Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies BCS Products Security Handbook
Lucent Technologies BCS Products Security Handbook
Have a look at the manual Lucent Technologies BCS Products Security Handbook online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-59 System 25 H 1.If “NO” (N), provide Note reference number and explain. Remote Access Remote activated only if required Use non-DID number for remote access Barrier codes are maximum allowable digits, random number sequence, non-sequential AVP/VMS Do not register ARS or FACS as subscribers Provide small mailboxes (AVP) and no voice mail coverage on “utility” stations (that is, non-voice such as FAX endpoints) Admin login password changed on regular basis Transfer to Subscribers Only = y Change password from default for new subscribers Voice ports outward restricted if outcalling not used Use of outcalling denied or minimized Invalid Auto Attendant menu options directed to operator Disable remote maintenance access when not in use Product Monitoring SMDR/CAS reports monitored daily, administration log and activity log checked daily (AVP) End-User Education Only trusted personnel transferred to remote maintenance port Table H-23. System 25 — Continued Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-60 PassageWay Telephony Services H PassageWay Telephony Services Also see the general security checklist on page H-3. Customer: _________________________________________ Location: _________________________________________ PassageWay Install Date: ________________________________________ Table H-24. PassageWay Telephony Services Y/N 1Note N/A General Telephony Server is in a secure location (locked room). Backups of the Telephony Server machine are made at regular intervals. Virus detection is run on the Telephony Server machine at regular intervals. If infected files are detected, they are cleaned or removed, or restored from system backups. Product Installation When using TCP/IP for Computer Telephone Integration (CTI) links, the CTI link between the Telephony Server and the PBX (for example, DEFINITY ECS) is installed on a private LAN. Routing is not enabled between two network cards.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-61 PassageWay Telephony Services H System Administration Guidelines followed for logins/passwords for user accounts. (See PassageWay customer documentation.) Customer educated about standard Lucent password recommendations (For example, at least 7 characters and forced password change for new subscribers. See PassageWay customer documentation.) Default administrator login for Tserver changed at installation. Separate Tserver accounts administered for each user. (Login and password added on OS, and login id added to Tserver) for each user. (NOTE: Shared Logins are NOT Allowed.) Unused Tserver and system accounts are disabled or removed. When using btrieve, enabled the “Log Changes to SDB” feature. Customers entered their passwords as accounts were created. Individuals given control of only their devices during Tserver administration. (Avoid using Any Device or Exception List.) Enabled DEFINITY ECS CDR (or comparable capability of other Lucent switch) to track call history. Table H-24. PassageWay Telephony Services Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-62 PassageWay Telephony Services H For NetWare only: Used the NetWare Administrator feature (NetWare 4.10 and 4.11) or SYSCON utility (NetWare 3.12) to set the appropriate login and password restrictions (For example, require users to have passwords with a minimum length of 7 characters, enable password aging, and so forth.) Used the NetWare Administrator feature (NetWare 4.10 and 4.11) or SYSCON utility (NetWare 3.12) to enable the Intruder Detection feature and to lock accounts after several invalid login attempts have been made. Enabled the “Restrict Users to Home Worktop” feature in the Telephony Services security database. For Windows NT only: Disabled the “Extended Worktop Access” feature in the Telephony Services security database. Use the “Account Policy” dialog box of the Windows NT user manager to configure the following security features: nMinimum password length nMinimum and Maximum Password Age nPassword Uniqueness nAccount Lockout for invalid logon attempts Took full advantage of Windows NT event log (for example, for monitoring failed login attempts) Table H-24. PassageWay Telephony Services Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-63 PassageWay Telephony Services H Access Control To ensure protection of sensitive system files used by Tserver, only System Administrator has access to Tserver, Security Database, and log files. For Windows NT only: Make file system NTFS instead of FAT. Remote Access When using pcANYWHERE (or another tool for remote access of customer PCs), customer has been advised of the following precautions: nDo not publish phone number for modem. nUse return call option with Lucent phone number. (Do not set up pcANYWHERE without the callback option.) Table H-24. PassageWay Telephony Services Y/N 1Note N/A
