Home > Lucent Technologies > Communications System > Lucent Technologies BCS Products Security Handbook

Lucent Technologies BCS Products Security Handbook

    Download as PDF Print this page Share this page

    Have a look at the manual Lucent Technologies BCS Products Security Handbook online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							555-025-600
    Comcode 108074378
    Issue 6
    December 1997
    BCS Products
    Security Handbook 
    						
    							Copyright Ó 1996, Lucent Technologies
    All Rights Reserved
    Printed in U.S.A.
    NoticeWhile reasonable efforts were made to ensure that the 
    information in this document was complete and accurate at the 
    time of printing, Lucent Technologies can assume no 
    responsibility for any errors. Changes and corrections to the 
    information contained in this document may be incorporated into 
    future reissues.
    Your Responsibility for Your System’s SecurityToll fraud is the unauthorized use of your telecommunications 
    system by an unauthorized party, for example, persons other 
    than your company’s employees, agents, subcontractors, or 
    persons working on your company’s behalf. Note that there may 
    be a risk of toll fraud associated with your telecommunications 
    system, and if toll fraud occurs, it can result in substantial 
    additional charges for your telecommunications services.
    You and your system manager are responsible for the security of 
    your system, such as programming and configuring your 
    equipment to prevent unauthorized use. The system manager is 
    also responsible for reading all installation, instruction, and 
    system administration documents provided with this product in 
    order to fully understand the features that can introduce risk of 
    toll fraud and the steps that can be taken to reduce that risk. 
    Lucent Technologies does not warrant that this product is 
    immune from or will prevent unauthorized use of common-carrier 
    telecommunication services or facilities accessed through or 
    connected to it. Lucent Technologies will not be responsible for 
    any charges that result from such unauthorized use.
    Lucent Technologies Fraud InterventionIf you suspect you are being victimized by toll fraud and you 
    need technical support or assistance, call the appropriate BCS 
    National Customer Care Center telephone number. Users of the 
    Merlin
    ®, PARTNER®, and System 25 products should call 1 800 
    628-2888.  Users of the System 75, System 85, DEFINITY 
    Generic 1, 2 and 3, and DEFINITY
    ® ECS products should call 1 
    800 643-2353.Customers outside the continental United States should contact 
    their local Lucent representative, or call one of the above 
    numbers in the following manner: 
    1) Dial the International Access Code; for example, 011. 
    2) Dial the country code for the U.S., that is, 01. 
    3) Lastly, dial either of the telephone numbers provided above.
    WWW Home PageThe www home page for Lucent Technologies is 
    www.lucent.com.
    AcknowledgmentThis document was prepared by the BCS Product 
    Documentation Development group, Lucent Technologies, 
    Middletown, NJ 07748-9972.
    TrademarksAUDIX is a registered trademark of Lucent Technologies.
    CallMaster is a registered trademark of Lucent Technologies.
    CallVisor is a registered trademark of Lucent Technologies.
    Carbon Copy Plus is a trademark of Microcom Systems, Inc.
    CentreVu is a trademark of Lucent Technologies.
    CONVERSANT is a registered trademark of Lucent 
    Technologies.
    DEFINITY is a registered trademark of Lucent Technologies. In 
    this document, DEFINITY Communications System Generic 1 
    is often abbreviated to Generic 1, or G1. DEFINITY 
    Communications System Generic 2 is often abbreviated to 
    Generic 2, or G2. DEFINITY Communications System Generic 
    3 is often abbreviated to Generic 3, or G3.
    DIMENSION is a registered trademark of Lucent Technologies.
    HackerTracker is a registered trademark of AT&T.
    Intel is a registered trademark of Intel Corporation.
    I
    NTUITY is a trademark of Lucent Technologies.
    Macintosh is a registered trademark of Apple Computer, Inc.
    MERLIN is a registered trademark of Lucent Technologies.
    MERLIN LEGEND is a registered trademark of Lucent 
    Technologies.
    MERLIN MAIL is a registered trademark of Lucent Technologies.
    Microsoft and Windows are registered trademarks of Microsoft 
    Corporation.
    NetPROTECT is a service mark of Lucent Technologies.
    Netware is a registered trademark of Novell Inc.
    Norton pcANYWHERE is a registered trademark of Symantic 
    Corp.
    OS/2 is a registered trademark of the International Business 
    Machines Corporation.
    PARTNER is a registered trademark of Lucent Technologies.
    PARTNER MAIL is a registered trademark of Lucent 
    Technologies.
    PARTNER MAIL VS is a registered trademark of Lucent 
    Technologies.
    PassageWay is a registered trademark of Lucent Technologies.
    Sun is a registered trademark and SPARCserver is a trademark 
    of Sun Microsystems Inc .
    TransTalk is a trademark of Lucent Technologies.
    Windows is a registered trademark of Microsoft Corporation.
    Windows NT is a trademark of Microsoft Corporation.
    UNIX is a registered trademark in the United States and other 
    countries, licensed exclusively through X/Open Company 
    Limited.
    Voice Power is a registered trademark of Lucent Technologies.
    Ordering Information
    Call:Lucent Technologies BCS Publications Center
    Voice  1 800 457-1235 International Voice 317 
    322-6416
    Fax 1 800 457-1764 International Fax 317 
    322-6699
    Write:Lucent Technologies BCS Publications Center
    2855 N. Franklin Road
                    Indianapolis, IN 46219
    Order:Document No. 555-025-600
    Issue 6, December 1997
    For more information about Lucent Technologies documents, 
    refer to the
     Business Communications Systems Publications 
    Catalog 
    (555-000-010). 
    						
