and System 85, either a barrier code or an authorization code 
    (see below) can be required before callers can access switch features or trunks. 
    There is only one 4-digit barrier code for Remote Access. This can be changed 
    using a Feature Access Code, and is normally assigned by the attendant. When 
    callers enter the wrong barrier code, the calls are given intercept treatment. 
    (When no barrier code is entered, the call can be routed to an attendant.) A barrier  
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Large Business Communications Systems 
    Page 3-7 Keeping Unauthorized Third Parties from Entering the System 
    3
    code should be used to screen entry into Remote Access; authorization codes 
    can then be used to screen outgoing calls on Automatic Alternate Routing (AAR), 
    Automatic Route Selection (ARS), and World Class Routing (WCR) (G2.2) trunks.
    Authorization Codes1
    NOTE:
    For all systems, once established, the number of digits (four to seven) in the 
    authorization code remains fixed unless all codes are removed and 
    re-entered. All authorization codes used in the system must be the same 
    length.
    For DEFINITY ECS, DEFINITY G1, G3, and System 75 R1V3, the calling 
    privileges of an authorization code overrides the privileges established by the 
    barrier code. With Remote Access calls, dialing an authorization code overrides 
    the COR set for the barrier code. Individual users should be assigned unique 
    authorization codes from four to seven digits (use all seven for maximum 
    security).
    Authorization codes serve as a second layer of protection when combined with 
    barrier codes for Remote Access. When authorization codes are required, the 
    caller hears a special dial tone (optional) and must then enter a valid authorization 
    code to access the system.
    NOTE:
    If a Remote Access caller is to be restricted from long distance but allowed 
    other ARS calls (for example, local), then the authorization code COR 
    should have an appropriately low FRL.
    NOTE:
    Authorization codes are also recorded by the PBX’s call detail recording 
    feature (SMDR/CDR), allowing for call verification by the individual assigned 
    the authorization code. Proper security must be followed to protect any 
    printed copies of the call records.
    For DEFINITY G2 and System 85, authorization codes can replace barrier codes 
    on incoming Remote Access facilities or can be used to screen outgoing calls on 
    AAR/ARS/WCR trunks. Only authorization codes with the Network Access Flag 
    set are permitted to make outgoing calls.
    The authorization code option requires that the caller enter a valid authorization 
    code to receive switch dial tone. The authorization code used for Remote Access 
    has an FRL value used by AAR/ARS/WCR trunks for outgoing calls [see ‘‘
    Facility 
    Restriction Level (FRL)’’ on page 3-15]. Up to 5,000 authorization codes can be 
    issued to System 75 R1V3 and DEFINITY G1 users, and up to 90,000 for 
    1. Authorization codes are standard only in System 85 and DEFINITY G2. They are an option 
    for System 75 R1V3, DEFINITY G1, and G3, and DEFINITY ECS require the customer to 
    purchase the appropriate right to use. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Large Business Communications Systems 
    Page 3-8 Keeping Unauthorized Third Parties from Entering the System 
    3
    System 85, DEFINITY G2, and G3 users. However, it is best to keep the number 
    of authorized users to a minimum.
    To maximize the security of the system, follow these steps:
    nWhen assigning authorization codes, give the users the lowest possible 
    FRL needed for their calling requirements.
    nBe sure to remove any unused authorization codes from the system, 
    including those assigned to employees who have changed assignments or 
    left the company.
    nAssign each authorization code the minimum level of calling permissions 
    required.
    nMake authorization codes nonconsecutive (random).
    nAdminister each authorization code to the maximum length allowed by the 
    system (7 digits).
    NOTE:
    When a call directed to a VDN points to a vector containing a Route To step, 
    and that Route To step attempts to utilize an authorization code, the call will 
    be denied.
    Feature Access Code Administration
    Certain Feature Access Codes may facilitate egress from the system and should 
    be used with care. These include: Data Origination, Data Privacy, Data 
    Restriction, Abbreviated Dialing, ARS/AAR, Call Forwarding, and Facility Test 
    Calls.
