Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies Definity Audix System Administration Guide
Lucent Technologies Definity Audix System Administration Guide
Have a look at the manual Lucent Technologies Definity Audix System Administration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Ongoing System Security 10-1 10 DEFINITY AUDIX System Administration 585-300-507 Issue 7 May 1999 10 Ongoing System Security This chapter d escrib es measures to maximize system security. For d etailed information on g eneral system sec urity issues, refer to GBCS Prod uc ts Sec urity Handb ook , 555-025-600. Your DEFINITY AUDIX system has b een c arefully d esig ned to b e very sec ure. Maximum sec urity is assured b y the following fac tors: nSub sc rib ers c an have password s up to 15 d igits long to ac c ess the DEFINITY AUDIX system. For maximum sec urity, set the minimum p assword leng th on the System-Parameters Features sc reen for sub sc rib ers to b e five d ig its or more. nCallers are allowed three attemp ts at log g ing into the DEFINITY AUDIX system. If the c aller has not suc c essfully entered the extension and p assword in three attemp ts, the DEFINITY AUDIX system d isc onnec ts the c all. Ad d itionally, you (the DEFINITY AUDIX system ad ministrator) c an sp ec ify on the System-Parameters Features sc reen how many c onsec utive unsuc c essful attemp ts are allowed (p ossib ly involving more than one c all into the DEFINITY AUDIX system) b efore the DEFINITY AUDIX system loc ks the sub sc rib ers mailb ox and d oes not allow anyb od y to log in to that mailbox. The mailb ox c an be unloc ked only by you, the ad ministrator, using the Sub sc rib er sc reen. For examp le, a c aller attempting to log in to a sub sc rib er mailb ox would b e d isc onnec ted after the third unsuc c essful attemp t. If the c onsec utive attemp ts allowed is five, the c aller c ould c all b ac k b ut would b e allowed only two attemp ts (the p revious three attemp ts p lus two is five c onsec utive attemp ts). At this p oint, the DEFINITY AUDIX system would loc k the sub sc rib ers mailb ox. The ad ministration log will id entify the inc oming c all that is b eing loc ked out as b eing either from an external p hone or from a p artic ular internal extension. If you notic e, up on looking at the ad ministration log , that a sub sc rib er is rep eated ly being loc ked out, you should c onsid er the p ossib ility that an unauthorized p erson is attemp ting
DEFINITY AUDIX System Administration 585-300-507 Issue 7 May 1999 Ongoing System Security 10-2 10 to tamp er with the sub sc ribers mailb ox. In this event, you may want to rep ort the p rob lem to the sub sc rib ers manag er and/or your org anizations sec urity offic er. Also, you may want to lower the limit for the numb er of c onsec utive attemp ts allowed . nThe Password Ag ing feature req uires sub sc rib ers to c hange their p assword at an interval d efined by you, the system ad ministrator. Password Aging enhanc es overall system sec urity and help s p rotec t ag ainst toll fraud . Ad minister Password Ag ing on the System-Parameters Features sc reen. The Password exp iration interval field sp ec ifies the numb er of d ays that a p assword is ac tive on the DEFINITY AUDIX system. The Minimum ag e b efore c hang e field sp ec ifies the minimum numb er of d ays whic h must p ass b efore a sub sc rib er c an c hang e his/her password after a suc c essful change. If Password Ag ing is ac tive, you, the system ad ministrator, c an forc e the exp iration of a sub sc rib er’s p assword b y entering “ e” in the p assword field of the Subsc riber sc reen. nAc c ess to the DEFINITY AUDIX system ad ministrative terminal is limited . To use the terminal you must know a telep hone numb er for the remote p ort, a user ID and p assword, and a system p assword . This p assword , c reated b y you as system ad ministrator, should b e at least six characters long , with one of the six c harac ters b eing a spec ial c harac ter or d igit. You should not share this password with more than one other p erson. The Ad ministration Password Ag ing feature remind s you to c hang e your p assword at an interval you d efine. Password Ag ing enhanc es overall system sec urity and help s p rotec t ag ainst toll fraud . !WARNING: Set up ad ministrator’s p assword ag ing on the System-Parameters Features screen. Administrator’s password aging fields are filled in exac tly as d esc rib ed ab ove reg ard ing sub sc rib er’s p assword ag ing . As the DEFINITY AUDIX system ad ministrator, it is your resp onsib ility to p rotec t sub sc rib ers from unauthorized ac c ess to their mailb oxes. Careful attention to sec urity-related ad ministrative features, p roc ed ures, and maintenanc e are req uired to ensure the integ rity of user information. It is your resp onsib ility to make the following rules p art of your DEFINITY AUDIX system: nEstablish well-controlled proc edures for resetting passwords. nLimit the numb er of c onsec utive unsuc c essful log in attempts to five attemp ts or fewer. After this numb er of c onsec utive failures, the sub sc rib er is loc ked out of the mailb ox and c annot ac c ess it until you unloc k it. Initially, you may want to make this numb er larg er b ec ause sub sc rib ers may have p rob lems at first. After a reasonab le p eriod of “ g etting used to the DEFINITY AUDIX system,” however, you should reset the numb er of c onsec utive unsuc c essful log in attemp ts to the sug g ested value.
