Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies BCS Products Security Handbook
Lucent Technologies BCS Products Security Handbook
Have a look at the manual Lucent Technologies BCS Products Security Handbook online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Security Risks Page 2-1 Overview 2 BCS Products Security Handbook 555-025-600 Issue 6 December 1997 2 2Security Risks Overview In order for your system to be secure against toll fraud, you need to address access, egress, and system administration. This handbook addresses those concerns. In addition, the risk of PBX-based toll fraud increases when any of the following products and features are used: nRemote Access nAutomated Attendant nOther port security risks nVoice Messaging nAdministration and Maintenance Access nVectors associated with the DEFINITY ECS and DEFINITY Communications Systems All these features offer benefits which allow companies to increase their availability to their customers and the productivity of their workforce. However, this chapter takes a look at these features from a different point-of-view: how can these features, when combined with other outgoing features, such as dial access to trunks, make a PBX system more vulnerable to toll fraud? The remainder of this chapter discusses general security measures you can take to protect your system. Chapters 3 through 6 discuss the specific actions that help prevent these features from being the target of unauthorized use.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-2 Remote Access 2 Remote Access Remote Access, or Direct Inward System Access (DISA), permits callers from the public network to access a customer premises equipment-based system to use its features and services. Callers dial into the system using CO, FX, DID, or 800 service trunks. After accessing the feature, the user hears system dial tone, and, for system security, may be required to dial a barrier code, depending on the system. If a valid barrier code is dialed, the user again hears dial tone, and can place calls the same as an on-premises user. For the DEFINITY ECS, DEFINITY G1 and G3, and for the System 75, incoming calls are routed to a Remote Access extension. For DEFINITY G2 and System 85, callers are connected to the Remote Access feature when they dial the number for an incoming Remote Access trunk group. Different product releases have different restrictions, as follows. When a Remote Access call is answered, the caller can be requested to enter either a barrier code or an authorization code (the DEFINITY ECS, DEFINITY G1, G2.2 Issue 3.0 and later), G3, and System 75 R1V3 can require both) before calls are processed. When both maximum length barrier codes and authorization codes are required, hackers need to decipher up to 14 digits to gain access to the feature. Hackers frequently call toll-free 800 numbers to enter customer premises equipment-based PBX systems so that they do not pay for the inbound calls. After they are connected, hackers use random number generators and password cracking programs to find a combination of numbers that gives them access to an outside facility. Unprotected Remote Access numbers (those that do not require barrier codes or authorization codes) are favorite targets of hackers. After being connected to the system through the Remote Access feature, a hacker may make an unauthorized call by simply dialing and the telephone number. Even when the Remote Access feature is protected, hackers try to decipher the codes. When the right combination of digits is discovered (accidentally or otherwise), hackers can then make and sell calls to the public. For these reasons, all switches in the network should be protected. Refer to Chapter 3 for more information on Remote Access for the DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85. Refer to Chapter 4 for more information on Remote Access for the MERLIN II, MERLIN LEGEND, MERLIN Plus, PARTNER II, PARTNER Plus, and System 25 Communications Systems. 9
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-3 Automated Attendant 2 Automated Attendant Automated attendant systems direct calls to pre-designated stations by offering callers a menu of available options. Automated attendant devices are connected to a port on the main system and provide the necessary signaling to the switch when a call is being transferred. When hackers connect to an automated attendant system, they try to find a menu choice (even one that is unannounced) that leads to an outside facility. Hackers also may try entering a portion of the toll number they are trying to call to see if the automated attendant system passes the digits directly to the switch. To do this, the hacker matches the length of a valid extension number by dialing only a portion of the long distance telephone number. For example, if extension numbers are four digits long, the hacker enters the first four digits of the long distance number. After the automated attendant sends those numbers to the switch and disconnects from the call, the hacker provides the switch with the remaining digits of the number. Many voice messaging systems incorporate automated attendant features. The security risks associated with automated attendant systems are common to voice messaging systems as well. Refer to Chapter 6 for more information on securing automated attendant systems. Other Port Security Risks Many of the security risks from voice mail, Remote Access, and automated attendant arise from allowing incoming callers to access outside facilities. However, there are other endpoints within your system that should also be denied to incoming callers. Many of these endpoints can be dialed as internal calls within the system, and can be reached from either voice mail, auto attendant, or Remote Access. For example, the NETCON (Network Control) data channels provide internal access to the system management capabilities of the system and can be reached on a call transfer from an AUDIX Voice Mail System if not protected by appropriate restrictions. [See ‘‘ Increasing Product Access (Port) Security’’ on page 2-6.] Any features or endpoints that can be dialed, but are to be denied to incoming callers, should be placed in restriction groups that cannot be reached from the incoming facility or from endpoints that could transfer a call. Sophisticated modems being used today, if not protected, offer incoming callers the ability to remotely request the modem to flash switch-hook, returning second dial tone to the incoming caller. Modem pool ports need to be appropriately protected or otherwise denied access to second (recall) dial tone. Outgoing-only modem pools are at risk if they can be dialed as extensions from any of the remote access or voice mail ports as in the example above. (See ‘‘ Recall Signaling (Switchhook Flash)’’ on page 3-17.)
