Lucent Technologies BCS Products Security Handbook

							Toll Fraud Job Aids 
Page F-1 Toll Fraud Warning Signs 
F
BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
F
FToll Fraud Job Aids
The job aids in this appendix are tools for your organization to use in securing 
your system against toll fraud. Copy them and distribute them to your staff to post 
or use in any other manner that meets their needs.
Toll Fraud Warning Signs
nCustomers or employees complain that the 800 number is always busy. 
The busy line could even impact local Direct Inward Dial (DID) lines.
nSwitchboard operators complain of frequent hang-ups or touch-tone 
sounds when they answer.
nSignificant increase in “internal” requests for “operator assistance” in 
making outbound calls, particularly international ones.
nUnexplained increase in long distance usage.
nIncrease in short duration calls.
nHeavy call volume on nights, weekends, and/or holidays.
nStation Message Detail Recording (SMDR) shows an unusual amount of 
short duration calls.
nEstablished thresholds on trunk groups are exceeded.
nSwitchboard operators note or complain about frequent calls from 
individuals with foreign accents.
nStaff or customer complaints of inability to enter voice mail system.
nAny attempts by outsiders to obtain sensitive information regarding the 
telecommunications system or calls from individuals posing as employees 
when they clearly are not. 
						

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Toll Fraud Job Aids 
Page F-2 Toll Fraud Warning Signs 
F
nSudden or unexplained inability to access specific administrative functions 
within the system.
nEmployees complain of difficulty in obtaining an outside line.
nSimultaneous Direct Inward System Access (DISA) authorization code use 
coming from two different places at the same time.
nAn upsurge in use on DISA or other trunks.
nUnusual increase in customer premises equipment-based system memory 
usage.
nUnexplained changes in system software parameters.
nUnexplained problems related to being “locked out” of the system or 
Personal Identification Number (PIN) changes in the voice mail system.
nSignificant increase in calls from a single geographic area or from the same 
Automatic Number Identification (ANI).
nAny discrepancies in telephone bills, such as unusual calling patterns, calls 
to international locations with which the user does not normally interact, 
and calls for which you cannot account. 
						

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Toll Fraud Job Aids 
Page F-3 System Security Action Plan 
F
System Security Action Plan
Figure F-1. System Security Action Plan
Educate End UsersEstablish Port Security Procedures
Secure the Administration System Perform Security Monitoring
The first step customers should take in
tightening the security of their systems
is to increase end-users’ awareness of
the system’s security features and
vulnerabilities.
Develop and implement a toll fraud detection
and reaction plan with all employees.
Train users on remote access responsibilities
and security procedures.
Establish and maintain security policies
regarding password/authorization code
protection.
Once you have established an effective
Control administrative access passwords,
and change them frequently.
Never store administrative port numbers or
passwords as part of a connection “script.”
Use Remote Port Security Device to “lock-up”
administrative ports.
Monitor call detail records and “800 service”
billing records for unusual activity.
Monitor “invalid login attempt” activity levels
on remote access and administration ports.
Establish thresholds and monitor port and
trunk activity levels.
port security plan, you need to protect it.
Management of the access into adminis-
trative and maintenance capabilities is an
important part of the total System Security
Plan.System Security Monitoring plays acritical role in a customer’s overall
security scheme. By monitoring
system security precautions already
taken, customers can react quickly
to any potential threat detected. Use passwords, authorization codes, and
barrier codes. Set them to maximum length
Assign calling privilege restriction levels to
users on a need-to-call basis.
Block off-hours and weekend calling privileges,
or use alternate restriction levels when possible.
and change them frequently.Customers must establish security
measures to manage and control
access to the ports into the communication
system. The security measures should 
also control the calling privileges users
will have access to. 
						