    							BCS Products
    Security Handbook  
    555-025-600  
    Issue 6
    December 1997
    Contents 
    Page iii  
    Contents
    About This Document xiii
    nScope of this Handbookxiii
    nReason for Reissuexv
    nIntended Audiencexv
    nHow this Guide is Organizedxvi
    nLucent Technologies’ Statement of Directionxvii
    nLucent Technologies/Customer Security Roles and 
    Responsibilitiesxviii
    Lucent Technologies’ Roles and Responsibilitiesxix
    Customer Roles and Responsibilitiesxx
    nLucent Technologies Security Offeringsxx
    nLucent Technologies Toll Fraud Crisis Interventionxxi
    Helplinesxxi
    nRelated Documentationxxii
    1 Introduction 1-1
    nBackground1-1
    nWho is the Enemy?1-2
    Hackers and Phreakers1-2
    Call Sell Operations1-2
    Drug Dealers1-3
    nWhat is in a Loss?1-3
    Cost of the Phone Bill1-3
    Lost Revenue1-3
    Expenses1-3
    nKnown Toll Fraud Activity1-3
    2 Security Risks 2-1
    nOverview2-1
    nRemote Access2-2
    nAutomated Attendant2-3
    nOther Port Security Risks2-3
    nVoice Messaging Systems2-4
    nAdministration / Maintenance Access2-4
    Passwords2-4
    Increasing Adjunct Access Security2-6 
    						
