Lucent Technologies Remote Port Security Device Users Guide

							RPSD System Administration 
Page 3-1  
3
Remote Port Security Device
User’s Guide  555-024-402  Issue 1
October 1996
3
3RPSD System Administration
The RPSD Lock prevents unauthorized access to the RMATS channel on your 
communications system. When you administer the RPSD, keep in mind that 
access via telephone lines is not the only means of breaching the security of your 
system. A system can be breached, for example, by physically intercepting lines 
and adding unauthorized equipment. RPSD users may take many actions to 
enhance overall telecommunication security. These actions include, but are not 
limited to, providing physical security for RPSD installation sites (locked rooms, 
cabinets, etc.) and wiring room sites. Monitor the RPSD System Activity Log for 
patterns of activity, such as repeated denied call attempts. Contact your 
computer security group for assistance.
NOTE:
Save the seed value for the authentication algorithm in a protected place, in 
case equipment needs to be replaced at a later date.
!Security Alert:
The Remote Port Security Device, if properly installed and managed, 
provides a significant and substantial barrier to unauthorized access to a 
dial-up communication port. 
						

							Remote Port Security Device
User’s Guide  555-024-402  Issue 1
October 1996
RPSD System Administration 
Page 3-2 Menu of Commands 
3
Menu of Commands
Use the RPSD System Administrator Command Set to set RPSD Lock system 
parameters (such as time, date, communications specifications, etc.), to 
administer Key user capabilities and restrictions, and to list user information and 
system activity logs. See Table 3-1
 for a quick reference of these commands by 
function.
The Menu of Commands available to the system administrator is shown in 
Figure 3-1
.
Figure 3-1. Menu of Commands
NOTE:
The menu of Commands is available at any time by pressing   on the 
RPSD administration terminal. The commands are not case sensitive.
- Menu of Commands ---
A - Add User LH - Log History FC - Force Connect
B - Block User AH - Access History FD - Force Disconnect
U - Unblock User FH - Failure History
T - Test User AA - Admin. Access Hist D - Date Set
R - Remove User AF - Admin. Failure His C - Clock Set
L - List User Table I - ID Set
ST - Status Display SC - Set Comms. Params
CR - Change Restriction LS - List Statistics AS - AUX Security 
ON/Off
LR - List Restrictions RS - Reset Statistics
UR - User Restrictions Q - Quit Admin. session
-- For Help Type ‘?’ Followed by Command --
ENTER 
						

							Remote Port Security Device
User’s Guide  555-024-402  Issue 1
October 1996
RPSD System Administration 
Page 3-3 Menu of Commands 
3
Use Table 3-1 as a reference for command use.
Table 3-1. Command Usage Quick Reference
Function Command Page Ref.
New system installation or new Key added
Set the current date Date Set page 3-25
Set the current time Clock Set page 3-24
Set a unique identifier for the RPSD Lock ID Set page 3-31
Set the communications link speed, 
character length, and parity on the serial 
port.Set Comm. 
Parameterspage 3-47
 Add administrative, RPSD/Key 
(non-administrative) user to LockAdd User page 3-6
Determine code to be matched by a 
code from the user Test User page 3-50
Enable or disable security on the AUX 
(administrative) portAUX Security page 3-19
Specify time restrictions for access to the 
LockChange 
Restrictionspage 3-22
Assign specified time restrictions to 
usersUser 
Restrictionspage 3-52
Block users from access to the RMATS 
channelBlock User page 3-21
Other administrative procedures:
Display a help screen for a command Help (?) page 3-54
Unblock users from access to RMATS 
channelUnblock User page 3-51
Remove user from RPSD Lock access Remove User page 3-45 
						

							Remote Port Security Device
User’s Guide  555-024-402  Issue 1
October 1996
RPSD System Administration 
Page 3-4 Menu of Commands 
3
Function Command Page Ref.
Override RPSD Lock security and allow 
individual call access to host resourceForce Connect page 3-29
Disconnect a call in progress Force 
Disconnectpage 3-30
Display the version, date, time, 
communications parameters, and 
current status of the RPSD LockStatus Display page 3-48
Reset the access attempt statistics to 
zeroReset 
Statisticspage 3-46
Terminate an administrative session Quit page 3-44
User information lists:
List user ID, whether the user is blocked, 
user type (permanent, administrative, 
RPSD/Key [non-administrative]), 
password or passkey requirement for 
administrative users, and assigned 
restrictionsList User Table page 3-36
List specific time periods and days 
during which time restrictions may be 
placed on one or more usersList 
Restrictionspage 3-32
Show whether a user is blocked and/or 
restricted and the code to be matched 
by a code from the userTest User page 3-50
System activity histories:
List the last 500 System Activity Log 
messages, including Message 
Authentication Code, message 
sequence number, date and time of 
message, and status messageLog History page 3-40
Table 3-1. Command Usage Quick Reference — Continued 
						

							Remote Port Security Device
User’s Guide  555-024-402  Issue 1
October 1996
RPSD System Administration 
Page 3-5 Command Functions 
3
Command Functions
The following pages contain a description of the RPSD System Administrator 
Commands and command syntax for the RPSD Lock. The commands are in 
alphabetical order. Also described at the end of this chapter is the method of 
accessing the help screens that accompany the Menu of Commands.Function Command Page Ref.
List the details of the last 500 RMATS 
channel access calls (incoming and 
outgoing), including Message 
Authentication Code, message 
sequence number, date, time, user ID, 
device number, and duration of the callAccess History page 3-11
List the details of the last 500 failed 
access attempts including Message 
Authentication Code, message 
sequence number, date, time, user ID, 
device number, and failure reasonFailure History page 3-26
List the details of the last 100 
administrative access attempts including 
Message Authentication Code, 
message sequence number, date, time, 
user ID, and duration of the callAdministra-
tive Access 
Historypage 3-14
List the details of the last 100 failed 
administrative access attempts including 
Message Authentication Code, 
message sequence number, date, time, 
user ID, and failure reasonAdministra-
tive Failure 
Historypage 3-17
List a statistical summary of call attempts 
and failures since the last reset and 
cumulative totals List Statistics page 3-34
Table 3-1. Command Usage Quick Reference — Continued 
						

							Remote Port Security Device
User’s Guide  555-024-402  Issue 1
October 1996
RPSD System Administration 
Page 3-6 Command Functions 
3
A—Add User
Syntax and Parameters
To add an RPSD Key user:
a ,[secret_key] 
To add an administrative user with the capability to access the RPSD Lock to 
change Lock parameters:
a ,[secret_key], a 
Parameter Description
aAdd User command
A unique identifier selected by the system administrator. 
The user ID may be up to 10 characters long and is not 
case sensitive.
[secret_key]The the pre-defined number of up to 14 hexadecimal 
digits used to administer a single Key for multiple Locks. 
This parameter can be specified by the system 
administrator or randomly assigned by the Lock. If this 
field is omitted (the field must be delimited by a comma), it 
is randomly generated by the Lock.
aThe administrative user designation
Identifies the authentication method if AUX Security is 
enabled. The valid values are:
k = administrative user must authenticate to the    
        AUX port using a passkey
w = administrative user must authenticate to the 
       AUX port using a password
The default is w. If you only enter “a,” the system internally 
adds a “w.”
ENTER
ENTER 
						

							Remote Port Security Device
User’s Guide  555-024-402  Issue 1
October 1996
RPSD System Administration 
Page 3-7 Command Functions 
3
Description
Use the Add User command to add an RPSD Key user or an administrative user 
to the list of users on the Lock. A total of 60 RPSD/Key (non-administrative) users 
and administrative users are allowed on each Lock. Of the 60 users, 10 are 
permanent users reserved for Lucent Technologies personnel and cannot be 
removed. The following are the 10 permanent Lucent Technologies RPSD user 
IDs:
nUser IDs reserved for Lucent Technologies personnel using the INADS 
system
— ATT-INADS1
— ATT-INADS2
— ATT-INADS3
— ATT-INADS4
nUser IDs reserved for Key users and engineers at the Technical Services 
Center in Englewood, Colorado (all products):
—ATT-TSC001
—ATT-TSC002
nUser ID reserved for Lucent Technologies personnel at the Tier 3 location 
at the Denver Works Factory:
— ATT-PECC01
nUser ID reserved for Bell Laboratories field support for System 85 and 
DEFINITY® Enterprise Communications Server (ECS), Generic 2
— ATT-LABS01
nUser ID reserved for Bell Laboratories field support for System 75 and 
DEFINITY ECS Generic 1
— ATT-LABS02
nUser ID reserved for Bell Laboratories field support for AUDIX
— ATT-LABS03
In addition to normal access capabilities, administrative users can gain access 
to the RPSD Lock to change Lock parameters. If the AUX Security feature is 
enabled, the administrative user must use a password or a passkey device 
associated with the user ID to authenticate his or her administrative access 
capability. See “Passkey Authentication” in Chapter 4 for instructions for the 
passkey authentication process.
When the administrative user is added with a password requirement (a w entered 
in the  parameter), the assigned password is entered at 
the “Enter Password” prompt and then entered again at the “Verify Password” 
prompt. This ensures that the intended password is typed correctly. The unique  
						

