Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies DEFINITY Enterprise Communication Server Release 8.2 Administrators Guide
Lucent Technologies DEFINITY Enterprise Communication Server Release 8.2 Administrators Guide
Have a look at the manual Lucent Technologies DEFINITY Enterprise Communication Server Release 8.2 Administrators Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
DEFINITY ECS Release 8.2 Administrator’s Guide 555-233-506 Issue 1 April 2000 Enhancing system security 317 Changing a login 11 More information When you add a login, the Security Measurement reports do not update until the next hour. Password aging is an option you can start while administering logins. The password for each login can be aged starting with the date the password was created or changed and continuing for a specified number of days (1 to 99). The system notifies the user at the login prompt, 7 days before the password expiration date, their password is about to expire. When the password expires, the user needs to enter a new password into the system before logging in. Changing a login This section shows you how to change a user’s login. You may need to change a user’s password because it has expired. To change a login’s attributes, you must be a superuser with authority to administer permissions. When changing logins, remember the following: nType the new login name as part of the change command. The name must be 3–6 alphanumeric characters in length, and can contain the characters 0-9, a-z, A-Z. nThe password must be from 7 to 11 alphanumeric characters in length and contain at least 1 non-alphabetic character. Instructions We will change the login angi3 with the password b3stm0m. We also will require the user to change their password every 30 days. To change logins: We will change the login angi3. 1. Type change login angi3 and press RETURN. The Login Administration screen appears.
DEFINITY ECS Release 8.2
Administrator’s Guide 555-233-506 Issue 1
April 2000
Enhancing system security
318 Displaying a login
11
2. In the Password of Login Making Change field, type your superuser
password.
3.In the Login’s Password field, type
b3stm0m.
This is the login for the password you are changing.
4. In the Reenter Login’s Password field, retype
b3stm0m.
The password does not appear on the screen as you type.
5. In the Password Aging Cycle Length (Days) field, type
30.
This requires the user to change the password every 30 days.
6. Press
ENTER to save your changes.
Related topics
‘‘Logging into the system’’.
Displaying a login
This section shows you how to display a user’s login and review their permissions.
Instructions
To display a login such as
angi3:
1. Type
display login angi3 and press RETURN.
LOGIN ADMINISTRATION
Password of Login Making Change:
LOGIN BEING ADMINISTERED
Login’s Name:angi3
Login Type:
Service Level:
Disable Following a Security Violation?
Access to INADS Port? _
LOGIN’S PASSWORD INFORMATION
Login’s Password:
Reenter Login’s Password:
Password Aging Cycle Length (Days):
LOGOFF NOTIFICATION
Facility Test Call Notification? y Acknowledgment Required? y
Remote Access Notification? y Acknowledgment Required? y
ACCESS SECURITY GATEWAY PARAMETERS
Access Security Gateway? n
DEFINITY ECS Release 8.2 Administrator’s Guide 555-233-506 Issue 1 April 2000 Enhancing system security 319 Removing a login 11 The Login Administration appears and displays all information about the requested login except the password. Removing a login This section shows you how to remove a user’s login. To remove a login, you must be a superuser. Instructions To remove a login such as angi3: 1. Type remove login angi3 and press RETURN. The Login Administration screen appears showing information for the login you want to delete. 2. Press ENTER to remove the login, or press CANCEL to leave this screen without removing the login. More information When you remove a login, the Security Measurement reports do not update until the next hour. Related topics ‘‘Logging into the system’’. Using access security gateway This section shows you how to use Access Security Gateway (ASG). ASG prevents unauthorized access by requiring the use of the hand-held Access Security Gateway Key for logging into the system. You need superuser privileges to perform any of the ASG procedures. Before you start You need an Access Security Gateway Key. On the ‘‘ System Parameters Customer-Options’’ screen, verify the Access Security Gateway (ASG) field is y. If not, contact your Lucent representative.
DEFINITY ECS Release 8.2
Administrator’s Guide 555-233-506 Issue 1
April 2000
Enhancing system security
320 Using access security gateway
11
Instructions
To set up access security gateway:
1. Type
change login xxxx and press RETURN, where xxxx is the
alphanumeric login ID.
The Login Administration
screen appears.
2. In the Password of Login Making Change field, type your password.
3. In the Access Security Gateway field, type
y.
When set to
y, the Access Security Gateway Login Administration screen
(page 2) appears automatically.
4. Either:
nSet the System Generated Secret Key field to:
ny for a system-generated secret key, or
nn for a secret key to be entered by the administrator, or
nIn the Secret Key field, enter your secret key.