    Trunk Administration
    When trunk groups are administered they are assigned a Trunk Access Code 
    (TAC). Unless they are needed, prohibit both direct dial access and facility test 
    call access to trunk groups. This prevents callers from using TACs to obtain an 
    outgoing trunk.
    Remote Access Dial Tone
    For DEFINITY ECS, DEFINITY G1, G3, and System 75 R1V3, when a user 
    reaches the Remote Access port, if authorization codes are administered and 
    barrier codes are not used, the system can be administered so the caller will hear 
    a dial tone, a Remote Access tone, or silence as a prompt for the authorization 
    code.
    Night Service
    You can control the time of day that Remote Access is available by using the night 
    service feature. This limits the amount of time Remote Access is available and 
    thus reduces risks. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Large Business Communications Systems 
    Page 3-9 Keeping Unauthorized Third Parties from Entering the System 
    3
    For DEFINITY ECS, DEFINITY G1, G3, and System 75, trunks translated for 
    Remote Access can be given a night service destination. Although it is not 
    recommended, trunks accessing the system can be assigned a Remote Access 
    extension as a night service destination. The system will change to either allow or 
    deny access for a feature. A night service button can be assigned to implement 
    this capability. When night service is activated for these trunk groups, the Remote 
    Access feature is available. When night service is deactivated, calls can be routed 
    to an attendant for handling.
    For DEFINITY G2 and System 85, when the Remote Access feature is “shared” 
    with Listed Directory Number (LDN) service, a Remote Access call is routed to the 
    attendant under normal (business hours) conditions, and the attendant extends 
    the call like any other LDN call. When Unattended Console Service is active, 
    “shared” non-DID LDN service becomes inactive, and Remote Access calls are 
    handled as direct dialed access calls. In effect, with “shared” non-DID LDN 
    service, the Remote Access feature is turned off while the attendant is on duty. 
    This provides a degree of security for Remote Access during normal business 
    hours by allowing the attendant to screen Remote Access calls before extending 
    them.
    Call Vectoring (DEFINITY ECS and DEFINITY 
    G3 only)
    For DEFINITY ECS and DEFINITY G3, administering access to the Remote 
    Access feature through the use of Vector Directory Numbers (VDNs) can help 
    make the feature more secure. Call Vectoring allows incoming and internal calls to 
    be processed according to a programmed set of vector commands.
    To restrict the use of Remote Access at night, a DID/DNIS VDN can be translated 
    to route to a vector that has a step to route to the Remote Access extension. The 
    vector can check time of day and day of week to route the call to an 
    announcement or intercept tone if Remote Access is not allowed at certain times.
    Protecting Vectors That Contain Call Prompting
    Hackers try to enter unanticipated digit strings and deceive the switch into 
    transferring the call to a dial tone source. The Call Prompting feature can collect 
    digits from the user and route calls to a destination specified by those digits and/or 
    do conditional processing according to the digits dialed. Examples of destinations 
    include:
    non-premises or off-premises destinations 
    na hunt group or split
    na specific call treatment such as an announcement, forced disconnect or 
    delay treatment
    Calls access call vectors, or the different destinations, by means of VDNs, “soft” 
    switch extensions not assigned to a physical equipment location but having many 
    of the properties of a normal extension number, including a COR. The VDN, when  
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Large Business Communications Systems 
    Page 3-10 Keeping Unauthorized Third Parties from Entering the System 
    3
    dialed (or inferred), routes calls to the vector. Calls processed by the vector 
    carry the permissions and restrictions associated with the COR of the VDN
    .