    							BCS Products
    Security Handbook  
    555-025-600  
    Issue 6
    December 1997
    Contents 
    Page iv  
    Increasing Product Access (Port) Security2-6
    nGeneral Security Measures2-7
    Educating Users2-7
    Establishing a Policy2-8
    Physical Security2-9
    nSecurity Goals Tables2-9
    3 Large Business Communications Systems 3-1
    nKeeping Unauthorized Third Parties
    from Entering the System3-2
    How Third Parties Enter the System3-2
    Protecting the Remote Access Feature3-2
    Security Tips3-2
    Disabling/Removing Remote Access3-3
    Tools to Protect Remote Access3-3
    Status Remote Access Command3-10
    Logoff Screen Notification3-10
    nTools that Restrict Unauthorized Outgoing Calls3-11
    Class of Restriction3-12
    Class of Service3-14
    Facility Restriction Level (FRL)3-15
    Alternate Facility Restriction Levels3-16
    Toll Analysis (G3 only)3-16
    Free Call List3-16
    AAR/ARS Analysis3-17
    ARS Dial Tone3-17
    Station Restrictions3-17
    Recall Signaling (Switchhook Flash)3-17
    Attendant - Controlled Voice Terminals3-18
    Restrictions — Individual and Group-Controlled
    (DEFINITY ECS, DEFINITY G1, G3, and
    System 75)3-18
    Central Office Restrictions3-19
    Restricting Incoming Tie Trunks3-19
    Authorization Codes3-19
    Trunk-to-Trunk Transfer3-19
    Forced Entry of Account Code3-20 
    						
    							BCS Products
    Security Handbook  
    555-025-600  
    Issue 6
    December 1997
    Contents 
    Page v  
    World Class Routing (DEFINITY ECS and
    DEFINITY G2.2 and G3 only)3-20
    Digit Conversion3-21
    Station Security Codes (SSCs)3-21
    Personal Station Access (PSA)3-22
    Extended User Administration of Redirected Calls3-23
    Remote User Administration of Call Coverage3-23
    nSecurity Measures3-24
    Require Passwords3-24
    Restrict Who Can Use Remote Access/Track 
    its Usage3-25
    Fully Restrict Service3-27
    Provide Individualized Calling Privileges 
    Using FRLs3-28
    Prevent After-Hours Calling Using Time of Day
    Routing or Alternate FRLs3-29
    Block International Calling3-30
    Limit International Calling3-32
    Select Authorization Code Time-Out to Attendant3-33
    Restrict Calls to Specified Area Codes3-33
    Allow Calling to Specified Numbers3-33
    Use Attendant Control of Remote Access Calls
    (DEFINITY G2 and System 85 only)3-34
    Use Attendant Control of Specific Extensions3-34
    Disable Direct Access to Trunks3-35
    Use Attendant Control of Trunk Group Access3-36
    Disable Facility Test Calls3-36
    Suppress Remote Access Dial Tone3-38
    Disallow Trunk-to-Trunk Transfer3-39
    Disable Transfer Outgoing Trunk to 
    Outgoing Trunk3-40
    Disallow Outgoing Calls from Tie Trunks3-40
    Limit Access to Tie Trunks3-41
    Monitor Trunks3-41
    Use Terminal Translation Initialization3-42
    Require Account Codes3-42
    Assign COR Restrictions to Adjuncts when Using
    Expert Agents3-43 
    						
    							BCS Products
    Security Handbook  
    555-025-600  
    Issue 6
    December 1997
    Contents 
    Page vi  
    Disable Distinctive Audible Alert3-43
    Remove Data Origination Code3-44
    Use World Class Routing Restrictions 
    (DEFINITY G2.2 and G3 only)3-44
    Change Override Restrictions on 3-way 
    COR Check3-45
    nDetecting Toll Fraud3-45
    Administration Security3-47
    Call Detail Recording (CDR) / Station Message Detail 
    Recording (SMDR)3-48
    Traffic Measurements and Performance3-49
    Automatic Circuit Assurance (ACA)3-51
    BCMS Measurements (DEFINITY ECS and
    DEFINITY G1 and G3 only)3-52
    CMS Measurements3-52
    Security Violation Notification Feature
    (DEFINITY ECS and DEFINITY G3 only)3-53
    Security Violations Measurement Report3-56
    Remote Access Barrier Code Aging/Access Limits 
    (DEFINITY G3V3 and Later)3-61
    Recent Change History Report (DEFINITY ECS and 
    DEFINITY G1 and G3 only)3-61
    Malicious Call Trace3-62
    Service Observing3-63
    Busy Verification3-64
    List Call Forwarding Command3-64
    4 Small Business Communications Systems 4-1
    nFeatures for the MERLIN Systems4-3
    nMERLIN II Communications System4-6
    Protecting Direct Inward System Access (DISA)4-6
    nMERLIN LEGEND Communications System4-8
    Preventative Measures4-9
    Protection Via Star Codes and
    Allowed/Disallowed Lists4-10
    Assigning a Second Dial Tone Timer4-12
    Setting Facility Restriction Levels4-12
    Protecting Remote Access4-13
    Protecting Remote System Programming4-15 
    						
