Lucent Technologies BCS Products Security Handbook

							Other Products and Services 
Page 7-1 Call Management System (R3V4) 
7
BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
7
7Other Products and Services
This chapter contains security information for Lucent Technologies products other 
than PBXs and adjuncts that have become available since Issue 2 of this 
handbook. For information on the Lucent Technologies I
NTUITY System and the 
PARTNER MAIL VS System, which have also become available since the last 
issue of the handbook, see Chapter 5.
Call Management System (R3V4)
Call Management System (R3V4) is an MIS system for Call Centers that provides 
real time and historical data about the status and performance of a customer’s call 
including information about agents, trunks, trunk groups, splits/skills, busy hours, 
forecasts, and so on. The application currently resides on personal computer 
platforms as an adjunct to the Lucent Technologies DEFINITY ECS and 
DEFINITY Communications Systems.
Security could be breached if a customer adds modems to the platform for 
supervisor access from remote locations. If access to UNIX is allowed, and the 
modems and station lines from the PBX are not secured, it would be possible to 
make data calls to other computers via the platform. If the customer has modem 
access to CMS, then the possibility for toll fraud exists if a hacker can get into the 
switch from CMS.
Security Tips
The following considerations are for the CMS administrator. 
nWhen setting up the ports, modems should be defined in UNIX (using the 
FACE administration tool) for INBOUND access only. 
						

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Other Products and Services 
Page 7-2 Call Management System (R3V4) 
7
nIf station lines are used for the modems, the COS or COR should be set to 
disallow outbound dialing capabilities.
nSwitchhook flash and distinctive audible alert should be set to no on the 
station forms.
nRemote users should not have access to UNIX via the CMS application. 
Restrict access by means of the User Permissions feature of CMS.
For additional information on administering CMS, refer to the following 
documents:
nCall Management System R3V4 Administration, 585-215-800
nCall Management System R3V2 Installation and Maintenance, 
585-215-122 
nCentreVu™ Call Management System Release 3 Version 4 Sun® 
SPARCserver™ Computers Installation and Maintenance
, Issue 1, 
585-215-807 
nCMS R3.0 Installation and Maintenance WGS, 585-215-112
For switch restrictions, consult the applicable chapter in this guide as well as the 
applicable switch administration manual for the pertinent PBX.
CMS Helplines
If an installation problem that requires assistance arises, Lucent Technologies 
technicians or the customer may call the appropriate number:
nCustomer Number: 1 800 344-9670
The problem will be reported, and a trouble ticket will be generated so that 
the problem can be escalated through the services organization. The 
customer will be prompted to identify the type of problem (for example, 
ACD, hardware, CMS R3V4, etc.). The customer will then be connected to 
the appropriate service organization.
nTechnician Number: 1 800 248-1234
The technician should provide the TSC personnel with the customer’s 
name, the password for the root login ID on the Sun SPARCserver 
computer, the phone number of the dial-in port, and a description of the 
problem. If the TSC engineers cannot resolve the problem, they will 
escalate it to the customer support organization for Lucent Technologies.
For international support, contact your Lucent Technologies representative or 
distributor for more information. 
						

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Other Products and Services 
Page 7-3 CallMaster PC 
7
CallMaster PC
CallMaster PC, a software application used with the DEFINITY ECS, gives Call 
Center agents and supervisors the ability to access and control their CallMaster or 
CallMaster II telephone sets through a Microsoft Windows™-compatible PC. If 
Call Center employees use Remote Access software such as Norton 
pcANYWHERE
® software or Microcom’s Carbon Copy Plus™ for Windows, or 
similar software that allows applications to run on their PC from a remote location, 
their system might be susceptible to toll fraud, as follows:
An agent dials in from home, provides a password (if required), and may then use 
any software, including CallMaster PC, on the remote computer. If a hacker can 
crack the password for the remote software, he or she can access the remote 
computer, run the victim’s CallMaster PC on it, and set up a conference call 
between the hacker’s phone and another phone, at the company’s expense.
Security Tips
Warn customers with Remote Access software that they must administer the 
software’s password protection to prevent unauthorized access to the computer, 
and they should change the password frequently.
For additional information, refer to the 
CALLMASTER PC User’s Guide (shipped 
with the unit; not available from the BCS Publication Center), and the 
documentation for any Remote Access software you use. 
						