    In order to deny incoming callers access to outgoing facilities, including tie lines, 
    configure the COR of the VDN to prohibit outgoing access. To do this, follow the 
    steps listed below. Also see ‘‘
    Trunk-to-Trunk Transfer’’ on page 3-19.
    nAssign a Calling Party Restriction of “Outward” and deny Facility Test Call 
    capability.
    nLower the FRL in the COR to the lowest acceptable value and use 
    COR-to-COR restrictions to deny access to specific outgoing trunk groups. 
    (FRL=0 would deny access to network routing preferences.)
    nBlock access to specific CORs assigned to outgoing trunk groups by using 
    the Calling Permissions section of the Class of Restriction screen.
    For DEFINITY ECS and DEFINITY G3, use of Call Vectoring with Prompting for 
    Remote Access allows the PBX to require a touch-tone response before the caller 
    hears a Remote Access dial tone. If no response is given, the call can be routed to 
    an attendant, announcement, or intercept tone. This makes it more difficult for 
    hackers to detect a Remote Access port.
    NOTE:
    Lucent Technologies strongly recommends, for both security and 
    performance reasons, that the Ethernet connectivity between the MFB and 
    the set of hosts with which it will communicate be a separate LAN segment. 
    Otherwise, an unscrupulous person could gain unauthorized access to the 
    DEFINITY LAN Gateway application in order to commit toll fraud and/or 
    tamper with the real-time aspects of CTI applications.
    For additional information, refer to 
    CallVisor ASAI Over the DEFINITY LAN 
    Gateway
    , 555-230-223.
    Status Remote Access Command
    For DEFINITY G3V4 and later, which includes DEFINITY ECS, the status 
    remote-access command provides the status of remote access. The display 
    provides data on whether or not a barrier code has expired, the expiration date 
    and time of the barrier code, the cause of the expiration, whether Remote Access 
    is disabled (SVN or command), the time and date when it was disabled, and 
    barrier codes.
    Logoff Screen Notification
    For DEFINITY G3V4 and later, which includes DEFINITY ECS, a notification is 
    provided on the logoff screen that identifies when Remote Access is enabled and 
    when the Facility Test Call Feature Access Code is active. The user has the option 
    of acknowledging these notifications. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Large Business Communications Systems 
    Page 3-11 Tools that Restrict Unauthorized Outgoing Calls 
    3
    Use of the acknowledgment option is strongly recommended for those systems 
    utilizing both Remote Access and Facility Test Call (for notification if the feature is 
    inadvertently left enabled), or those systems requiring notification if Facility Test 
    Call is linked to hacking activity.
    Tools that Restrict Unauthorized 
    Outgoing Calls
    Use the following tools to prevent fraudulent calls and monitor long distance 
    usage. (See Table 3-2.)
    Table 3-2. Security Tools for Outgoing Calls
    Security Tool Switch Page
    Class of Restriction DEFINITY ECS, DEFINITY G1, G3, and 
    System 753-12
    Class of Service All3-14
    Facility Restriction Levels All3-15
    Alternate Facility Restriction Levels DEFINITY ECS, DEFINITY G2, G3, and 
    System 853-16
    Toll Analysis DEFINITY ECS and DEFINITY G33-16
    Free Call List All3-16
    AAR/ARS Analysis DEFINITY ECS, DEFINITY G1, G2.1, G3, 
    System 75, System 853-17
    ARS Dial Tone All3-17
    Station Restrictions All3-17
    Fully Restricted Service All3-27
    Recall Signaling DEFINITY ECS, DEFINITY G1, G3, and 
    System 753-17
    Attendant-Controlled Voice Terminals All3-18
    Restrictions—Individual and 
    Group-ControlledDEFINITY ECS, DEFINITY G1, G3, and 
    System 753-18
    Central Office Restrictions All3-19
    Restricting Incoming Tie Trunks All3-19
    Monitoring Trunks DEFINITY ECS and DEFINITY G1 and G33-41
    Terminal Translation Initialization DEFINITY ECS, DEFINITY G2, G3r, 
    G3V2, System 853-42
    Authorization Codes DEFINITY ECS, DEFINITY G1, G2, G3, 
    System 75 (R1V3), System 85 3-19 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Large Business Communications Systems 
    Page 3-12 Tools that Restrict Unauthorized Outgoing Calls 
    3
    Class of Restriction
    For DEFINITY ECS, DEFINITY G1, G3, and System 75, the Class of Restriction 
    (COR) places calling permissions and restrictions on both the calling party and the 
    called extension. Up to 64 CORs can be defined in the system. For DEFINITY 
    ECS, DEFINITY G3rV1, G3i-Global, and G3V2, the number of CORs has been 
    increased to 96. For DEFINITY ECS and DEFINITY G3V3, each COR may be 
    assigned a unique name via the Class of Restriction Form. CORs are assigned to 
    trunks, stations, authorization codes, attendant consoles (as a group), remote 
    access barrier codes, and loudspeaker paging access zones. CORs provide or 
    prevent the ability to make specific types of calls or calls to trunks and stations 
    with other specified CORs.