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Toll Fraud Job Aids 
Page F-4 Top 10 Tips to Help Prevent Phone “Phraud” 
F
Top 10 Tips to Help Prevent Phone 
“Phraud”
1. Protect System Administration Access
Insure secure passwords exist for all logins that allow System 
Administration or Maintenance access to the system. Change the 
passwords frequently.
2. Prevent Voice Mail System Transfer to Dial Tone
Activate “secure transfer” features in voice mail systems.
Place appropriate restrictions on voice mail access/egress ports.
3. Deny Unauthorized Users Direct Inward System Access 
(Remote Access)
If you are not using Remote Access features, deactivate or disable them.
If you are using Remote Access, require the use of barrier codes and/or 
authorization codes set for maximum length. Change the codes frequently.
4. Place Protection on Systems that Prompt Callers to Input Digits
Callers should be prevented from dialing unintended digit combinations at 
prompts.
Auto attendants and call vectors should be restricted from allowing access 
to dial tone.
5. Use System Software to Intelligently Control Call Routing
Create ARS or WCR patterns to control how each call is to be handled.
Use “Time Of Day” routing capabilities to limit facilities available on nights 
and weekends.
Deny all end-points the ability to directly access outgoing trunks.
6. Block Access To International Calling Capability
When international access is required, establish permission groups.
Limit access to only the specific destinations required for business.
7. Protect Access to Information Stored as Voice
Password restrict access to voice mail mailboxes.
Use non-trivial passwords and change passwords regularly.
8. Provide Physical Security for Telecommunications Assets
Restrict unauthorized access to equipment rooms and wire connection 
closets.
Protect system documentation and reports data from being compromised. 
						

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Toll Fraud Job Aids 
Page F-5 Top 10 Tips to Help Prevent Phone “Phraud” 
F
9. Monitor Traffic and System Activity for Abnormal Patterns
Activate features that “Turn Off” access in response to unauthorized 
access attempts.
Use Traffic and Call Detail reports to monitor call activity levels.
10. Educate System Users to Recognize Toll Fraud Activity and React 
Appropriately
From safely using Calling Cards to securing voice mailbox passwords, 
users need to be trained on how to protect themselves from inadvertent 
compromises to the system’s security. 
						

							Special Security Product and Service Offers 
Page G-1 Remote Port Security Device (RPSD) 
G
BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
G
GSpecial Security Product and Service 
Offers
Remote Port Security Device (RPSD)
The Lucent Technologies RPSD1 offers enhanced protection for dial-up data 
access. Communications systems typically consist of a mix of digital PBXs, voice 
mail systems, and adjunct applications computers. Dial-up ports on these systems 
provide remote access for maintenance and administration support. They also 
provide potential access to the hackers or thieves who use easily obtainable 
computers and software to gain unauthorized access to your systems.
NOTE:
Since the RPSD contains a Data Encryption Standard (DES) algorithm, its 
use outside the United States and Canada is prohibited by law.
Once a hacker gains access to your systems, he or she can explore sensitive 
information, disrupt voice and data communications, and manipulate software 
applications. This access can result in unauthorized use of network facilities and 
the theft of long distance services.
While effective system security management can usually stop the hacker, the 
Lucent Technologies Remote Port Security Device (RPSD) gives you a 
state-of-the-art single channel protection system that enhances your ability to 
prevent unauthorized users or hackers from accessing your system’s dial-up 
communications ports.
1. The RPSD is compatible with: the DEFINITY ECS, DEFINITY Communications Systems, 
System 75 (V2 or higher), System 85 and DIMENSION PBX Systems; the AUDIX, 
DEFINITY AUDIX, and AUDIX Voice Power Systems; and all System Management 
products. 
						