    							BCS Products
    Security Handbook  
    555-025-600  
    Issue 6
    December 1997
    Contents 
    Page vii  
    Protecting Remote Call Forwarding4-16
    nMERLIN Plus Communications System4-16
    Protecting Remote Line Access (R2 only)4-16
    Protecting Remote Call Forwarding (R2 only)4-17
    nPARTNER II Communications System4-18
    nPARTNER Plus Communications System4-18
    nSystem254-19
    Protecting Remote Access4-19
    Protecting Remote System Administration4-20
    5 Voice Messaging Systems 5-1
    nProtecting Voice Messaging Systems5-2
    Security Tips5-3
    nDEFINITY ECS, DEFINITY Communications Systems, 
    System75, and System855-4
    Tools that Prevent Unauthorized Calls5-5
    Security Measures in the PBX5-7
    Detecting Voice Mail Fraud5-11
    Protecting the AUDIX, DEFINITY AUDIX, and Lucent 
    Technologies INTUITY Voice Mail Systems5-15
    Protecting the AUDIX Voice Power System5-28
    Protecting the CONVERSANT Voice Information
    System5-31
    nMERLIN II Communications System5-33
    Protecting the MERLIN MAIL Voice Messaging
    System5-33
    nMERLIN LEGEND Communications System5-36
    Protecting the AUDIX Voice Power System5-37
    Protecting the INTUITY Voice Messaging System5-39
    Protecting the MERLIN MAIL, MERLIN
    MAIL-ML, MERLIN MAIL R3, and MERLIN
    LEGEND Mail Voice Messaging Systems5-43
    nPARTNER II Communications System5-48
    Protecting the PARTNER MAIL and PARTNER
    MAIL VS Systems5-48
    nPARTNER Plus Communications System5-50
    Protecting the PARTNER MAIL and PARTNER
    MAIL VS Systems5-50
    nSystem 255-52 
    						
    							BCS Products
    Security Handbook  
    555-025-600  
    Issue 6
    December 1997
    Contents 
    Page viii  
    Protecting the AUDIX Voice Power System5-53
    6 Automated Attendant 6-1
    nDEFINITY ECS, DEFINITY Communications Systems, 
    System75, and System856-1
    Security Tips6-1
    Tools that Prevent Unauthorized Calls6-2
    Security Measures6-5
    Detecting Automated Attendant Toll Fraud6-8
    Protecting Automated Attendant on the 
    AUDIX Voice Mail System6-16
    Protecting Automated Attendant on the AUDIX
    Voice Power System6-17
    Protecting Automated Attendant on the
    CONVERSANT Voice Information System6-17
    Protecting Automated Attendant on the
    DEFINITY AUDIX System6-18
    Protecting Automated Attendant on the Lucent
    Technologies INTUITY System6-18
    nMERLIN II Communications 
    System R36-18
    MERLIN MAIL Voice Messaging System6-18
    MERLIN Attendant6-18
    nMERLIN LEGEND Communications System6-19
    AUDIX Voice Power System6-19
    MERLIN MAIL, MERLIN MAIL-ML, and
    MERLIN MAIL R3 Voice Messaging Systems6-19
    MERLIN Attendant6-19
    nPARTNER II Communications System6-20
    PARTNER MAIL and PARTNER MAIL VS Systems6-20
    PARTNER Attendant6-20
    nPARTNER Plus Communications System6-20
    PARTNER MAIL and PARTNER MAIL VS Systems6-20
    PARTNER Attendant6-20
    nSystem256-21
    AUDIX Voice Power System6-21
    7 Other Products and Services 7-1
    nCall Management System (R3V4)7-1
    Security Tips7-1 
    						