    You can use the COR calling permissions (COR-to-COR restrictions) that set 
    calling permissions on the COR to disallow stations to access trunks, and to 
    disallow trunk groups to access other trunk groups. The COR also assigns Facility 
    Restriction Levels (FRLs) for use by WCR/AAR/ARS routing.
    NOTE:
    When a call is routed to a VDN, the COR of the VDN determines where the 
    call can be routed. If the COR is not restricted and the vector contains a 
    collect digit step, the caller could dial 9 or a TAC and be routed out of the 
    system to the network.
    For DEFINITY G3 systems prior to DEFINITY ECS Release 5, as well as for G1 
    and System 75 systems, the default value of the “FRL” field on the COR form is 7. 
    Starting with DEFINITY ECS Release 5, the default value of the field is 0. This is 
    true for all CORs except for CORs 10 through 17, whose defaults are 0 through 7, 
    respectively. These defaults help ensure that FRLs with greater calling privileges 
    are assigned only when appropriate.
    To help maximize system security, follow these steps:
    nAssign a separate COR to incoming and outgoing trunk groups, and then 
    restrict calling between the two groups.
    nLimit the calling permissions as much as possible by setting appropriate 
    Calling Party Restrictions and FRLs.
    nRestrict the port COR of adjuncts from accessing the trunk group CORs.
    Calling Party and Called Party Restrictions
    For DEFINITY G3 systems prior to DEFINITY ECS Release 5, as well as for G1 
    and System 75 systems, the default value of the “Calling Party Restriction” field 
    on the COR form is “none.” Starting with DEFINITY ECS Release 5, the default 
    value of the field is “outward.” This default ensures that the ability to place calls 
    that access public network facilities is assigned only when appropriate. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Large Business Communications Systems 
    Page 3-13 Tools that Restrict Unauthorized Outgoing Calls 
    3
    The following restrictions can be placed on the originating station or trunk:
    nOutward Restricted: cannot make Public Network Calls via AAR/ARS or 
    TACs. Calls can be placed to internal stations, to tie trunks via TACs, and 
    off-switch via the Uniform Dial Plan (UDP).
    NOTE:
    Some states require that all telephones be able to dial emergency 
    numbers, such as 911.
    nToll Restriction: cannot make toll calls unless the numbers are specified on 
    an unrestricted call list. For G3, you can specify if the restriction applies to 
    all toll calls or only TAC toll calls over CO/FX trunks.
    NOTE:
    The switch identifies all public network calls with  or   as the first 
    or second digit as toll calls. For G3, toll calls and private network calls 
    are defined on the Toll Analysis screen. For G2.2, only the first digit, 
     or  , identifies it as a toll call.
    nCode Restriction: for DEFINITY G1 and System 75, denies outgoing calls 
    to selected office and area codes administered in the code table.
    nFully Restricted: for DEFINITY ECS and DEFINITY G3, denies outgoing 
    calls, including dial access to trunks. Allows no incoming calls via Public 
    Network trunks. See also ‘‘
    Fully Restrict Service’’ on page 3-27.
