Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies BCS Products Security Handbook
Lucent Technologies BCS Products Security Handbook
Have a look at the manual Lucent Technologies BCS Products Security Handbook online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Special Security Product and Service Offers Page G-5 Toll Fraud Contact List G Toll Fraud Contact List Contact: For: Your Lucent Technologies Account Executive or Design SpecialistsGeneral questions related to toll fraud Lucent Technologies Toll Fraud Intervention Hotline 800 643-2353All systems and products— including DEFINITY ECS, DEFINITY Communications Systems, DIMENSION, System 75, System 85, MERLIN II, MERLIN LEGEND, PARTNER II, PARTNER Plus, and System 25 Communications Systems; and their adjuncts: Immediate crisis intervention if you suspect that your company is experiencing toll fraud. Lucent Technologies Technical Service Center (TSC) 800 242-2121DEFINITY ECS, DEFINITY Communications Systems, DIMENSION, System 75, and System 85 Communications Systems, and adjuncts: Immediate crisis intervention if you suspect that your company is currently experiencing toll fraud. Lucent Technologies National Service Assistance Center (NSAC) 800 628-2888MERLIN II, MERLIN LEGEND, PARTNER II, PARTNER Plus, and System 25 Communications Systems, and adjuncts: Immediate crisis intervention if you suspect that your company is currently experiencing toll fraud. AT&T Calling Card Assistance 800 882-CARD (2273)Assistance and information related to Corporate Credit card fraud AT&T Long Distance Services 800 222-3000Information related to toll fraud offers and assistance with risk management for long distance network services United States Secret Service (Listed under Federal Government in your local telephone directory)To file a legal complaint in the event of international or interstate toll fraud
Product Security Checklists Page H-1 H BCS Products Security Handbook 555-025-600 Issue 6 December 1997 H HProduct Security Checklists This appendix contains the following security checklists: nGeneral Security Procedures (page H-3) nAUDIX Voice Mail System (page H-5) nAUDIX Voice Power System (page H-7) nBasicWorks (page H-9) nCONVERSANT Voice Information System (page H-13) nDEFINITY G1 (page H-15), G2 (page H-21), and G3 (page H-15) nDEFINITY AUDIX System (page H-5) nDIMENSION PBX System and DEFINITY ECS(page H-25) nINTUITY AUDIX Voice Messaging System (page H-5) nLucent Technologies/Bay Networks (page H-28) nMERLIN II Communications System (page H-28) nMERLIN LEGEND Communications System (page H-31) nMERLIN MAIL Voice Messaging System (page H-34) nMERLIN MAIL-ML Voice Messaging System (page H-36) nMERLIN MAIL R3 Voice Messaging System (page H-38) nMERLIN Plus Communications System (page H-41) nMultimedia Communications Exchange Server (page H-42) nMultipoint Conferencing Unit (MCU)/Conference Reservation and Control System (CRCS) (page H-43 ) nPARTNER II Communications System (page H-53) nPARTNER MAIL System (page H-56) nPARTNER MAIL VS System (page H-56)
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-2 H nPARTNER Plus Communications System (page H-53) nSystem 25 (page H-58) nSystem 75 (page H-15) nSystem 85 (page H-21) nPassageWay Telephony Services (page H-60)
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-3 General Security Procedures H General Security Procedures Customer: ________________________________________ Location: _________________________________________ System & Version: _________________________________________ Date Installed: _________________________________________ Table H-1. General Security Procedures Y/N 1Note N/A Physical Security Switch room and wiring closets locked All equipment documentation secured Attendant console secured at night; headset unplugged Local and Remote administration equipment secured Remote Port Security Devices installed Telephone logs and print reports secured Adjunct (CAS, AUDIX Voice Mail System, CMS, ISII, G3MA, etc.) remote administration terminals secured Customer Education System manager/administrator has copy of Security Handbook/Toll Fraud Overview System security policy established and distributed