DEFINITY AUDIX System Administration 585-300-507 Issue 7 May 1999 Ongoing System Security 10-3 10 nSet timeouts to a non-trivial limited numb er of sec ond s. nEnsure that fac tory-installed p assword s, whic h are sent with the initial installation of the system, have b een c hang ed to non-trivial p assword s. nMonitor ac c ess to the d ial-up maintenanc e p ort. Chang e the system p assword for the cust log in reg ularly and issue it only to authorized p ersonnel. nConsid er d isc onnec ting the maintenanc e p ort when not in use. This should b e imp lemented only after thoroug h risk analysis and c ost/b enefit stud ies. Disc onnec ting the maintenanc e p ort eliminates the threat of unauthorized ac c ess b ut it also eliminates the TSCs 24-hour maintenanc e surveillanc e c ap ab ility and may result in ad d itional maintenanc e c ost. nReg ularly b ac k up system d ata to ensure a timely rec overy, should it b e req uired. Imp lement a reg ular off-site b ac kup p olic y so you will have a rec ent bac kup even if a d isaster strikes your c omp anys offic e loc ation. nVerify that the minimum p assword feature is b eing used p rop erly. You should never set the minimum p assword leng th to zero sinc e this provid es no mailb ox p rotec tion. Also, in many instanc es, the d efault password is the same as the sub sc rib ers extension numb er. This p rovid es virtually no mailb ox p rotec tion sinc e many sub sc rib ers never c hange the d efault p assword . In this c ase, a minimum p assword leng th g reater than the extension numb er leng th would forc e eac h sub sc rib er to c hang e the d efault password the first time s/he log s in. nSee that sub sc ribers und erstand the imp ortanc e of p assword sec urity to their mailboxes and imp lement the following g uid elines for sub sc rib ers: — They should estab lish their p assword s as soon as their DEFINITY AUDIX extensions are assig ned to sec ure their mailb oxes. — They should not use trivial p assword s suc h as “ 111” or “ 123.” — They should not use their p hone numb ers or extensions as passwords. — They should not use their names or initials as a password . — Password s should b e as long as p ossib le with a minimum of five digits. — Password s should not b e p osted , shared , or p rinted in an ob vious p lac e. — Password s should not b e c od ed in p rog rammab le-func tion keys or sp eed -dialing keys whic h allow read y ac c ess b y unauthorized persons. — If their p asswords must b e p reset, they should log in immed iately and c hang e the p assword .
DEFINITY AUDIX System Administration 585-300-507 Issue 7 May 1999 Ongoing System Security 10-4 Minimizing Toll Fraud 10 — Password s should b e p eriod ic ally c hang ed b ased on the sensitivity of the messag es handled . — If you set up a p hantom or remote extension, make sure to test the extension to verify that you c annot ac c ess an outsid e line or d ial tone. Testing these extensions will help you g uard your system ag ainst toll fraud . Minimizing Toll Fraud Your DEFINITY AUDIX system, like all voic e messaging and automated attend ant systems, is sub jec t to unauthorized long d istanc e c all attemp ts (toll fraud ). Most suc h attemp ts oc c ur as a c aller attemp ts to transfer out of the AUDIX system. There are two typ es of c all transfer availab le with the DEFINITY AUDIX system: 1. Basic c all transfer — Availab le with either c ontrol-link or d isp lay-sc reen switc h integ ration. 