    COR-to-COR Restrictions/Calling Permissions
    If it is not practical to dial-access-restrict outgoing or two-way trunk groups, then 
    COR-to-COR restrictions should be used to prevent direct access to those trunk 
    groups. These restrictions can give no calling permissions to CORs assigned to 
    trunk groups or data stations.
    The following options are available:
    nVoice Terminal—Public Restriction: restricts callers at specified voice 
    terminals from receiving public network calls. A denied call is routed to an 
    intercept tone, a recorded announcement, or the attendant.
    Calls can redirect to a public-restricted voice terminal. The COR of the 
    originally called extension number is the only one checked.
    nVoice Terminal—Termination Restriction: restricts voice terminal users on 
    specified extension numbers from receiving any calls. However, voice 
    terminal users CAN originate calls. Direct Inward Dialing or Advanced 
    Private Line Termination calls are routed to a recorded announcement or 
    the attendant.
    NOTE:
    When a call is to a VDN extension, the COR of the caller and the 
    VDN are compared to determine if the associated Call Vector can be 
    01
    01 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Large Business Communications Systems 
    Page 3-14 Tools that Restrict Unauthorized Outgoing Calls 
    3
    accessed. After the vector is accessed, the COR of the VDN is used 
    for further call permission checking. See also ‘‘
    Restriction Override 
    (3-way COR Check)’’ on page 3-14.
    Restriction Override (3-way COR Check)
    The Restriction Override feature, which is available only with DEFINITY 
    G3i-Global and G3V2 and later, determines whether or not there is a 3-way COR 
    check made on Conference and Transfer Calls.
    For DEFINITY G3 systems prior to DEFINITY ECS Release 5, as well as for G1 
    and System 75 systems, the default value of the “Restriction Override” field on the 
    COR form is “all.” Starting with DEFINITY ECS Release 5, the default value of the 
    field is “none” for all CORs. This helps ensure that the feature is assigned only 
    when appropriate.
    If Restriction Override=all, only the controlling party’s COR is checked against the 
    CORs of all other parties on the conference and/or transfer call for 
    station-controlled transfers and conferences, not attendant-controlled 
    conferences and attendant-extended calls. If Restriction Override=none, the new 
    party’s COR is always checked against the CORs of all other parties on attendant 
    extended calls and attendant-controlled conferences, as well as on all 
    station-controlled conferences and transfers.
    Class of Service
    For DEFINITY G2 and System 85, station access to various switch features is 
    controlled by options in the Class of Service (COS) associated with the extension 
    number. The following COS options are related to toll fraud prevention:
    nCall Forward Off-Net: allows a user to call forward outside the switch to 
    non-toll locations (G2.1). In G2.2, the user may be allowed to forward to a 
    toll location (including international destinations), depending on the 
    permissions and restrictions for that extension, as defined in PROC000, 
    WORD3, FIELD7.
    nCall Forward Follow Me: allows a user to forward calls outside the switch 
    when other options are set. 
    nMiscellaneous Trunk Restrictions: restricts certain stations from calling 
    certain trunk groups via dial access codes.
    nAPLT Off-Net: allows callers to dial public network numbers over the 
    EPSCS private network.
    nTerminal-to-Terminal Restriction: restricts the user from placing or receiving 
    any calls except to and from other stations on the switch.
    nOutward Restriction: restricts the user from placing calls over the CO, FX, 
    or WATS trunks using dial access codes to trunks. Outward restriction also 
    restricts the user from placing calls via ARS/WCR. Use ARS/WCR with 
    WCR toll restrictions instead. 
    						
    All Lucent Technologies manuals Comments (0)

    Related Manuals for Lucent Technologies BCS Products Security Handbook Instructions Manual