AT&T DEFINITY Remote Port Security Device Technical Information

Avaya Products Security Handbook555-025-600Comcode 108074378Issue 7June 2001

Contentsx Issue 7 June 2001 Call Traffic Report 6-13Trunk Group Report 6-13SAT, Manager I, and G3-MT Reporting 6-13ARS Measurement Selection 6-14Auto

Large Business Communications Systems4-42 Issue 7 June 2001For DEFINITY G2.2: Use PROC103 WORD1 FIELD15 to suppress WCR dial tone for that trunk gro

Security MeasuresIssue 7 June 20014-43Disable Transfer Outgoing Trunk to Outgoing TrunkThe outgoing trunk to outgoing trunk transfer (OTTOTT) (G3r an

Large Business Communications Systems4-44 Issue 7 June 2001Disallow Outgoing Calls from Tie TrunksIf your tie trunks are used solely for office-to-of

Security MeasuresIssue 7 June 20014-45 Set the default FRL to a low value with PROC103 WORD1 FIELD2.NOTE:ETN trunks pass along the originating stati

Large Business Communications Systems4-46 Issue 7 June 2001For DEFINITY ECS, DEFINITY G1, G3, and System 75 R1V3: Use change system-parameters featu

Security MeasuresIssue 7 June 20014-47Disable Distinctive Audible AlertDistinctive Audible Alert on a 2500 set has the potential of returning stutter

Large Business Communications Systems4-48 Issue 7 June 2001 Use change ars analysis to display the ARS Toll Analysis screen. Limit long distance and

Detecting Toll FraudIssue 7 June 20014-49Change Override Restrictions on 3-way COR CheckFor G3V2 and later releases, the Restriction Override feature

Large Business Communications Systems4-50 Issue 7 June 2001Administration SecurityLogins for INADS PortFor DEFINITY G3V4 and later, which includes DE

Detecting Toll FraudIssue 7 June 20014-51Forced Password Aging and AdministrableLoginsDEFINITY G3V3 and later releases, which includes DEFINITY ECS,

ContentsIssue 7 June 2001 xiProtecting the MERLIN MAIL, MERLINMAIL-ML, MERLIN MAIL R3, and MERLINLEGEND Mail Voice Messaging Systems 6-44Protecting A

Large Business Communications Systems4-52 Issue 7 June 2001Commands for the DEFINITY G3V3 or later, which includes DEFINITY ECS, are grouped into thr

Detecting Toll FraudIssue 7 June 20014-53Review CDR/SMDR records for the following symptoms of abuse: Short holding times on one trunk group Patter

Large Business Communications Systems4-54 Issue 7 June 2001Monitor IFor DEFINITY G2 and System 85, the optional Monitor I tracks call volume and aler

Detecting Toll FraudIssue 7 June 20014-55ARS Measurement SelectionThe ARS Measurement Selection feature can monitor up to 20 routing patterns (25 for

Large Business Communications Systems4-56 Issue 7 June 2001 To review and verify the entries, enter list aca-parameters. Enter change trunk group t

Detecting Toll FraudIssue 7 June 20014-57CMS MeasurementsThis monitoring technique measures traffic patterns and times on calls and compares them to

Large Business Communications Systems4-58 Issue 7 June 2001The SVN time interval selected, in conjunction with the threshold, specifies when a referr

Detecting Toll FraudIssue 7 June 20014-59 Enter the extension number of the person who will monitor violations in the Referral Destination field(s).

Large Business Communications Systems4-60 Issue 7 June 2001In addition to those SVN features already discussed (SVN Authorization Code Violation Noti

Detecting Toll FraudIssue 7 June 20014-61For DEFINITY ECS and DEFINITY G3, the report is divided into two sub-reports, a Summary report and a Detail

Contentsxii Issue 7 June 2001 Class of Service 7-3Toll Analysis 7-5Security Measures 7-5Limit Transfers to Internal Destinations 7-5Prevent Calls to

Large Business Communications Systems4-62 Issue 7 June 2001— Login Forced Disconnects: The total number of login processes that were disconnected aut

Detecting Toll FraudIssue 7 June 20014-63For DEFINITY ECS and DEFINITY G3: Use monitor security-violations for a real-time report of invalid attempt

Large Business Communications Systems4-64 Issue 7 June 2001 INADS: The INADS (Initialization and Administration System) port EIA: Other EIA portsTh

Detecting Toll FraudIssue 7 June 20014-65— Auth Code: The invalid authorization code entered— TG No: The trunk group number associated with the trunk