2. Enhanc ed c all transfer — Availab le only with c ontrol-link switc h integ ration. Basic Call Transfer uses a switc hhook-flash method to send the transfer c ommand over voic e p orts. The DEFINITY AUDIX system g oes off-hook, waits for a d ial-tone, dials the transfer numb er, then waits ag ain for the c onnec tion to complete. Enhanc ed c all transfer is the more sec ure method of the Transfer Out of AUDIX feature. Both typ es of c all transfer are sub jec t to c ontrol b y a d ialp lan that you fill out to enc omp ass all of the numb ers to whic h a c aller may transfer. To transfer out of the DEFINITY AUDIX system, the sub sc rib er p resses , the d ig its of the extension to whic h s/he wishes to transfer, and . If the p attern of the numb er d ialed c orresp ond s to a p attern you have p ermitted on the transfer-d ialp lan sc reen the system will p ermit the next step . With enhanc ed c all transfer, the DEFINITY AUDIX system uses a c ontrol link messag e to initiate the transfer. The switc h then verifies that the req uested d estination is a valid extension in the switc hs d ial p lan. If the numb er is valid , the switc h c omp letes the transfer, d isc onnec ts the DEFINITY AUDIX system, and send s a “ disc onnec t — suc c essful transfer” c ontrol link messag e to the DEFINITY AUDIX system. If the numb er is not valid , the switc h leaves the DEFINITY AUDIX system c onnec ted to the c aller and send s a “ fail” c ontrol link messag e to the DEFINITY AUDIX system. Then the DEFINITY AUDIX system p lays an error messag e to the c aller and p rompts for further ac tivity. *T #
DEFINITY AUDIX System Administration 585-300-507 Issue 7 May 1999 Ongoing System Security 10-5 Minimizing Toll Fraud 10 You selec t the c all transfer typ e in the Transfer Typ e field on the System-Parameters Features sc reen. The d efault is none . Dep end ing on your type of switc h integ ration and p ort emulation, you c an c hang e the field to one of the following : nbasic makes the DEFINITY AUDIX system g o off-hook, wait for a d ial-tone, d ial the transfer numb er, then wait ag ain for the c onnec tion to c omp lete. The c all is not returned to AUDIX. nenhanced_no_cover_0 treats the c all as a red irec ted c all, p rovid ing no c all c overag e or c all forward ing for the d estination extension. nenhanced_cover_0 treats the c all as a directed call, p rovid ing call c overag e and c all forward ing as d efined for the d estination extension. If the Call Transfer feature has b een ac tivated on the System-Parameters Features sc reen and b asic c all transfer is b eing used , the risk of toll fraud attemp ts c an b e minimized b y setting the Transfer Restric tion field to subscribers . In this c ase, If the p attern of the number d ialed c orresp ond s to a p attern you have p ermitted on the transfer-d ialp lan sc reen, and if the destination telep hone numb er has the same number of d ig its as extension numb ers within the DEFINITY AUDIX system and if the numb er is a valid extension numb er for an ad ministered sub sc rib er (either loc al or remote), transfer will b e p ermitted . The Transfer Restric tion field also c an b e set to d igits. In this c ase, the d estination telephone numb er must c orresp ond to a p attern you have p ermitted on the transfer-dialp lan sc reen and must have the same numb er of d ig its as extension numb ers (i.e., mailb ox id entifiers) within the DEFINITY AUDIX system. Sinc e this op tion d oes not minimize toll fraud , it is ad ministered only b y Luc ent and only as a spec ial servic e to c ustomers who demand the digits op tion. Restric ting c all transfers to ad ministered sub sc rib ers is the more sec ure of the two op tions — fraud ulent use of c all transfer will b e virtually eliminated sinc e the DEFINITY AUDIX system c an verify that the sp ec ified d estination is an ad ministered numb er. If d ig its are sp ec ified , on the other hand , the c aller mig ht find a way to ac c ess the switc h and to use switc h features and func tions to c omp lete fraudulent long -d istanc e c alls. !WARNING: If the sub sc rib ers restric tion is used , you should not assign non-resid ent sub sc rib ers (users with a mailb ox b ut no telep hone on the switc h) to extension numb ers that start with the same d ig it(s) as switc h trunk ac c ess c od es (suc h as 9). Take sp ec ial c are, therefore, to make sure the transfer dialplan p revents transfer to suc h end p oints.