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Special Security Product and Service Offers 
Page G-2 Remote Port Security Device (RPSD) 
G
Dial-up ports provide access to data networks and computers that contain critical 
data and software applications. While these ports help to improve productivity and 
increase customer satisfaction, they also provide potential access to hackers.
The Key and Lock use a sophisticated dynamic challenge/response technique to 
assist you in preventing unauthorized access to your administration and 
maintenance ports. The Key and Lock authentication process is as follows: The 
Lock answers the incoming call destined for the dial-up modem port. It generates 
a dynamic challenge, unique to every call, and transmits it to the RPSD installed 
at the calling end. The Lock and Key must be initialized with the same secret 
encryption key value. This secret encryption key has approximately 70 quadrillion 
combinations. 
When the RPSD Key receives the challenge, it generates a response using the 
secret encryption key. It then transmits the expected response back to the RPSD 
Lock. If the RPSD lock successfully authenticates the response, it provides 
ringing to the terminating modem and the call completes. The RPSD terminates a 
call immediately if any step in the challenge/response authentication process is 
not completed successfully.
The RPSD helps to: 
nprotect remote locations that communicate with a central network via 
dial-up lines
nsafeguard companies that remotely administer PBX and voice mail 
systems
nensure that critical network routing information and PBX feature 
translations are not compromised
ncontrol access of dial-up ports by remote maintenance or service personnel
Key and Lock Features
nUses randomly-generated encrypted data to perform Key/Lock 
authentication handshake.
nTime of Day/Day of Week restrictions can control Key access to Locks. 
Each user profile can have up to 14 restrictions set.
nHistory Logs provide audit trails of the last 500 administrative changes, 
accesses, and failures.
nSystem Administration provides menu-driven commands with on-line help 
and security options for administrative access.
nSelf-check and built-in diagnostics enable simple and fast problem 
diagnosis.
nA Power Monitor Circuit allows you to fail or bypass calls to the Lock during 
a power failure. 
						

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Special Security Product and Service Offers 
Page G-3 Security Audit Service 
G
nAn Alarm Contact Closure interface is provided to generate an alarm when 
the Lock loses power.
Lock and Keys work with all data communications protocols.
Lucent Technologies Support
Lucent Technologies provides RPSD Keys to their maintenance centers to 
accommodate access to systems you secure with the RPSD Lock.
For more information on the RPSD, see the 
DEFINITY Communications Systems 
Remote Port Security Device User’s Manual
, 555-025-400.
Security Audit Service
The Lucent Technologies Security Audit Service is a fee-based, consultative 
service that provides a security evaluation of a customer’s telecommunications 
system. The Security Audit is conducted by a team of experts from Lucent 
Technologies’ World-Class Service Center (WCSC). The process starts with a 
preliminary telephone interview. This is followed by an on-site (or remote) security 
audit of the equipment, followed by an analysis of system vulnerability and written 
recommendations for increasing security.
For more information, contact your Lucent Technologies representative.
Lucent Technologies HackerTracker
Lucent Technologies HackerTracker alerts you to abnormal calling activities. You 
can program the software to continually monitor all incoming calls and watch for 
hallmarks of hacker activity. Call detail activity is marked against a set of 
pre-established threshold criteria, and if these thresholds are exceeded, alarms 
and alerts are sent to designated security system administrators. HackerTracker 
is designed to work in conjunction with Lucent Technologies’ Call Accounting 
System (CAS Plus Version 3).
For more information, call 1 800 521-7872. 
						

							BCS Products
Security Handbook  
555-025-600  Issue 6
December 1997
Special Security Product and Service Offers 
Page G-4 Security Tune-Up Service 
G
Security Tune-Up Service
The Security Tune-Up Service is a fee-based, consultative service designed to 
provide an expedient, on-line review of your system security as it relates to toll 
fraud. This service is provided for the DEFINITY ECS, DEFINITY 
Communications Systems G1, G2, and G3, the DIMENSION PBX System, 
System 75, System 85; and the AUDIX, the AUDIX Voice Power, the DEFINITY 
AUDIX, and the I
NTUITY AUDIX Voice Messaging Systems.
Customer Support Engineers, specializing in security, will remotely access your 
system, analyze the potential risks in the system, and optionally implement 
agreed-upon changes to secure the system.
For more information, call 1 800 643-2353.