Large Business Communications Systems4-66 Issue 7 June 2001Remote Access Barrier Code Aging/Access Limits(DEFINITY G3V3 and Later)For DEFINITY G3V3 a

Detecting Toll FraudIssue 7 June 20014-67Recent Change History Report (DEFINITY ECSand DEFINITY G1 and G3 only)The latest administration changes are

Large Business Communications Systems4-68 Issue 7 June 2001 If the call originates outside the system, the incoming trunk equipment location is disp

Detecting Toll FraudIssue 7 June 20014-69For DEFINITY G2 and System 85:NOTE:This feature is available only with an ACD split. Use PROC054 WORD2 FIEL

Large Business Communications Systems4-70 Issue 7 June 2001

Issue 7 June 2001 5-15Small Business Communications SystemsThis chapter provides information on protecting the following communications systems: MER

ContentsIssue 7 June 2001 xiii PARTNER II Communications System 7-21PARTNER MAIL and PARTNER MAIL VS Systems 7-21PARTNER Attendant 7-21 PARTNER Plu

Small Business Communications Systems5-2 Issue 7 June 2001Features for the MERLIN SystemsThe following table indicates MERLIN II and MERLIN LEGEND se

Features for the MERLIN SystemsIssue 7 June 20015-3Forced Entry of Account Codesx x x x x x Affects only outgoing callsNight Service x x x x x Whenev

Small Business Communications Systems5-4 Issue 7 June 2001Station Message Detail Recording (SMDR)x x x x x x For ML R3 w/ Call ID, remote access numb

MERLIN II Communications SystemIssue 7 June 20015-5MERLIN II Communications SystemThis section provides information on protecting the MERLIN II Commu

Small Business Communications Systems5-6 Issue 7 June 2001— With a MERLIN II Communications System display console:1. From the administration menu, p

MERLIN LEGEND Communications SystemIssue 7 June 20015-7MERLIN LEGEND Communications SystemThis section provides information on protecting the MERLIN

Small Business Communications Systems5-8 Issue 7 June 2001Unlike the MERLIN II Communications System R3, the MERLIN LEGEND Communications System does

MERLIN LEGEND Communications SystemIssue 7 June 20015-9Protection Via Star Codes andAllowed/Disallowed ListsStarting with MERLIN LEGEND Release 3.1,

Small Business Communications Systems5-10 Issue 7 June 2001Default Disallowed ListBy default, Disallowed List #7 contains the following entries, whic

MERLIN LEGEND Communications SystemIssue 7 June 20015-11Security Defaults and TipsThe following list identifies features and components that can be r

Contentsxiv Issue 7 June 2001 10 Blocking Calls 10-1 Country Codes 10-1 Blocking Toll Fraud Destinations 10-9Blocking ARS Calls on DEFINITY G1 an

Small Business Communications Systems5-12 Issue 7 June 2001Protecting Remote AccessThe Remote Access feature allows users to call into the MERLIN LEG

MERLIN LEGEND Communications SystemIssue 7 June 20015-13 Program the Remote Access feature to require the caller to enter a barrier code before the

Small Business Communications Systems5-14 Issue 7 June 2001Protecting Remote System ProgrammingThe Remote System Programming feature allows your syst

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-15Protecting Remote Call ForwardingThe Remote Call Forwarding feature allows a customer to forward a

Small Business Communications Systems5-16 Issue 7 June 2001 Employees receive calls requesting the be transferred for outside “operator assistance”

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-17 Have only system administrator transfer calls to “*10.” The customer’s long distance carrier ma

Small Business Communications Systems5-18 Issue 7 June 2001The Remote Access features of your system, if you choose to use them, permit off-premises

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-19 Frequently monitor system call detail reports for quicker detection of any unauthorized or abnor

Small Business Communications Systems5-20 Issue 7 June 2001Preventive MeasuresTake the following preventive measures to limit the risk of unauthorize

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-21Security Risks Associated with Transferringthrough Voice Messaging SystemsToll fraud hackers try t

ContentsIssue 7 June 2001 xvChanging a Login’s Attributes 12-15Administering Login Command Permissions 12-16Display a Specified Login 12-17List Login

Small Business Communications Systems5-22 Issue 7 June 2001WARNING:Each extension should be assigned the appropriate FRL to match its calling require

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-23 If the Automated Attendant prompts callers to use Remote Call Forwarding (RCF) to reach an outsi