DEFINITY AUDIX System Administration 585-300-507 Issue 7 May 1999 Ongoing System Security 10-6 Minimizing Toll Fraud 10 To enhanc e sec urity for the Outc alling feature, you c an turn off outc alling on a p er-sub sc rib er basis via the Sub sc rib er or Class of Servic e sc reen. You also c an restric t the numb er of dig its that may b e used for outc alling on a system-wide b asis via the System-Parameters Outc alling sc reen. If your DEFINITY AUDIX system is intend ed to serve only a sub set of the switc hs station users, the remaining station users may b e administered as DEFINITY AUDIX sub sc rib ers with zero-leng th mailb oxes and with the switc h numb er 0. This insures that eac h switc h station user is also an ad ministered DEFINITY AUDIX sub sc rib er. The zero-length mailb ox means that no sp ac e will b e alloc ated for these mailb oxes. The users will technically be sub scrib ers, b ut they c annot send or rec eive messag es. In ad d ition, you c an use send ing restric tions to p revent sub sc rib ers from send ing messag es to these p eop le. However, even thoug h the mailb oxes are zero-leng th, these sub sc rib ers c an still rec eive b roadc ast voic e mail messag es. The desig nation of switc h 0 will p revent the DEFINITY AUDIX system from ac tivating their Messag e Waiting Ind ic ators (MWIs). NOTE: Ad ministering zero-leng th mailb oxes c ould sig nific antly inc rease the amount of time req uired to ad minister the DEFINITY AUDIX system. Protec ting your DEFINITY AUDIX system is a vital and imp ortant p art of your resp onsibility as system ad ministrator. You should take every p rec aution to p rotec t your c omp anys assets from b oth internal and external sec urity b reac hes.
Lucent INTUITY Message Manager and LAN Considerations 11-1 11 DEFINITY AUDIX System Administration 585-300-507 Issue 7 May 1999 11 Lucent INTUITY Message Manager and LAN Considerations This chapter provides information for handling DEFINITY AUDIX system ad ministration and other issues assoc iated with the Luc ent I NTUITY Message Manag er (IMM). If you p urc hased Luc ent I NTUITY Message Manager with Release 3.1 or later, the DEFINITY AUDIX system c an b e ad ministered as a server on a Loc al Area Network (LAN). See the Luc ent I NTUITY Messag e Manag er feature in DEFINITY AUDIX System — Feature Desc rip tions, 585-300-206, for an overview of Luc ent I NTUITY Messag e Manag er. The LAN ad ministrator at your site should b e trained to hand le LAN ad ministration and troub leshooting p roc ed ures; this c hap ter d oes not c over these issues. The Luc ent Intuity Messag e Manag er d oc umentation p rovid es some troub leshooting p roc ed ures for the PC. It is likely that you will use Luc ent I NTUITY Messag e Manag er in c onjunc tion with an alread y-existing LAN installation. See DEFINITY AUDIX System — System Desc rip tion , 585-300-205 or DEFINITY AUDIX System Release 4.0 System Desc rip tion , 585-300-214, for information on LAN c onfig urations. Luc ent I NTUITY Messag e Manager is p urc hasab le as a rig ht-to-use for the DEFINITY AUDIX system. If you have not purc hased this feature, c ontac t your Luc ent sales rep resentative to d o so.
DEFINITY AUDIX System Administration 585-300-507 Issue 7 May 1999 Lucent INTUITY Message Manager and LAN Considerations 11-2 Lucent INTUITY Message Manager Client Software 11 Lucent INTUITY Message Manager Client Software Eac h PC (or c lient) that ac c esses the DEFINITY AUDIX server must have ac c ess to the I NTUITY Messag e Manag er c lient software (either installed on eac h PC or ac c essib le on the LAN server). If you have not ord ered this software p reviously, c ontac t your Luc ent sales rep resentative to ord er the Luc ent I NTUITY Messag e Manag er c lient software and d oc umentation. Refer to the Intuity Messag e Manag er d oc umentation for Intuity Messag e Manager c lient software installation instruc tions. Number of Subscribers and IMM Sessions Any numb er of DEFINITY AUDIX sub sc rib ers c an b e ad ministered to use the Luc ent I NTUITY Messag e Manag er feature either on the Class of Servic e sc reen or on the Sub sc rib er sc reen. This feature has the following limitations on its usag e: nUp to 500 TCP/IP sessions c an b e c onnec ted at any one time. This means sub sc rib ers have started the c lient app lic ation from their PC. To d isc onnec t a TCP/IP session, sub sc rib ers must exit the c lient ap p lic ation. nUp to 32 AUDIX log in sessions c an b e in prog ress at any one time (the numb er of sessions is ad ministrab le in the Maximum Number of Enabled LAN Sessions field on the System-Parameters IMAPI-Op tions sc reen). This means sub sc rib ers have log g ed in to the AUDIX mailbox from their PC. The DEFINITY AUDIX server terminates a log in session if a session has b een inac tive for the amount of time set in the IMAPI Session Timeout field on the System-Parameters IMAPI-Op tions sc reen, b ut the TCP/IP session remains ac tive until the sub sc rib er exits from the c lient ap p lic ation. If the TCP/IP session is ac tive, an AUDIX log in session is estab lished automatic ally when the c lient starts using the ap p lic ation ag ain. nUp to 16 aud io sessions (d ep end ing on your DEFINITY AUDIX release and the number of voice ports purchased with your DEFINITY AUDIX system) c an b e in p rog ress at any one time (one of the AUDIX voic e p orts is being used). This means a subscriber is logged in to AUDIX (one of the up to 32 log in sessions) and an aud io session is ac tive (for examp le, the sub sc rib er is listening to a voic e mail messag e). When the aud io session has c omp leted , DEFINITY AUDIX d isc onnec ts the voic e p ort and the c lient ap p lic ation remains one of the up to 32 AUDIX log in sessions. The sub sc rib er c an d isc onnec t the aud io session b y hang ing up the p hone or b y c lic king on the “ off hook” ic on.
