Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies BCS Products Security Handbook
Lucent Technologies BCS Products Security Handbook
Have a look at the manual Lucent Technologies BCS Products Security Handbook online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-39 MERLIN MAIL R3 Voice Messaging System H Login attempts before warning message < 6 Login attempts before mailbox lockout < 6 Outcalling privileges not assigned or assigned only to those requiring them MERLIN LEGEND Communications System voice mail port(s) outward restricted (FRL 0) if no outcalling MERLIN LEGEND Communications System voice mail port(s) used for outcalling restricted via allow list to specific areas if outcalling is needed. All other MERLIN LEGEND Communications System voice mail ports outward restricted. On MERLIN LEGEND Communications System, create disallow list containing 0, 011, 10, 700, 800, 1800, 809, 1809, 411, 1411, 900, and 9999. All MERLIN LEGEND Communications System voice mail ports assigned to this list. Remote Call Forwarding used only with trunks that provide reliable disconnect (such as ground-start) Automated Attendant No pooled facility access codes translated on menus No ARS codes translated on menus Table H-14.MERLIN MAIL R3 Voice Messaging System — Continued Y/N1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-40 MERLIN MAIL R3 Voice Messaging System H 1.If “NO” (N), provide Note reference number and explain. Remote call forwarding used offnet only with trunks that provide reliable disconnect (for example, ground-start) End User Education Passwords changed from default for new subscribers Passwords are difficult to guess Passwords are changed quarterly Table H-14.MERLIN MAIL R3 Voice Messaging System — Continued Y/N1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-41 MERLIN Plus Communications System H MERLIN Plus Communications System Also see the general security checklist on page H-3, and the security checklist for any attached adjuncts. 1.If “NO” (N), provide Note reference number and explain. Customer: _________________________________________ Location: _________________________________________ PBX Type: _________________________________________ New Install: _________________________________________ System Upgrade: _________________________________________ Major Addition: _________________________________________ Table H-15. MERLIN Plus Communications System Y/N 1Note N/A System Features 900, 976 calls blocked Operator calls restricted 011/LD calls limited by FRLs Restrict remote call forwarding (MERLIN Plus Communications System R2 only) to those with need Implement “Automatic Timeout” feature for remote call forwarding (MERLIN Plus Communications System R2 only) Product Monitoring SMDR reports monitored daily
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-42 Multimedia Communications Exchange Server H Multimedia Communications Exchange Server Also see the general security checklist on page H-3. 1.If “NO” (N), provide Note reference number and explain. Customer: _________________________________________ System & Version: _________________________________________ Location: _________________________________________ New Install: _________________________________________ System Upgrade: _________________________________________ Major Addition: _________________________________________ Table H-16. Multimedia Communications Exchange Server Y/N 1Note N/A System Administration Root password changed from default Administration login(s) password secured Remote Maintenance Access Remote Maintenance (RMB) installed RMB telephone number is unpublished System Features Administered licensed number of users Audit log advised to be checked daily
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-43 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System H Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System (CRCS) Also see the general security checklist on page H-3. Customer: _________________________________________ Location: _________________________________________ MSM SW Version and Install Date: ________________________________________ ESM SW Version and Install Date: _________________________________________ CRCS SW Version and Install Date: _________________________________________ CRCS is Single-User or Multi-User?_________________________________________ Table H-17. MCU/CRCS Y/N 1Note N/A Physical Security MCU room and wiring closets locked All equipment documentation secured CRCS secured at night MCU Local and Remote administration equipment secured Remote Port Security Devices (RPSD) installed Call logs and printed reports secured
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-44 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System H 1.If “NO” (N), provide Note reference number and explain Customer Education System manager/administrator has copy of Security Handbook/Toll Fraud Overview System security policy established and distributed System security policy reviewed periodically Security policy included in new-hire orientation Employees know how to detect potential toll fraud Employees know where to report suspected toll fraud Authorization codes not sequential Remote access phone number(s) not published Barrier codes and passwords are chosen to be difficult to guess Barrier codes, passwords (including ESM and CRCS) and authorization codes are removed/changed when employees are terminated Authorization codes, account codes, and passwords are not written down or translated on auto-dial buttons HackerTracker thresholds established Social Engineering explained MCU Product Checksheets Attached: (Check all that apply) (__) Multimedia Server Module (MSM) (__) Expansion Services Module (ESM) (__) Conference Reservation and Control System (CRCS) Table H-17.MCU/CRCS — Continued Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-45 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System H ESM Security Checklist NOTE: See the appropriate security checklist for the host MSM. Customer: _________________________________________ ESM Type: _________________________________________ Location: _________________________________________ New Install: _________________________________________ System Upgrade: _________________________________________ Major Addition: _________________________________________ Table H-18. ESM Y/N 1Note N/A System Administration Root Login changed from default All other UNIX login passwords changed (INADS) Remote Maintenance Access Remote Maintenance Board (RMB) installed (if NO, skip to “Using External Modem...”) nRMB (INADS) telephone number unpublished nLevel 1 and Level 2 passwords protected nLevel 1 and Level 2 passwords changed from default Using external Modem off COM2 rather than RMB nBusy lamp on modem port nModem dial-up password administered
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-46 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System H 1.If “NO” (N), provide Note reference number and explain. System Features Administered UNIX license number of system Periodic reboot advised to be enabled Host MSM (See checklist for the host MSM) Table H-18.ESM — Continued Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-47 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System H CRCS Security Checklist Customer: _________________________________________ CRCS Type: _________________________________________ Location: _________________________________________ New Install: _________________________________________ System Upgrade: _________________________________________ Port Additions: _________________________________________ Table H-19. CRCS Y/N 1Note N/A System Administration Is CRCS type Single User (SU) or Multi-User (MU)? Is the proper serial number assigned to the system? System Administrator password changed to a maximum-length, difficult-to-guess value Client Administrator(s) passwords changed (MU only) to a maximum length, difficult to guess value Forced password change for new clients (MU only) System Features Login attempts before warning message < 6 (R3 only) Outcalling privileges not assigned, or assigned only to those requiring them
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-48 Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System H MSM Security Checklist See the appropriate security checklist for the attached ESM or CRCS. 1.If “NO” (N), provide Note reference number and explain. End User Education Passwords changed for new subscribers Passwords are difficult to guess Passwords are changed quarterly Customer: _________________________________________ System & Version: _________________________________________ Location: _________________________________________ New Install: _________________________________________ System Upgrade: _________________________________________ Major Addition: _________________________________________ Table H-20. MSM Y/N 1Note N/A System Administration Customer advised of all logins under their control. Passwords changed from factory defaults. Passwords are customer-entered, maximum length, unique alphanumeric words. NETCON access restricted by COR-to-COR restrictions. Table H-19.CRCS — Continued Y/N 1Note N/A