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-4 Voice Messaging Systems 2 Voice Messaging Systems Voice messaging systems provide a variety of voice messaging applications; operating similarly to an electronic answering machine. Callers can leave messages for employees (subscribers) who have voice mailboxes assigned to them. Subscribers can play, forward, save, repeat, and delete the messages in their mailboxes. Many voice messaging systems allow callers to transfer out of voice mailboxes and back into the PBX system. When hackers connect to the voice messaging system, they try to enter digits that connect them to an outside facility. For example, hackers enter a transfer command (the AUDIX Voice Mail System uses ), followed by an outgoing trunk access number for an outside trunk. Most hackers do not realize how they gained access to an outside facility; they only need to know the right combination of digits. See Chapter 5 for information on securing your voice messaging system. Sometimes hackers are not even looking for an outside facility. They enter a voice messaging system to find unassigned voice mailboxes. When they are successful, they assign the mailboxes to themselves, relatives, and friends, and use them to exchange toll-free messages. Hackers can even use cellular phones to break into voice mailboxes. (See ‘‘ Protecting Voice Messaging Systems’’ on page 5-2.) In addition, unauthorized access to voice messaging systems can allow hackers to access the switch and change administration data. See ‘‘ Increasing Product Access (Port) Security’’ on page 2-6. Administration / Maintenance Access Expert toll hackers target the administration and maintenance capabilities of customer premises equipment-based systems. Once criminals gain access to the administration port, they are able to change system features and parameters so that fraudulent calls can be made. The following measures can be taken to prevent high level access to system administration. Passwords Changing Default Passwords To simplify initial setup and allow for immediate operation, either the switch and adjuncts are assigned default administration passwords, or passwords are disabled, depending on the date of installation. Hackers who have obtained copies of customer premises equipment-based and adjunct system documentation circulate the known default passwords to try to gain entry into systems. To date, the vast majority of hacker access to maintenance ports has been through default customer passwords. Be sure to change or void all default passwords to end this opportunity for hackers. *T
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-5 Administration / Maintenance Access 2 The following is a list of customer logins for systems in this handbook that provide login capabilities. For information on password parameters, see the applicable system chapter. For information on how to change passwords, see Appendix E. nAUDIX Voice Mail System: cust nAUDIX Voice Power System: audix (or is on the Integrated Solution-equipped system) nDEFINITY AUDIX System: cust nDEFINITY ECS, DEFINITY G1, G3V1, G3V2, and System 75: cust, rcust, bcms1, browse*, NMS* nLucent Technologies INTUITY System: sa, vm nMERLIN LEGEND Communications System: admin on Integrated Voice Response platform-supported systems nMERLIN MAIL and MERLIN MAIL-ML Voice Messaging Systems: 1234 nPARTNER MAIL and PARTNER MAIL VS Systems: 1234 nSystem 25: systemx5 Choosing Passwords Follow the guidelines listed below when choosing passwords. nPasswords should be as long as allowed. See the section specific to your system for maximum password length information. nPasswords should be hard to guess and should not contain: — all the same characters (for example, 1111, xxxx) — sequential characters (for example, 1234, abcd) — character strings that can be associated with you or your business, such as your name, birthday, business name, phone number, or social security number — words and commonly-used names. Many of the war dialers used by hackers are programmed to try all of the names from books listing potential baby names. In one documented case, the contents of an entire dictionary were used to try and crack passwords. nPasswords should use as great a variety of characters as possible. For example, if both numbers and letters are permitted, the password should contain both. nPasswords should be changed regularly, at least on a quarterly basis. Recycling old passwords is not recommended. 1. Not available in System 75 R1V1 (bcms is not available in System 75 at all.)