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-4 General Security Procedures H 1.If “NO” (N), provide Note reference number and explain. System security policy reviewed periodically Security policy included in new-hire orientation Employees know how to detect potential toll fraud Employees know where to report suspected toll fraud Authorization Codes not sequential Remote access phone number not published Barrier codes and passwords are chosen to be difficult to guess Barrier codes, passwords (including voice mail), and authorization codes removed/changed when employees terminated Authorization codes, account codes, and passwords not written down or translated on auto-dial buttons Logins and passwords are not written down All customer passwords changed on regular basis HackerTracker thresholds established Social Engineering explained Customer is aware of network-based toll fraud surveillance offerings such as netPROTECT Customer knows how to subscribe to ACCESS security shared folder Table H-1. General Security Procedures — Continued Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-5 AUDIX, DEFINITY AUDIX and INTUITY AUDIX Voice Messaging Systems H AUDIX, DEFINITY AUDIX and I NTUITY AUDIX Voice Messaging Systems Also see the general security checklist on page H-3, and the security checklist for the host communications system. ( Customer: _________________________________________ PBX Type: _________________________________________ Location: _________________________________________ New Install: _________________________________________ System Upgrade: _________________________________________ Major Addition: _________________________________________ Table H-2. AUDIX, DEFINITY AUDIX and I NTUITY AUDIX Voice Messaging Systems Y/N 1Note N/A System Administration Administration password changed from default User passwords 7 to 15 characters Forced password change for new subscribers System Features Only active subscribers translated Call transfer out of voice mail system not allowed If transfer allowed, Enhanced Call Transfer enabled If transfer allowed and basic transfer enabled, transfer restricted to subscribers (DEFINITY AUDIX and I NTUITY AUDIX Voice Messaging Systems only)
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-6 AUDIX, DEFINITY AUDIX and INTUITY AUDIX Voice Messaging Systems H 1.If “NO” (N), provide Note reference number and explain. If transfer allowed, number restrictions administered (DEFINITY AUDIX Voice Messaging System 3.2 only) not allowed on Auto Attendants Retries before lockout < 6 Retries before disconnect < 4 Busy lamp on modem port Voice Processing ports restricted from toll calls by host PBX, for example, restricted COR Outcalling not used Number of digits on outcalling minimized, and/or outcalling destination restricted by host PBX Voice processing ports COR-to-COR restricted from dialing RA barrier codes (when host communications system is System 75, or DEFINITY ECS, or DEFINITY G1 or G3) Product Monitoring Administration Log and Activity Log checked daily Table H-2. AUDIX, DEFINITY AUDIX and I NTUITY AUDIX Voice Messaging Systems — Continued Y/N 1Note N/A *T
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-7 AUDIX Voice Power System H AUDIX Voice Power System Also see the general security checklist on page H-3, the security checklist for the host communications system. Customer: _________________________________________ PBX Type: _________________________________________ Location: _________________________________________ New Install: _________________________________________ System Upgrade: _________________________________________ Major Addition: _________________________________________ Table H-3. AUDIX Voice Power System Y/N 1Note N/A System Administration Administrative login name changed from default All UNIX login passwords changed from default System Features Only active subscribers translated Call transfer not allowed If call transfer enabled, transfer to subscriber enabled Passwords changed from default for all subscribers Retries before lockout < 6 Retries before disconnect < 4 Outcalling inactive Number of digits on outcalling minimized, or outcalling destination restricted
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-8 AUDIX Voice Power System H 1.If “NO” (N), provide Note reference number and explain. Invalid Auto Attendant menu options directed to operator or security Voice processing ports on host PBX system restricted from toll calls Voice Processing ports restricted from dialing remote access extension Product Monitoring Administration Log and Activity Log checked daily End-User Education Passwords changed from default for new subscribers Administrator instructed to change administration login password regularly Table H-3. AUDIX Voice Power System — Continued Y/N 1Note N/A