Be sure to remember your secret key number.
5. All other fields on page 2 are optional.
6. Press
ENTER to save your changes.
7. Type
change system-parameters security and press RETURN.
The Security-Related System Parameters
screen appears.
LOGIN ADMINISTRATION
Password of Login Making Change:
LOGIN BEING ADMINISTERED
Login’s Name:xxxxxxx
Login Type:
Service Level:
Disable Following a Security Violation?
Access to INADS Port? _
LOGIN’S PASSWORD INFORMATION
Login’s Password:
Reenter Login’s Password:
Password Aging Cycle Length (Days):
LOGOFF NOTIFICATION
Facility Test Call Notification? y Acknowledgment Required? y
Remote Access Notification? y Acknowledgment Required? y
ACCESS SECURITY GATEWAY PARAMETERS
Access Security Gateway? n
DEFINITY ECS Release 8.2 Administrator’s Guide 555-233-506 Issue 1 April 2000 Enhancing system security 321 Using access security gateway 11 8. In the Access Security Gateway Parameters section, you determine which of the following necessary port type fields to set to y. NOTE: Lucent recommends that you protect the SYSAM-RMT port since it is a dial-up port and therefore is more susceptible to compromise. In our example, in the SYSAM -RMT field, we’ll type y. 9. Press ENTER to save your changes. Disabling Access Security Gateway To temporarily disable ASG while users are on vacation or travel: 1. Type change login xxxx and press RETURN, where xxxx is the alphanumeric login ID. The Login Administration screen appears. Page 2 of 2 SECURITY-RELATED SYSTEM PARAMETERS SECURITY VIOLATION NOTIFICATION PARAMETERS SVN Station Security Code Violation Notification Enabled? y Originating Extension: _____ Referral Destination: _____ Station Security Code Threshold: 10 Time Interval: 0:03 Announcement Extension: _____ STATION SECURITY CODE VERIFICATION PARAMETERS Minimum Station Security Code Length: 4 Security Code for Terminal Self Administration Required? y ACCESS SECURITY GATEWAY PARAMETERS SYSAM-LCL? n SYSAM-RMT? y MAINT? n SYS-PORT? n
DEFINITY ECS Release 8.2
Administrator’s Guide 555-233-506 Issue 1
April 2000
Enhancing system security
322 Using access security gateway
11
2. On the Access Security Gateway Login Administration page (page 2), set
the Blocked field to
y.
Setting the Blocked field to
y does not remove the login from the system,
but temporarily disables the login.
3. Press
ENTER to save your changes.
NOTE:
A superuser can disable and restart access for another superuser.
Restarting Access Security Gateway
To restart temporarily disabled access security gateway access for login:
1. Type
change login xxxx and press RETURN, where xxxx is the
alphanumeric login ID.
The Login Administration
screen appears.
2. On the Access Security Gateway Login Administration page (page 2), set
the Blocked field to
n.
3. Press
ENTER to save your changes.
LOGIN ADMINISTRATION
Password of Login Making Change:
LOGIN BEING ADMINISTERED
Login’s Name:xxxxxxx
Login Type:
Service Level:
Disable Following a Security Violation?
Access to INADS Port? _
LOGIN’S PASSWORD INFORMATION
Login’s Password:
Reenter Login’s Password:
Password Aging Cycle Length (Days):
LOGOFF NOTIFICATION
Facility Test Call Notification? y Acknowledgment Required? y
Remote Access Notification? y Acknowledgment Required? y
ACCESS SECURITY GATEWAY PARAMETERS
Access Security Gateway? n
DEFINITY ECS Release 8.2
Administrator’s Guide 555-233-506 Issue 1
April 2000
Enhancing system security
323 Using access security gateway
11
Loss of an ASG key
If a user loses their Access Security Gateway Key:
1. Modify any logins associated with the lost Access Security Gateway Key.
Refer to the Access Security Gateway Key User’s Guide to change your
PIN.
2. If the login is no longer valid, type
remove login xxxx and press RETURN,
to remove the invalid login from the system, where xxxx is the
alphanumeric login ID.
3. To keep the same login, change the Secret Key associated with the login to
a new value.
4. Using the new secret key value, re-key devices that generate responses and
interact with the login.
Monitoring the Access Security Gateway
history log
The Access Security Gateway Session History Log records all ASG session
establishment and session rejection events except when, on the Login
Administration screen, the Access to INADS Port field is
y. You must be a
superuser to use the
list asg-history command.
