Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies BCS Products Security Handbook
Lucent Technologies BCS Products Security Handbook
Have a look at the manual Lucent Technologies BCS Products Security Handbook online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 292
BCS Products
Security Handbook
555-025-600 Issue 6
December 1997
Product Security Checklists
Page H-10 BasicWorks
H
Unused logins removed (“remove login”
command or disabled [passwords
VOIDed])
UNIQUE customer logins used
Password aging activated
Logins temporarily disabled when not
needed (“disable/enable” commands)
Customer access to INADS port disabled
nAdjunct connectivity (TroubleTracker,
Monitor I, SNMP, and G3MA) to access
the switch through the INADS port
established
Remote Access...](http://img.usermanuals.tech/thumb/3002/83237/w64_definity-ecs-security-handbook_d-291.png "Page 292
BCS Products
Security Handbook
555-025-600 Issue 6
December 1997
Product Security Checklists
Page H-10 BasicWorks
H
Unused logins removed (“remove login”
command or disabled [passwords
VOIDed])
UNIQUE customer logins used
Password aging activated
Logins temporarily disabled when not
needed (“disable/enable” commands)
Customer access to INADS port disabled
nAdjunct connectivity (TroubleTracker,
Monitor I, SNMP, and G3MA) to access
the switch through the INADS port
established
Remote Access...")
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-9 BasicWorks H BasicWorks Also see the general security checklist on page H-3. Customer: _________________________________________ System & Version: _________________________________________ Location: _________________________________________ New Install: _________________________________________ System Upgrade: _________________________________________ Major Addition: _________________________________________ Table H-4. BasicWorks Y/N 1Note N/A System Administration Customer advised of all logins under their control. Passwords changed from factory defaults. Passwords are customer-entered, maximum length, and unique alphanumeric words. NETCON access restricted by COR-to-COR restrictions NETCON channels secured Non-DID extensions used for NETCON ports Unused NETCON channels removed Login Security Violation Notification feature active nLogins automatically disabled after security violation nLogin Security Violations monitored 24 hours per day Login permissions customized
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-10 BasicWorks H Unused logins removed (“remove login” command or disabled [passwords VOIDed]) UNIQUE customer logins used Password aging activated Logins temporarily disabled when not needed (“disable/enable” commands) Customer access to INADS port disabled nAdjunct connectivity (TroubleTracker, Monitor I, SNMP, and G3MA) to access the switch through the INADS port established Remote Access Remote Access permanently disabled Remote Access administered nRemote access number is unpublished nNon-DID remote access number used nBarrier codes are random 7-digit sequences nBarrier codes in own restricted COR nVoice processing ports COR-to-COR restricted from dialing Remote Access barrier codes nRemote Access Security Violation Notification feature active — Remote Access Security Violations monitored 24 hours per day — Remote Access automatically disabled following detection of a Security Violation nBarrier code aging used nRemote Access temporarily disabled when not needed (“disable/enable” commands) Logoff Notification enabled for Remote Access Table H-4.BasicWorks — Continued Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-11 BasicWorks H PBX Features Trunking Prohibit Trunk-to-Trunk Transfer on public access trunks Tie trunk groups are COR-to-COR restricted Trunk groups have dial access = n COR-to-COR restrictions on dial-accessed trunks Automatic Circuit Assurance (ACA) on trunks groups SMDR/CDR activated on all trunk groups Attendant control of trunk groups with TAC = y Routing ARS/WCR used for call routing n1+809 and 0+809 area code blocked n900 and 976 calls blocked n976 “look-alikes” blocked nBlock access to Alliance teleconference service (0700) n011/LD calls limited by FRLs n011/LD calls limited by Time-of-Day routing n011/LD calls limited by 6-digit or digit analysis nAlternate FRLs used (G3r) Table H-4.BasicWorks — Continued Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-12 BasicWorks H 1.If “NO” (N), provide Note reference number and explain. Facility Test Call/Data Origination Facility Test code changed from default, if used nFacility Test code translated only when needed nFacility Test code limited to system admin/mtce COR nLogoff Notification enabled for Facility Test Call Data Origination feature code not translated Miscellaneous Console permissions restricted/limited Individual and group-controlled restrictions used Authorization codes used Operator calls restricted Switch-hook flash denied on FAX machines, modems, etc. COR-to-COR restrictions used on all CORs Ports for adjuncts in own restricted COR Restrict call forwarding off-net = y Digit conversion of unauthorized calls to console or security Three-way COR check on transfer/conference Authorization Code Security Violation Notification feature active Product Monitoring Traffic measurements reports monitored daily SMDR/CMS reports monitored daily Recent change history log reviewed daily Table H-4.BasicWorks — Continued Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-13 CONVERSANT Voice Information System H CONVERSANT Voice Information System Also see the general security checklist on page H-3, and the security checklist for the host communications system. Customer: _________________________________________ PBX Type: _________________________________________ Location: _________________________________________ New Install: _________________________________________ System Upgrade: _________________________________________ Major Addition: _________________________________________ Table H-5. CONVERSANT Voice Information System Y/N 1Note N/A System Administration Administrative login name changed from default All UNIX login passwords changed from default Busy lamp on modem port Modem dial-up password administered System Features Customized scripts do not allow transfers Customized scripts limit transfers to specific extensions
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-14 CONVERSANT Voice Information System H 1.If “NO” (N), provide Note reference number and explain. Host PBX Analog ports in CONVERSANT Voice Information System hunt group restricted from toll calls by host PBX, for example, restricted COR Analog ports in CONVERSANT Voice Information System hunt group COR-to-COR restricted from dialing RA barrier codes (when host communications system is System 75, or DEFINITY ECS, or DEFINITY G1 or G3) Product Monitoring System reports checked daily Table H-5. CONVERSANT Voice Information System — Continued Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-15 DEFINITY ECS, DEFINITY G1 and G3, and System 75 H DEFINITY ECS, DEFINITY G1 and G3, and System 75 Also see the general security checklist on page H-3, and the security checklist for any attached voice mail systems or other adjuncts. Customer: _________________________________________ Location: _________________________________________ System & Version: _________________________________________ New Install: _________________________________________ System Upgrade: _________________________________________ Major Addition: _________________________________________ Table H-6. DEFINITY ECS, G1, and G3, and System 75 Y/N 1Note N/A System Administration Customer advised of all logins under their control Passwords changed from factory defaults Passwords are customer entered, maximum length, unique, nonsense alphanumeric words NETCON access restricted by COR-to-COR NETCON channels secured Non-DID extensions used for NETCON ports Unused NETCON channels removed Login Security Violation Notification feature active Logins automatically disabled after security violations (G3V3 and later)
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-16 DEFINITY ECS, DEFINITY G1 and G3, and System 75 H Login permissions customized (G3V2) Unused logins removed (remove login command, (G3V3 and later) or disabled (passwords VOIDed) UNIQUE customer logins used (G3V3 and later) Password aging activated (G3V3 and later) Logins temporarily disabled when not needed (disable/enable commands) (G3V3 and later) If customer access to INADS port enabled, adjunct connectivity (TroubleTracker, Monitor I, SNMP and G3MA) to access the switch through the INADS port established (G3V4) Remote Access Remote Access permanently disabled if not used (G3V2 and North American Dial Plan loads) Remote Access administered Remote access number is unpublished Non-DID remote access number used Barrier codes are random 7-digit sequences Barrier codes in own restricted COR Seven-digit authorization codes used Second dial tone omitted between barrier and authorization codes Authorization code timeout to attendant Table H-6. DEFINITY ECS, G1, and G3, and System 75 — Continued Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-17 DEFINITY ECS, DEFINITY G1 and G3, and System 75 H Voice processing ports COR-to-COR restricted from dialing Remote Access barrier codes Remote Access Security Violation Notification feature active Remote Access Security Violations monitored 24 hours per day Login Security Violations monitored 24 hours per day Remote Access automatically disabled following detection of a Security Violation (G3V3 and later) Barrier code aging used (G3V3 and later) Remote Access temporarily disabled when not needed (disable/enable commands) (G3V3 and later) Logoff notification enabled (G3V4) PBX Features Trunking Prohibit Trunk-to-Trunk transfer on public access trunks Tie trunk groups are COR-to-COR restricted Trunk groups have dial access = n COR-to-COR restrictions on dial-accessed trunks ACA (Automatic Circuit Assurance) on trunk groups SMDR/CDR activated on all trunk groups Trunks measured by BCMS/CMS Trunk-to-Trunk Transfer only allowed with DCS or CAS (G3V3 and later) COS Trunk-to-Trunk Restriction Override = n (DEFINITY ECS R5) Table H-6. DEFINITY ECS, G1, and G3, and System 75 — Continued Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-18 DEFINITY ECS, DEFINITY G1 and G3, and System 75 H Personal Station Access (PSA) (DEFINITY ECS R5) PSA COS assignment limited to stations with need to access PSA 8-digit security codes assigned to stations using PSA Station Security Code Security Violation Notification feature active nStation Security Code Security Violations monitored 24 hours per day Extended User Administration of Redirected Calls (DEFINITY ECS R5) 8-digit security codes assigned to stations using Extended User Telecommuting Access Extension not administered Administration of FACs for Redirected Calls nExtend Call Forward All Activate nExtended Call Forward Busy/Don’t Answer Activate nExtended Call Forward Cancel nChange Coverage Station Security Code Security Violation Notification feature active nStation Security Code Security Violations monitored 24 hours per day Routing ARS/WCR used for call routing 1+809 and 0+809 area code blocked 900, 976 calls blocked 976 look-alikes blocked Table H-6. DEFINITY ECS, G1, and G3, and System 75 — Continued Y/N 1Note N/A