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Other Products and Services 
Page 7-4 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System 
7
Multipoint Conferencing Unit
(MCU)/Conference Reservation and
Control System (CRCS)
The MCU has a DEFINITY ECS-based architecture. The primary component of 
the MCU is the Multimedia Server Module (MSM), which is similar to the most 
basic version of the DEFINITY ECS Processor Port Network (PPN). MSM security 
concerns are similar to those for the DEFINITY ECS (including, for example, 
trunking, COR, and COS). Therefore, refer to the appropriate sections in this 
document regarding the DEFINITY ECS for more information on MSM security.
The MCU system includes two possible adjuncts: the Expansion Services Module 
(ESM) and the Conference Reservation and Control System (CRCS). 
The ESM is a data conferencing module that communicates with the MSM. The 
ESM does not provide network access and is therefore not a source of toll fraud; 
however, the ESM requires proper password management on the part of system 
administrators and users to preserve the functionality of the ESM.
CRCS is the automated conference reservation and control system for the MCU 
product. CRCS is in part an extension of the DEFINITY SAT; therefore, once 
CRCS is installed, CRCS server and client logins should be set with passwords 
immediately. Also, ensure that CRCS is installed in a secure area or room that can 
be locked.
PassageWay®Telephony Services for
NetWare® and Windows NT®
NOTE:
The following information applies to PassageWay Telephony Services 
connected to either the DEFINITY ECS or MERLIN LEGEND driver.
The PassageWay Telephony Services product provides computer/telephony 
integration for applications running in a Novell NetWare or a Microsoft Windows 
NT Local Area Network (LAN) environment. These applications may be able to 
control phones on a PBX, monitor phones, monitor calls passing through ACD 
splits and VDNs, and invoke PBX features on behalf of station set users. Different 
switches provide different capabilities to applications. 
The major components of the PassageWay Telephony Services product are as 
follows:
nPBX driver: Interfaces the other product components in this list to a specific 
vendors PBX  
						

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Other Products and Services 
Page 7-5 PassageWay®Telephony Services for NetWare® and Windows NT® 
7
nTelephony Server Main Module (TSERVER NLM: for NetWare or 
TSERV.EXE: for Windows NT): Enforces license restrictions, provides a 
security database to manage user permissions, and provides connectivity 
between client applications and PBX drivers 
nAdministration Application: Administers the Security Database, a Windows 
PC application that runs on a LAN client PC.
nTelephony Services API (TSAPI): Provides a programming interface for 
applications. Client libraries make the programming interface available in 
application environments, which may include Windows 3.1 and 3.11, 
Windows for Workgroups, Win 95, Windows NT, OS/2
®, HP-UX, 
Macintosh, Unixware, and Netware. 
The PassageWay Telephony Services product may be vulnerable to toll fraud if 
the Telephony Server is not configured and administered properly. For example, 
even if the switch provides restrictions, the PassageWay Telephony Server 
administration may allow an end user to monitor and control phones other than 
their own.
Security Tips
The following tips are for the PassageWay Telephony Server administrator. 
nWhen the product is installed, do the following:
For Netware only: 
nUse the NetWare Administrator feature (NetWare 4.10 and 4.11) or 
SYSCON utility (NetWare 3.12) to set the appropriate login and 
password restrictions (for example, require users to have passwords 
with a minimum length of 7 characters, enable password aging, and 
so forth).
nUse the NetWare Administrator feature (NetWare 4.10 and 4.11) or 
SYSCON utility (NetWare 3.12) to enable the Intruder Detection 
feature and to lock accounts after several invalid login attempts 
have been made.
nEnable the “Restrict users to Home Worktop” feature.
For Windows NT only: 
nDisable the “Extended Worktop Access” feature.
nTake full advantage of Windows NT user manager administration, 
including password options.
nTake full advantage of Windows NT event log (for example, for 
monitoring failed login attempts).
nEducate administrative personnel about the capabilities of the 
PassageWay Telephony Server. Administrators must understand that the 
programming interface provides “third party control” capabilities. These 
capabilities allow an end user application to monitor and control phones  
						

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Other Products and Services 
Page 7-6 PassageWay®Telephony Services for NetWare® and Windows NT® 
7
other than the users to the extent that the PassageWay Telephony 
Servers Security database will permit. Therefore, administrators must be 
familiar with the procedures in the 
PassageWay® Telephony Services: 
NetWare Managers Guide
 and in the PassageWay® Telephony Services 
for Windows NT® Network Manager’s Guide that regulate what features a 
user may request and the phones and other devices for which a user may 
request a feature.
nThere is little need for a “Device Group” that contains all devices, except 
perhaps for tracking, billing, or a similar application. The presence of such 
groups may be an indicator of unauthorized control, monitoring, or other 
security problem. Limit the use of these groups to those who need them.
nSimilarly, minimize the use of the “exception list” feature in defining Device 
Groups. An exception list gives permission to operate on all devices except 
those explicitly named; therefore, an exception list is often a large Device 
Group and has the same vulnerabilities as a Device Group containing all 
devices.
nPassageWay Telephony Server administrators should be aware of switch 
Class of Service (COS) and Class of Restriction (COR) assignments and 
should not define Device Groups that allow applications to use Third party 
call control to originate from an unrestricted phone and then transfer the 
call to a restricted phone. Such programs might also act as agents for 
setting up trunk to trunk calls (where permitted by the PBX) from phones 
other than the requesting user’s phone. 
nSince a user with PassageWay Telephony Server administration privileges 
can open an administrative door to toll fraud just as a DEFINITY ECS or 
MERLIN LEGEND administrator can, protect administrative privileges for 
the PassageWay Telephony Server as closely as switch administrative 
restrictions.
nPassageWay Telephony Server Administration permissions should be 
given only to a small number of trusted users since a user with 
administration privileges may grant other users full administration 
privileges. Only give users the privileges they need.
nAny PBX used in a development environment should not be connected to 
the public network (or networked with general use PBXs) since 
development environments may be informal, minimally protected 
environments.
nExercise caution when using pcANYWHERE. PassageWay Telephony 
Services technical staff use this tool to diagnose and maintain their 
products on the customer premises. Simply having pcANYWHERE 
installed on a PC does not pose a security risk; it must be up and running 
and administered to receive calls. In addition, pcANYWHERE offers a 
number of security features. General tips for protecting the PassageWay 
product at the customer site when pcANYWHERE is used include the 
following:
— Only run pcANYWHERE as necessary 
						

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Other Products and Services 
Page 7-7 PassageWay®Telephony Services for NetWare® and Windows NT® 
7
— Do not publish the phone number for the modem.
— Use the return call option with Lucent phone number. (Do not set up 
pcANYWHERE without the callback option.)
— For added security, unplug the phone jack from the modem when 
pcANYWHERE is not in use.
— Change your password after services leaves and after remote 
access.
— Configure the following security options:
nRequire login names for callers
nMake passwords case sensitive
nLog all failed connection attempts
nSet a maximum number of login attempts per call
nAllow time to enter the complete login
nDisconnect if inactive
— Configure pcANYWHERE to log remote control and on-line 
sessions. (Set the “Save Session Statistics in Activity Log File” 
checkbox in the “Other Session Parameters” group box.)
nPassageWay Telephony Services communicates with the DEFINITY 
Enterprise Communications Server (ECS) through the DEFINITY ECS LAN 
Gateway. Security Features are not provided in this system component. 
For example, there is no encryption or password to prevent unauthorized 
use of the Ethernet link into the PBX. The following are recommendations:
— Customers are warned that the DEFINITY ECS LAN Gateway link is 
not intended for wide area networking. It is recommended that 
customers not configure a LAN in such a way as to use the 
DEFINITY ECS LAN Gateway link for local or wide area data 
networking. 
— Customers should provide a separate, secure link between their 
PBXs and PassageWay Telephony Server(s). This presupposes a 
separate network adapter and hub used only for the DEFINITY ECS 
LAN Gateway interface.
In the Tserver, there should be no routing between the Network 
Interface Card (NIC) used for the DEFINITY LAN Gateway and the 
NIC used for client access. (This does not mean to imply, however, 
that all Telephony Server clients have to be on the same LAN.)
For NetWare, if TCP/IP support is provided on a separate LAN, keep 
this support isolated from the DEFINITY ECS LAN Gateway. For 
Windows NT, configure the NT machine for a secure DEFINITY ECS 
LAN Gateway connection. Refer to Chapter 2 in the 
PassageWay® 
Telephony Services for Windows NT® DEFINITY Enterprise 
Communications Server Network Managers Guide
. 
						