1. Type
list asg-history and press RETURN.
The Access security gateway
screen appears.
This screen contains the following fields:
nDate — Contains the date of the session establishment or rejection. For
example, the date displays in the mm/dd format where mm = month and dd
= day.
nTime — Contains the time of the session establishment or rejection. For
example, the time displays in the hh/mm format where hh = hour and mm =
minute.
ACCESS SECURITY GATEWAY SESSION HISTORY
Date Time Port Login Status
01/06 12:45 SYSAM-RMT csand AUTHENTICATED
01/05 01:32 SYSAM-LCL jsmith REJECT-BLOCK
01/05 12:33 SYSAM-RMT ajones REJECT-EXPIRE
01/03 15:10 SYSAM-RMT swrigh REJECT-PASSWORD
01/02 08:32 SYSAM-LCL jsmith REJECT-INVALID
01/02 07:45 SYSAM-RMT mehrda REJECT-RESPONSE
DEFINITY ECS Release 8.2 Administrator’s Guide 555-233-506 Issue 1 April 2000 Enhancing system security 324 Changing login permissions 11 nPort — Contains the port mnemonic associated with the port on which the session was established or rejected. The port mnemonics for G3r systems are SYSAM-LCL, SYSAM-RMT, MAINT, and SYS-PORT. For G3si systems, they are MRG1, INADS, NET, and EPN. nLogin — Contains the alphanumeric login string entered by the user and associated with the session establishment or rejection. nStatus — Contains a code that indicates whether the session was established or rejected and, if rejected, the reason for the rejection. Refer to Access security gateway for a list of the possible status values. Related topics ‘‘ Logging in with Access Security Gateway’’ on page 3 ‘‘Security violations notification’’ on page 1479 Changing login permissions This section shows you how to change login permissions. Once you have created a login, you can modify the permissions associated with the login. The system maintains default permissions for each level of login, but you may want to further restrict the login, or at least make sure the defaults are appropriate for the user. The default values for these fields vary based on the login type. Instructions We will change the login permissions of angi3. To change login permissions: 1. Type change permissions angi3 and press RETURN. The Command Permission Categories screen appears.
DEFINITY ECS Release 8.2
Administrator’s Guide 555-233-506 Issue 1
April 2000
Enhancing system security
325 Changing login permissions
11
2. In the Administer Stations field, type y.
This allows your user to add, change, duplicate, or remove stations, data
modules and associated features.
3. In the Additional Restrictions field, type
y.
A
y in this field brings up the second and third pages of this screen.
4. In the first field, type
vdn.
This restricts your user from administering a VDN.
5. Press
ENTER to save your changes.
COMMAND PERMISSION CATEGORIES
Login Name: angi3
COMMON COMMANDS
Display Admin. and Maint. Data? n
System Measurements? n
ADMINISTRATION COMMANDS
Administer Stations? y Administer Features? n
Administer Trunks? n Administer Permissions? n
Additional Restrictions? y
MAINTENANCE COMMANDS
Maintain Stations? n Maintain Switch Circuit Packs? n
Maintain Trunks? n Maintain Process Circuit Packs? n
Maintain Systems? n Maintain Enhanced DS1? n
COMMAND PERMISSION CATEGORIES
RESTRICTED OBJECT LIST
vdn ______________________
_______________________ ______________________
_______________________ ______________________
_______________________ ______________________
_______________________ ______________________
_______________________ ______________________
_______________________ ______________________
_______________________ ______________________
_______________________ ______________________
_______________________ ______________________
DEFINITY ECS Release 8.2 Administrator’s Guide 555-233-506 Issue 1 April 2000 Enhancing system security 326 Changing passwords 11 Changing passwords This section shows you how to change a user’s password. Instructions We will change the password for login angi3 to g3or5e. To change passwords: 1. Type change password angi3 and press RETURN. The Password Administration screen appears. 2. In the Password of Login Making Change field, type your password to change any field on this screen. We’ll type angi3. 3. In the Login’s Password field, type the initial password for this login. We’ll type g3or5e. Notify the owner of the login to change their password immediately. The password does not appear on the screen as you type. 4. In the Reenter Login’s Password field, retype the login’s password as above, for verification. We’ll type g3or5e. The password does not appear on the screen as you type. 5. Press ENTER to save your changes. PASSWORD ADMINISTRATION Password of Login Making Change: angi3 LOGIN BEING CHANGED Login Name: LOGIN’S PASSWORD INFORMATION Login’s Password: Reenter Login’s Password: