Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies DEFINITY Enterprise Communications Server Release 8.2 Instructions Manual
Lucent Technologies DEFINITY Enterprise Communications Server Release 8.2 Instructions Manual
Have a look at the manual Lucent Technologies DEFINITY Enterprise Communications Server Release 8.2 Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
DEFINITY ECS Release 8.2 Administrator’s Guide 555-233-506 Issue 1.1 June 2000 Enhancing system security 327 Adding logins and passwords 11 17. Administer all fax machines, modems, and answering machines analog voice ports as follows: nSet the Switchhook Flash field to n. nSet the Distinctive Audible Alert field to n. Refer to ‘‘Station’’ on page 894 for more information. 18. Install a Call Accounting System to maintain call records. In the CDR System Parameters screen, Record Outgoing Calls Only field, set to y. Refer to ‘‘ CDR System Parameters’’ on page 522 for more information. NOTE: Call Accounting Systems produce reports of call records. It detects phones that are being hacked by recording the extension number, date and time of the call, and what digits were dialed. Adding logins and passwords This section shows you how to add a user and their password. To add a login, you must be a superuser with authority to administer permissions. When adding logins, remember the following: nType the new login name as part of the add command. The name must be 3–6 alphanumeric characters in length, and can contain the characters 0-9, a-z, A-Z. nThe password must be from 7 to 11 alphanumeric characters in length and contain at least 1 non-alphabetic character.
DEFINITY ECS Release 8.2
Administrator’s Guide 555-233-506 Issue 1.1
June 2000
Enhancing system security
328 Adding logins and passwords
11
Instructions
We will add the login
angi3 with the password b3stm0m. We also will require the
user to change their password every 30 days.
To add new logins and passwords:
1. Type
add login angi3 and press RETURN.
The Login Administration
screen appears.
The Login’s Name field shows the name you typed in the
add command.
2. In the Password of Login Making Change field, type your superuser
password.
3. In the Disable Following a Security Violation field, type
y to disable this
login following a login security violation.
This field appears only if on the Security-Related System Parameters
screen, SVN Login Violation Notification field is
y.
4. In the Login’s Password field, type
b3stm0m.
The password does not appear on the screen as you type.
5. In the Reenter Login’s Password field, retype
b3stm0m.
6. In the Password Aging Cycle Length (Days) field, type
30.
This requires the user to change the password every 30 days.
7. Press
ENTER to save your changes.
Now you need to set the permissions for this new login.
LOGIN ADMINISTRATION
Password of Login Making Change:
LOGIN BEING ADMINISTERED
Login’s Name: angi3
Login Type:
Service Level:
Disable Following a Security Violation?
Access to INADS Port? _
LOGIN’S PASSWORD INFORMATION
Login’s Password:
Reenter Login’s Password:
Password Aging Cycle Length (Days): 30
LOGOFF NOTIFICATION
Facility Test Call Notification? y Acknowledgment Required? y
Remote Access Notification? y Acknowledgment Required? y
ACCESS SECURITY GATEWAY PARAMETERS
Access Security Gateway? n
DEFINITY ECS Release 8.2
Administrator’s Guide 555-233-506 Issue 1.1
June 2000
Enhancing system security
329 Adding logins and passwords
11
8. Type change permissions angi3 and press RETURN.
The Command Permission Categories
screen appears.
9. In the Administer Stations field, type
y.
This allows your user to add, change, duplicate, or remove stations, data
modules and associated features.
10. In the Additional Restrictions field, type
y.
A
y in this field brings up the second and third pages of this screen.
11. In the first field, type
vdn.
This restricts your user from administering a VDN.
12. Press
ENTER to save your changes.
COMMAND PERMISSION CATEGORIES
Login Name: angi3
COMMON COMMANDS
Display Admin. and Maint. Data? n
System Measurements? n
ADMINISTRATION COMMANDS
Administer Stations? y Administer Features? n
Administer Trunks? n Administer Permissions? n
Additional Restrictions? y
MAINTENANCE COMMANDS
Maintain Stations? n Maintain Switch Circuit Packs? n
Maintain Trunks? n Maintain Process Circuit Packs? n
Maintain Systems? n Maintain Enhanced DS1? n
COMMAND PERMISSION CATEGORIES
RESTRICTED OBJECT LIST
vdn ______________________
_______________________ ______________________
_______________________ ______________________
_______________________ ______________________
_______________________ ______________________
_______________________ ______________________
_______________________ ______________________
_______________________ ______________________
_______________________ ______________________
_______________________ ______________________
DEFINITY ECS Release 8.2 Administrator’s Guide 555-233-506 Issue 1.1 June 2000 Enhancing system security 330 Changing a login 11 More information When you add a login, the Security Measurement reports do not update until the next hour. Password aging is an option you can start while administering logins. The password for each login can be aged starting with the date the password was created or changed and continuing for a specified number of days (1 to 99). The system notifies the user at the login prompt, 7 days before the password expiration date, their password is about to expire. When the password expires, the user needs to enter a new password into the system before logging in. Changing a login This section shows you how to change a user’s login. You may need to change a user’s password because it has expired. To change a login’s attributes, you must be a superuser with authority to administer permissions. When changing logins, remember the following: nType the new login name as part of the change command. The name must be 3–6 alphanumeric characters in length, and can contain the characters 0-9, a-z, A-Z. nThe password must be from 7 to 11 alphanumeric characters in length and contain at least 1 non-alphabetic character.
DEFINITY ECS Release 8.2
Administrator’s Guide 555-233-506 Issue 1.1
June 2000
Enhancing system security
331 Changing a login
11
Instructions
We will change the login
angi3 with the password b3stm0m. We also will require
the user to change their password every 30 days.
To change logins:
We will change the login
angi3.
1. Type
change login angi3 and press RETURN.
The Login Administration
screen appears.
2. In the Password of Login Making Change field, type your superuser
password.
3.In the Login’s Password field, type
b3stm0m.
This is the login for the password you are changing.
4. In the Reenter Login’s Password field, retype
b3stm0m.
The password does not appear on the screen as you type.
5. In the Password Aging Cycle Length (Days) field, type
30.
This requires the user to change the password every 30 days.
6. Press
ENTER to save your changes.
Related topics
‘‘Logging into the system’’.
LOGIN ADMINISTRATION
Password of Login Making Change:
LOGIN BEING ADMINISTERED
Login’s Name:angi3
Login Type:
Service Level:
Disable Following a Security Violation?
Access to INADS Port? _
LOGIN’S PASSWORD INFORMATION
Login’s Password:
Reenter Login’s Password:
Password Aging Cycle Length (Days):
LOGOFF NOTIFICATION
Facility Test Call Notification? y Acknowledgment Required? y
Remote Access Notification? y Acknowledgment Required? y
ACCESS SECURITY GATEWAY PARAMETERS
Access Security Gateway? n
DEFINITY ECS Release 8.2 Administrator’s Guide 555-233-506 Issue 1.1 June 2000 Enhancing system security 332 Displaying a login 11 Displaying a login This section shows you how to display a user’s login and review their permissions. Instructions To display a login such as angi3: 1. Type display login angi3 and press RETURN. The Login Administration appears and displays all information about the requested login except the password. Removing a login This section shows you how to remove a user’s login. To remove a login, you must be a superuser. Instructions To remove a login such as angi3: 1. Type remove login angi3 and press RETURN. The Login Administration screen appears showing information for the login you want to delete. 2. Press ENTER to remove the login, or press CANCEL to leave this screen without removing the login. More information When you remove a login, the Security Measurement reports do not update until the next hour. Related topics ‘‘Logging into the system’’.
DEFINITY ECS Release 8.2
Administrator’s Guide 555-233-506 Issue 1.1
June 2000
Enhancing system security
333 Using access security gateway
11
Using access security gateway
This section shows you how to use Access Security Gateway (ASG). ASG
prevents unauthorized access by requiring the use of the hand-held Access
Security Gateway Key for logging into the system.
You need superuser privileges to perform any of the ASG procedures.
Before you start
You need an Access Security Gateway Key.
On the ‘‘
System Parameters Customer-Options’’ screen, verify the Access
Security Gateway (ASG) field is
y. If not, contact your Lucent representative.
Instructions
To set up access security gateway:
1. Type
change login xxxx and press RETURN, where xxxx is the
alphanumeric login ID.
The Login Administration
screen appears.
2. In the Password of Login Making Change field, type your password.
3. In the Access Security Gateway field, type
y.
When set to
y, the Access Security Gateway Login Administration screen
(page 2) appears automatically.
LOGIN ADMINISTRATION
Password of Login Making Change:
LOGIN BEING ADMINISTERED
Login’s Name:xxxxxxx
Login Type:
Service Level:
Disable Following a Security Violation?
Access to INADS Port? _
LOGIN’S PASSWORD INFORMATION
Login’s Password:
Reenter Login’s Password:
Password Aging Cycle Length (Days):
LOGOFF NOTIFICATION
Facility Test Call Notification? y Acknowledgment Required? y
Remote Access Notification? y Acknowledgment Required? y
ACCESS SECURITY GATEWAY PARAMETERS
Access Security Gateway? n
DEFINITY ECS Release 8.2 Administrator’s Guide 555-233-506 Issue 1.1 June 2000 Enhancing system security 334 Using access security gateway 11 4. Either: nSet the System Generated Secret Key field to: ny for a system-generated secret key, or nn for a secret key to be entered by the administrator, or nIn the Secret Key field, enter your secret key. Be sure to remember your secret key number. 5. All other fields on page 2 are optional. 6. Press ENTER to save your changes. 7. Type change system-parameters security and press RETURN. The Security-Related System Parameters screen appears. 8. In the Access Security Gateway Parameters section, you determine which of the following necessary port type fields to set to y. NOTE: Lucent recommends that you protect the SYSAM-RMT port since it is a dial-up port and therefore is more susceptible to compromise. In our example, in the SYSAM -RMT field, we’ll type y. 9. Press ENTER to save your changes. Page 2 of 2 SECURITY-RELATED SYSTEM PARAMETERS SECURITY VIOLATION NOTIFICATION PARAMETERS SVN Station Security Code Violation Notification Enabled? y Originating Extension: _____ Referral Destination: _____ Station Security Code Threshold: 10 Time Interval: 0:03 Announcement Extension: _____ STATION SECURITY CODE VERIFICATION PARAMETERS Minimum Station Security Code Length: 4 Security Code for Terminal Self Administration Required? y ACCESS SECURITY GATEWAY PARAMETERS SYSAM-LCL? n SYSAM-RMT? y MAINT? n SYS-PORT? n
DEFINITY ECS Release 8.2
Administrator’s Guide 555-233-506 Issue 1.1
June 2000
Enhancing system security
335 Using access security gateway
11
Disabling Access Security Gateway
To temporarily disable ASG while users are on vacation or travel:
1. Type
change login xxxx and press RETURN, where xxxx is the
alphanumeric login ID.
The Login Administration
screen appears.
2. On the Access Security Gateway Login Administration page (page 2), set
the Blocked field to
y.
Setting the Blocked field to
y does not remove the login from the system,
but temporarily disables the login.
3. Press
ENTER to save your changes.
NOTE:
A superuser can disable and restart access for another superuser.
Restarting Access Security Gateway
To restart temporarily disabled access security gateway access for login:
1. Type
change login xxxx and press RETURN, where xxxx is the
alphanumeric login ID.
The Login Administration
screen appears.
2. On the Access Security Gateway Login Administration page (page 2), set
the Blocked field to
n.
3. Press
ENTER to save your changes.
LOGIN ADMINISTRATION
Password of Login Making Change:
LOGIN BEING ADMINISTERED
Login’s Name:xxxxxxx
Login Type:
Service Level:
Disable Following a Security Violation?
Access to INADS Port? _
LOGIN’S PASSWORD INFORMATION
Login’s Password:
Reenter Login’s Password:
Password Aging Cycle Length (Days):
LOGOFF NOTIFICATION
Facility Test Call Notification? y Acknowledgment Required? y
Remote Access Notification? y Acknowledgment Required? y
ACCESS SECURITY GATEWAY PARAMETERS
Access Security Gateway? n
DEFINITY ECS Release 8.2
Administrator’s Guide 555-233-506 Issue 1.1
June 2000
Enhancing system security
336 Using access security gateway
11
Loss of an ASG key
If a user loses their Access Security Gateway Key:
1. Modify any logins associated with the lost Access Security Gateway Key.
Refer to the Access Security Gateway Key User’s Guide to change your
PIN.
2. If the login is no longer valid, type
remove login xxxx and press RETURN,
to remove the invalid login from the system, where xxxx is the
alphanumeric login ID.
3. To keep the same login, change the Secret Key associated with the login to
a new value.
4. Using the new secret key value, re-key devices that generate responses and
interact with the login.
Monitoring the Access Security Gateway
history log
The Access Security Gateway Session History Log records all ASG session
establishment and session rejection events except when, on the Login
Administration screen, the Access to INADS Port field is
y. You must be a
superuser to use the
list asg-history command.
1. Type
list asg-history and press RETURN.
The Access security gateway
screen appears.
ACCESS SECURITY GATEWAY SESSION HISTORY
Date Time Port Login Status
01/06 12:45 SYSAM-RMT csand AUTHENTICATED
01/05 01:32 SYSAM-LCL jsmith REJECT-BLOCK
01/05 12:33 SYSAM-RMT ajones REJECT-EXPIRE
01/03 15:10 SYSAM-RMT swrigh REJECT-PASSWORD
01/02 08:32 SYSAM-LCL jsmith REJECT-INVALID
01/02 07:45 SYSAM-RMT mehrda REJECT-RESPONSE