							Remote Port Security Device
User’s Guide  555-024-402  Issue 1
October 1996
RPSD System Administration 
Page 3-8 Command Functions 
3
password contains up to 15 alphanumeric characters consisting of any printable 
ASCII character, including a space. 
NOTE:
Passwords are case sensitive. While entering the password, note whether 
the password characters are entered in upper or lower case.
A single Key can be used to access multiple Locks. This is done by entering 
information in the [secret_key] parameter when adding that Key. When an 
administrative user is added with a passkey requirement, the [secret_key] 
parameter is required by the encryption device to verify the user’s identity during 
authentication. The [secret_key] parameter is not required when an 
administrative user is added with a password requirement.
The same secret key information is used when adding that Key to other Locks. 
The information is used to generate the test response. The secret key chosen by 
the administrator is the key information to be added to the RPSD Key. If this 
option is not used, the RPSD Lock generates the secret key information 
randomly.
The RPSD Lock returns secret information and a test response when a user is 
added. This information is used to initialize the RPSD Key, so make sure to note 
the information. 
In any situation where the RPSD Key is already initialized for use on another 
Lock, the existing [secret_key] parameter should be specified when adding the 
user to each additional Lock.
!Security Alert:
Be careful to maintain the security of the information. The user ID will always 
be associated with that particular Key and its secret information and test 
response. 
Before newly added Key users can gain access via the Lock system, the new 
Key must be initialized. See the “Initialization Function” section in Chapter 4 for 
the procedure. 
						

							Remote Port Security Device
User’s Guide  555-024-402  Issue 1
October 1996
RPSD System Administration 
Page 3-9 Command Functions 
3
Sample Command and Response 
Adding a non-administrative user without specifying the [secret_key] parameter:
Adding a non-administrative user with
 the [secret _key] parameter specified:
Adding an administrative user requiring password authentication:
> a KEY20,,
JPLock01 443 08/12/96 13:14:22 KEY20 -- User Added OK --
>
Enter this secret key into the RPSD/Key Unit
F37B 159D 6ABE 3E
Test Response is: 8119704
>
> a KEY20,F47B159D6ABE3E
JPLock02 443 08/14/96 01:57:43 KEY21 -- User Added OK --
>
Enter this secret key into the RPSD/Key Unit
F47B 159D 6ABE 3E
Test Response is: 4296425
>
> a JOE,,AW
Enter Password >***************
Verify Password >***************
JPLock02 443 08/14/96 01:57:43 KEY21 -- Admin. User Added OK --
> 
						

							Remote Port Security Device
User’s Guide  555-024-402  Issue 1
October 1996
RPSD System Administration 
Page 3-10 Command Functions 
3
Adding an administrative user requiring passkey authentication:
If a user with an existing passkey is assigned to a new key, the existing passkey 
can be entered so a new one does not have to be assigned:
> a KEY20,,ak
JPLock02 443 08/14/96 01:57:43 KEY21 -- Admin. User Added OK --
>
Enter These Digits into PassKey as Key1 or Key2:
7652 0034 = 2106 4704 = 3320 =
Test Challenge: 1234567 ...Reply: 832-5113
>
> a KEY20,58940085427656086626,ak
JPLock02 443 08/14/96 01:57:43 KEY20 -- Admin. User Added OK --
>
Enter These Digits into PassKey as Key1 or Key2:
5894 0085 = 4276 5608 = 6626 =
Test Challenge: 1234567 ...Reply: 765-3241
>