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Product Security Checklists Page H-64 PassageWay Telephony Services H 1.If “NO” (N), provide Note reference number and explain nWhen on the PC, pcANYWHERE is not started except as required. nFor added security, unplug phone jack from modem when pcANYWHERE is not in use. nChange password after services leaves and after remote access. nConfigure the following security options: — Require login names for callers — Make passwords case sensitive — Log failed connection attempts — Maximum login attempts per call — Time to enter complete login — Disconnect if inactive nConfigure pcANYWHERE to log remote control and on-line sessions. (Set the “Save Session Statistics in Activity Log File” checkbox in the “Other Session Parameters” group box.) Table H-24. PassageWay Telephony Services Y/N 1Note N/A
Large Business Communications Systems Security Tools by Release Page I-1 I BCS Products Security Handbook 555-025-600 Issue 6 December 1997 I ILarge Business Communications Systems Security Tools by Release The following tables contain page references for the available security features for the System 75, System 85, DEFINITY G1, G2, G3, and DEFINITY ECS. Information is listed by release.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Large Business Communications Systems Security Tools by Release Page I-2 I Table I-1. Large Business Communications Systems Security Tools by Release Feature See Section/Page S75 S85 G1 G2 G3V1 G3V2 G3V3 G3V4ECS R5 & later 3-way COR check‘‘ Restriction Override (3-way COR Check)’’ on page 3-14 xxxx AAR/ARS Analysis‘‘ AAR/ARS Analysis’’ on page 3-17 xxxxxxxxx Administrable Logins‘‘ Forced Password Aging and Administrable Logins’’ on page 3-47 xxx Administration Security‘‘ Administration / Maintenance Access’’ on page 2-4 xxxxxxxxx Alternate Facility Restriction Levels‘‘ Remote Access’’ on page 2-2 ‘‘Class of Restriction’’ on page 3-12 ‘‘Alternate Facility Restriction Levels’’ on page 3-16 ‘‘Provide Individualized Calling Privileges Using FRLs’’ on page 3-28 x xxxxxx ARS Dial Tone‘‘ ARS Dial Tone’’ on page 3-17 xxxxxxxxx Attendant- Controlled Voice Terminals‘‘ Attendant - Controlled Voice Terminals’’ on page 3-18 xx Authorization Codes(See Index)R1V3xxxxxxxx Authorization Code Security Violation Notification‘‘ Security Violation Notification Feature (DEFINITY ECS and DEFINITY G3 only)’’ on page 3-53 xxx
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Large Business Communications Systems Security Tools by Release Page I-3 I Automatic Circuit Assurance‘‘Automatic Circuit Assurance (ACA)’’ on page 3-51 ‘‘Automatic Circuit Assurance’’ on page 6-11 xxxxxxxxx Barrier Code‘‘ Remote Access’’ on page 2-2 ‘‘Security Tips’’ on page 3-2 ‘‘Barrier Codes’’ on page 3-4 ‘‘Restrict Who Can Use Remote Access/Track its Usage’’ on page 3-25 ‘‘Protecting Remote Access’’ on page 4-13 xxxxxxxxx Barrier Code Aging‘‘ Remote Access Barrier Code Aging/Access Limits (DEFINITY G3V3 and Later)’’ on page 3-61 xxx BCMS Measurement‘‘ BCMS Measurements (DEFINITY ECS and DEFINITY G1 and G3 only)’’ on page 3-52 x x xxxx Table I-1. Large Business Communications Systems Security Tools by Release — Feature See Section/Page S75 S85 G1 G2 G3V1 G3V2 G3V3 G3V4ECS R5 & later
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Large Business Communications Systems Security Tools by Release Page I-4 I Call Detail Recording (SMDR)‘‘Call Detail Recording (CDR) / Station Message Detail Recording (SMDR)’’ on page 3-48 ‘‘Call Detail Recording (CDR) / Station Message Detail Recording (SMDR)’’ on page 5-11 ‘‘Call Detail Recording (CDR) / Station Message Detail Recording (SMDR)’’ on page 6-8 xxxxxxxxx Call Forward On/Off Net‘‘ Class of Service’’ on page 3-14 xxxx Call Prompting/ ASAI‘‘ Protecting Vectors That Contain Call Prompting’’ on page 3-9 x xxxxxx Call Vectoring‘‘ Call Vectoring (DEFINITY ECS and DEFINITY G3 only)’’ on page 3-9 ‘‘Prevent After-Hours Calling Using Time of Day Routing or Alternate FRLs’’ on page 3-29 x xxxxxx Central Office Restrictions‘‘ Central Office Restrictions’’ on page 3-19 xxxxxxxxx Class of Restrictions(See Index) x x x x x x x Table I-1. Large Business Communications Systems Security Tools by Release — Feature See Section/Page S75 S85 G1 G2 G3V1 G3V2 G3V3 G3V4ECS R5 & later