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-6 Administration / Maintenance Access 2 Increasing Adjunct Access Security Since system adjuncts can be used to log in to otherwise “protected” systems, you also should secure access to the following products: nG3 Management Applications (G3-MA) nCSM (Centralized System Management) nCMS (Call Management System) nManager III/IV nTrouble Tracker nVMAAP Logins and passwords should be changed and managed in the same manner as the system being managed (for example, the switch or the AUDIX Voice Mail System). See ‘‘ Administration Security’’ on page 3-47 for additional information. Increasing Product Access (Port) Security You need to protect your security measures from being changed by the hacker who gains access to the administration or maintenance ports of your customer premises equipment-based system or its adjuncts. See ‘‘ Logins for INADS Port’’ on page 3-47. If you use PC-based emulation programs to access administration capabilities, never store dial-up numbers, logins, or passwords as part of an automatically executed script. For greater security, you may want to purchase and use the optional Remote Port Security Device (RPSD). The RPSD consists of two modem-sized devices, a lock, installed on the receiving modem (for example, at the PBX), and a Key, which is placed on the originating modem (for example, at the remote administration terminal). The lock and key must match before a communications pathway is opened. Refer to Appendix G for more information. Another area that may be vulnerable to toll fraud is the System 75 and the DEFINITY ECS, DEFINITY G1 and G3 (except G3r) NETCON data channel — the internal extension number that can be used for administration and maintenance access. If the NETCON data channel is not restricted, a hacker can do a valid transfer from the voice mail port (or other ports in the system) to the network extension, get dial tone, and connect to and log into the administrative port, bypassing any port protection device, such as an RPSD. In a modem pool or NETCON modem installation, this would permit a hacker to transfer to a NETCON extension, get data tone, and get a login prompt. In a modem pool installation, this would also permit the hacker to transfer out to make toll calls. Use COR-to-COR restrictions to restrict stations from calling the NETCON so that only CORs allowed to access the maintenance port are able to do so. For
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-7 General Security Measures 2 example, if voice mail extensions have a COR of 9, and extensions assigned to NETCON channels have a COR of 2, ensure that COR 9 does not have access to COR 2. Anyone not authorized to use the NETCON channel should not be able to access it. NOTE: To determine how the NETCON channels have been assigned, use the list data module command. The output from this command identifies the modules in your system. If NETCON extensions are administered, they will be listed as NETCON, along with the four 3- or 4-digit extension numbers associated with the data channel(s). NOTE: NETCON extensions may also be contained in a hunt group. If list data module does not list the NETCON extensions, use list hunt group to see if the NETCON data channels are in a hunt group. NOTE: For verification purposes, you may also enter list data module , if you think you know the extension that is associated with the NETCON data channel. This command will list the COR, COS, Tenant Number, and name of the data module (for example, NETCON, TDM) associated with the extension you entered. In addition, the modem port used for voice mail maintenance or administrative access is often a switch extension. It should be restricted in the same manner as the NETCON channel. General Security Measures General security measures can be taken systemwide to discourage unauthorized use. Educating Users Everyone in your company who uses the telephone system is responsible for system security. Users and attendants need to be aware of how to recognize and react to potential hacker activity. Informed people are more likely to cooperate with security measures that often make the system less flexible and more difficult to use. nNever program passwords or authorization codes onto auto dial buttons. Display phones reveal the programmed numbers and internal abusers can use the auto dial buttons to originate unauthorized calls. nDiscourage the practice of writing down passwords. If a password needs to be written down, keep it in a secure place and never discard it while it is active.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-8 General Security Measures 2 nAttendants should tell their system manager if they answer a series of calls where there is silence on the other end or the caller hangs up. nUsers who are assigned voice mailboxes should frequently change personal passwords and should not choose obvious passwords (see ‘‘ Choosing Passwords’’ on page 2-5). nAdvise users with special telephone privileges (such as Remote Access, voice mail outcalling, and call forwarding off-switch) of the potential risks and responsibilities. nBe suspicious of any caller who claims to be with the telephone company and wants to check an outside line. Ask for a callback number, hang up, and confirm the caller’s identity. nNever distribute the office telephone directory to anyone outside the company; be careful when discarding it. nNever accept collect phone calls. nNever discuss your telephone system’s numbering plan with anyone outside the company. Establishing a Policy As a safeguard against toll fraud, follow these guidelines: nChange passwords frequently (at least quarterly). Set password expiration times and tell users when the changes go into effect. Changing passwords routinely on a specific date (such as the first of the month) helps users to remember to do so. nEstablish well-controlled procedures for resetting passwords. nLimit the number of invalid attempts to access a voice mail to five or less. nMonitor access to the dial-up maintenance port. Change the access password regularly and issue it only to authorized personnel. Consider using the Remote Port Security Device. (Refer to Appendix G for additional information.) nCreate a PBX system management policy concerning employee turnover and include these actions: — Delete all unused voice mailboxes in the voice mail system. — If an employee is terminated, immediately delete any voice mailboxes belonging to that employee. — If a terminated employee had Remote Access calling privileges and a personal authorization code, remove the authorization code immediately. — If barrier codes and/or authorization codes were shared by the terminated employee, these should be changed immediately. Notify the remaining users as well.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-9 Security Goals Tables 2 — If the terminated employee had access to the system administration interface, their login ID should be removed (G3V3 or later). Any associated passwords should be changed immediately. nBack up system files regularly to ensure a timely recovery should it be required. Schedule regular, off-site backups. Physical Security You should always limit access to the system console and supporting documentation. The following are some recommendations: nKeep the attendant console and supporting documentation in an office that is secured with a changeable combination lock. Provide the combination only to those individuals having a real need to enter the office. nKeep telephone wiring closets and equipment rooms locked. nKeep telephone logs and printed reports in locations that only authorized personnel can enter. nDesign distributed reports so they do not reveal password or trunk access code information. Security Goals Tables The following tables list the security goals for each communications system, and provide an overview of the methods and steps that are offered through the switches to minimize the risk of unauthorized use of the system. nTable 2-1 on page 2-10 provides information for the DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85. nTable 2-2 on page 2-13 provides information for the MERLIN II, MERLIN LEGEND, MERLIN Plus, and System 25 Communications Systems. nTable 2-3 on page 2-16 provides information for the PARTNER II and PARTNER Plus Communications Systems.
BCS Products Security Handbook 555-025-600 Issue 6 December 1997 Security Risks Page 2-10 Security Goals Tables 2 Table 2-1. Security Goals: DEFINITY ECS, DEFINITY Communications Systems, System 75 and System 85 Security Goal Method Security Tool Steps Protect Remote Access featureLimit access to authorized usersBarrier codes Set to maximum length Set COR/COS Authorization codesSet to maximum length Set FRL on COR Use VDNs to route callsCall Vectoring (G2 and G3 only)Administer Call Vectoring (G3 only) Use CORs to restrict calling privileges of VDNs Limit times when Remote Access is availableNight Service (G1, G2, G3, and System 75 only)Administer Night Service Shared Trunk Group (System 85 only)Assign shared trunk group Suppress dial tone after barrier code enteredSuppress Remote Access Dial Tone — (G1, G3 and System 75 R1V3 require the concurrent use of Authorization codes)Turn off dial tone (See Remote Access form) Prevent unauthorized outgoing callsLimit calling area AAR/ARS Analysis Set FRL Set COR Digit Conversion (G1, G2, G3, and System 85 only)Administer digit conversion Toll Analysis (G1, G3, and System 75 only)Identify toll areas to be restricted FRLs Limit access to AAR/ARS route patterns by setting to lowest possible value