DEFINITY AUDIX System Administration 585-300-507 Issue 7 May 1999 Lucent INTUITY Message Manager and LAN Considerations 11-3 Administering the DEFINITY AUDIX System as a LAN Server 11 Administering the DEFINITY AUDIX System as a LAN Server Follow the step s in this sec tion to ad minister the DEFINITY AUDIX system as a server on the LAN for the Luc ent I NTUITY Messag e Manag er. The IMM aud io interfac e uses the Outc alling feature to c omp lete a c all to a sub sc rib er’s telep hone. You may need to inc rease the numb er of Outc alling p orts when using IMM. Activating the IMM Feature The Lucent INTUITY Messag e Manag er is p urc hasab le as a rig ht-to-use and must b e ac tivated b y Luc ent on the System-Parameters Customer-Op tions sc reen. Completing the System-Parameters IMAPI-Options Screen Complete the System-Parameters IMAPI-Op tions sc reen shown b elow to ad minister the feature.
DEFINITY AUDIX System Administration 585-300-507 Issue 7 May 1999 Lucent INTUITY Message Manager and LAN Considerations 11-4 Administering the DEFINITY AUDIX System as a LAN Server 11 Maximum Number of Enabled IMAPI Sessions You c an set the maximum numb er of enab led IMAPI sessions to help you regulate the performance of your DEFINITY AUDIX system. Enter a value from 0 to 32 . The maximum is 32 sessions (the d efault). Enable Check New Messages En t e r y (yes) (d efault) in this field if you want IMM to automatic ally notify the sub sc rib er of new messag es on the I NTUITY Message Manag er sc reen (yes is rec ommend ed for Luc ent I NTUITY Messag e Manager). Enter n (no) in this field if you d o not want the INTUITY Messag e Manag er to d isp lay that there are new messag es for the sub sc rib er. If the field is set to n, sub sc rib ers have to log in to see if they have new messag es. Enable Deliver CA Message En t e r y (yes) in this field to enab le c all answer messag e d elivery, whic h allows an IMAPI c lient to send voic e mail messag es ac ross the LAN b etween the AUDIX server and a c lient. Enter n (no) (d efault) in this field to p revent c all answer messag e d elivery. Call answer message d elivery is not availab le with IMM Release 1. Enable Voice File Transfer In most c ases, you will p rob ab ly want to allow voic e file transfers over the LAN; however, the ab ility to restric t the transfer of voic e files over the LAN is availab le on a system level, as well as on a per subsc rib er level. Messages have a voic e file assoc iated with them. These voic e files also c an b e arc hived on the PCs loc al or network d isk b y transferring a voic e file from the AUDIX server to the c lient PC. En t e r y (yes) to enab le voic e file transfers over the LAN. This allows IMM sub sc rib ers to use the Personal Fold er feature for storing messag es on a PC disk. Enter n (no) (d efault) to disab le voic e file transfers over the LAN (this red uc es LAN utilization). IMAPI Session Timeout Enter the amount of time that a log in session c an b e inac tive b efore the session is terminated b y the DEFINITY AUDIX server. Intervals may b e set in five-minute inc rements from 5 to 60 minutes. If you have many IMM users, keep this number low so that new log in sessions are mad e availab le for other IMM users. Most likely you will want to set this to 5 minutes. LAN IP ad d ress, LAN Sub net Mask, and Default LAN Gateway IP ad d ress LAN IP address , LAN Subnet Mask , and Default LAN Gateway IP address are p art of the TCP/IP (Transmission Control Protoc ol/Internet Protoc ol) ad ministration for the LAN. Ob tain site-spec ific values for these field s from your LAN ad ministrator.