    							BCS Products
    Security Handbook  
    555-025-600  
    Issue 6
    December 1997
    Contents 
    Page ix  
    CMS Helplines7-2
    nCallMaster PC7-3
    Security Tips7-3
    nMultipoint Conferencing Unit
    (MCU)/Conference Reservation and
    Control System (CRCS)7-4
    nPassageWay®Telephony Services for
    NetWare® and Windows NT®7-4
    Security Tips7-5
    nTransTalk 9000 Digital Wireless System7-8
    Security Tips7-8
    A Call Routing A-1
    nCall RoutingA-1
    B Blocking Calls B-1
    nCountry CodesB-1
    nBlocking Toll Fraud DestinationsB-8
    Blocking ARS Calls on DEFINITY G1 and
    System 75B-9
    Blocking ARS Calls on G2.1 and System 85B-14
    Blocking WCR Calls on DEFINITY G2.2B-15
    Blocking ARS Calls on G3B-16
    Blocking ARS Calls on System 25 R3V3B-18
    C Remote Access Example
    (DEFINITY ECS, DEFINITY G1, G3, 
    and System 75) C-1
    nSetting Up Remote AccessC-1
    nPermanently Disabling Remote AccessC-3
    D Administering Features of the
    DEFINITY G3V3 and Later,
    Including DEFINITY ECS D-1
    nAdministering the SVN FeatureD-1
    Administering the Login ComponentD-2
    Administering the Remote Access ComponentD-4
    Administering the Authorization Code ComponentD-8
    Administering the Station Security Code ComponentD-9
    nAdministering Barrier Code AgingD-11 
    						
    							BCS Products
    Security Handbook  
    555-025-600  
    Issue 6
    December 1997
    Contents 
    Page x  
    nAdministering Customer Logins and
    Forced Password AgingD-13
    Adding Customer Logins and Assigning Initial
    PasswordD-13
    Changing a Login’s AttributesD-15
    Administering Login Command PermissionsD-16
    nAdministering the Security Violations ReportsD-17
    E Changing Your Password E-1
    nAUDIX Voice Mail SystemE-1
    nAUDIX Voice Power SystemE-1
    nCONVERSANT Voice Information SystemE-2
    nDEFINITY AUDIX SystemE-3
    nDEFINITY ECS and DEFINITY G1 
    and G3E-4
    nDEFINITY G2E-5
    nLucent Technologies INTUITY SystemE-5
    nMERLIN MAIL or MERLIN MAIL-ML
    Voice Messaging SystemE-6
    nMERLIN MAIL R3, MERLIN LEGEND
    Mail, or PARTNER MAIL R3 Voice Messaging SystemE-7
    nPARTNER MAIL SystemE-8
    nPARTNER MAIL VS SystemE-8
    nSystem25E-9
    nSystem75E-9
    nSystem85E-10
    F Toll Fraud Job Aids F-1
    nToll Fraud Warning SignsF-1
    nSystem Security Action PlanF-3
    nTop 10 Tips to Help Prevent Phone “Phraud”F-4
    G Special Security Product and Service Offers G-1
    nRemote Port Security Device (RPSD)G-1
    Key and Lock FeaturesG-2
    Lucent Technologies SupportG-3
    nSecurity Audit ServiceG-3
    nLucent Technologies HackerTrackerG-3
    nSecurity Tune-Up ServiceG-4 
    						
    All Lucent Technologies manuals Comments (0)

    Related Manuals for Lucent Technologies BCS Products Security Handbook