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Other Products and Services 
Page 7-8 TransTalk 9000 Digital Wireless System 
7
nThe PassageWay Telephony Server is only as secure as the underlying 
system, either NetWare or Windows NT. Observe the security requirements 
of your operating system.
In addition, for Windows NT, it is recommended that the following be used: 
nMultiple level administration permissions to control which administrators 
are allowed to pass on administration permission. See Chapter 3 in the 
PassageWay Telephony Services for Windows NT Network Managers 
Guide
. 
nSecure version of Windows NT with NTFS (NT File System). For additional 
security information on Windows NT, consult a reference book such as 
Inside Windows NT by Helen Custer or Windows NT Resource Guide by 
Microsoft Press.
TransTalk 9000 Digital Wireless 
System
The TransTalk 9000 Digital Wireless System is a flexible wireless adjunct for use 
with the DEFINITY ECS, DEFINITY Communications Systems, MERLIN 
LEGEND, PARTNER II, PARTNER Plus, System 25, System 75, and System 85 
Communications Systems, as well as the MERLIN MAIL Voice Messaging 
System. It provides employees up to 500 feet of mobility from the radio base 
station, allowing them to make and answer calls when they are away from their 
desk.
From a security standpoint, the handset for the TransTalk 9000 Digital Wireless 
System, the MDW 9000, has the same vulnerabilities as any desk set. If calling 
restrictions are required for the user or location where the handset is placed, the 
handset must be restricted at the switch.
In addition, since the MDW 9000 allows freedom of movement, the potential for 
employee abuse may be increased with this product. For example, employees 
could move to secluded areas, where they would not be seen or overheard, and 
make personal calls. For this reason, if restrictions are required, you should 
restrict the station ports in the same way as you would a desk set.
Security Tips
nEducate customers about the possibility of employee abuse. Make sure 
they understand the potential risks.
nIf your business needs warrant a number of MDW 9000 sets, make sure 
you understand each employee’s calling needs. For instance, if your 
business does not require that employees make outgoing business calls, 
restrict the MDW handset(s) to internal or local calls.
Refer to the applicable section of this guide for information on switch restrictions 
to utilize with the TransTalk 9000 Digital Wireless System. 
						

							Call Routing 
Page A-1 Call Routing 
A
BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
A
ACall Routing
Call Routing
The following is the basic call flow through the DEFINITY ECS, DEFINITY G1 and 
G3, or System 75:
Endpoint signals switch to start call.
If originating endpoint is a station, the request for service is an off-hook.
If originating endpoint is a trunk, the request for service is seizure signal 
(wink start, off-hook, ground start).
The switch signals endpoint to start dialing.
If the endpoint is a station, dial tone is played for the caller.
If the endpoint is a trunk, a start dial signal (wink dial tone, etc.) is sent to the 
originating end.
The digit string is dialed.
The first digit dialed is compared to dial plan record.
The type of call is identified depending on the dialed digit.
The calls can be to an extension number, trunk access code, attendant, or feature 
access code.
The number of digits needed is known after the first digit is dialed. 
						

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Call Routing 
Page A-2 Call Routing 
A
Example: User dials  . Call is routed to an attendant because zero is defined as 
an attendant call requiring one digit.
Example: User dials  . Digit two is defined as a 4-digit extension code on the dial 
plan form. Three more digits are required to place the call. The three additional 
digits are dialed. The four digits dialed determine the destination called.
The system checks the calling permissions of the originator’s COR to see if the 
COR of the originator is allowed to call the COR of the destination dialed. If the 
COR of the originator is set to y for the COR of the destination, the call will 
complete. If the COR of the originator is set to n for the COR of the destination, 
the intercept tone is returned to the caller.
Example: User dials  . Digit nine is defined as feature access code for ARS. 
More digits will follow. As the digits are dialed they are checked against the ARS 
analysis table until a unique match is found. When the singular match is found, a 
check is made to see if a route pattern is identified. If a route pattern is not 
identified, the call is routed to intercept. If a route pattern is identified, the call is 
routed to that pattern.
When the call reaches the route, the trunk group identified as the first choice is 
checked for an available member. If a member is not available, the next choice in 
the pattern is checked for an available member.
When an available member is found, the FRL of the originating endpoint is 
checked against the FRL of the choice selected. If the FRL of the endpoint is 
greater than or equal to the FRL on the choice, the call completes. If the FRL is 
less than all the choices in the route pattern, intercept is returned to the caller.
0
2
9