Small Business Communications Systems5-24 Issue 7 June 2001Security Risks Associated with the RemoteAccess FeatureRemote Access allows the MERLIN MAG

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-25Educating UsersEveryone in your company who uses the telephone system is responsible for system se

Small Business Communications Systems5-26 Issue 7 June 2001Detecting Toll FraudTo detect toll fraud, users and operators should look for the followin

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-27 Regularly back up your MERLIN MAGIX Integrated System files to ensure a timely recovery should i

Small Business Communications Systems5-28 Issue 7 June 2001Limiting OutcallingWhen Outcalling is used to contact subscribers who are off-site, use th

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-29Consider the following when you use wild card characters in Allowed and Disallowed Lists: Disallo

Small Business Communications Systems5-30 Issue 7 June 2001For example: *67 and 420 are two entries in an Allowed List. If someone at an Outward Rest

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-31If you program the route in the 6-Digit table to absorb N digits, the actual number of digits abso

Contentsxvi Issue 7 June 2001 15 Special Security Product and Service Offers 15-1 Remote Port Security Device (RPSD) 15-1Key and Lock Features 15-

Small Business Communications Systems5-32 Issue 7 June 2001If you program the route in the 6-Digit table to absorb N digits, the actual number of dig

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-33****SECURITY ALERT****The MERLIN MAGIX Integrated System ships with ARS activated with all extensi

Small Business Communications Systems5-34 Issue 7 June 2001Additional general security for voice messaging systems: Use a secure password for the Ge

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-35Magix R1.5: Disallowed Lists EnhancementsConsider the following when you use wild card characters

Small Business Communications Systems5-36 Issue 7 June 2001For example: *67 and 420 are two entries in an Allowed List. If someone at an Outward Rest

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-37Disconnect Signaling Reliability 3Use this procedure to classify the disconnect signal sent by the

Small Business Communications Systems5-38 Issue 7 June 2001 Outside lines can be assigned to Night Service groups in order for calls received on the

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-39Remote AccessDescriptionThe Remote Access feature allows people to use the system by dialing the n

Small Business Communications Systems5-40 Issue 7 June 2001access code and then publish the information to other hackers. Enormous charges can be run

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-41 Whether or not the dialed digits are correct, an inter-digit time-out occurs during the first at

ContentsIssue 7 June 2001 xvii16 Product Security Checklists 16-1 General Security Procedures 16-2 AUDIX, DEFINITY AUDIX andINTUITY AUDIX Voice M

Small Business Communications Systems5-42 Issue 7 June 2001“ * “ : Up to R3.1, was not permitted in the disallow lists. (it has always been permitte

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-431ppp900 Pay per minute toll call with wild cards.976 Pay per minute toll call.1976 Pay per minute

Small Business Communications Systems5-44 Issue 7 June 20013. Can the remote access password, be changed?  From “craftr4” to something else.4. Does

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-45System Directory. (Print) Check for marked system speed dials.Calling Groups. (Print) Identify

Small Business Communications Systems5-46 Issue 7 June 2001Allow Lists When outcalling is used.Night Service Exclusion list: Are voice mail ports l

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-47Check lines for remote call forwarding. 1. Remove if not needed.2. If needed: instruct customer o

Small Business Communications Systems5-48 Issue 7 June 2001d. Make allowed list for outcalling numbers.e. Make sure no other ARS tables have FRL of 2

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-496. Assign all unused auto attendant selector codes to go to either the operator or the general mai

Small Business Communications Systems5-50 Issue 7 June 2001DS1 – T1 and/or PRI.1. WATTS: Customers may restrict 011 and 809 (the Dominican Republic)

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-51Extension restrictions.1. Outward restrict MFM extensions not used for calling outside.2. Outward

Contentsxviii Issue 7 June 2001 17 Large Business Communications Systems Security Tools by Release 17-118 Non-supported Products 18-1 Products No

Small Business Communications Systems5-52 Issue 7 June 2001LEGEND TOLL FRAUD INTERVENTION FORM7DATE: ______________ TIME: _________________ IL#: __

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-53REMOTE CALL FORWARDING EXTS:_____________________________________________DISALLOW LIST INT’L : __

Small Business Communications Systems5-54 Issue 7 June 2001EXHIBIT 1 8/16/00 Toll Fraud Incident ReportBusiness Name:Business Address:

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-55 You may contact your 800 carrier and restrict access to your 800#’s from locations you do not wi

Small Business Communications Systems5-56 Issue 7 June 2001EXHIBIT 2 8/16/00Toll Fraud Incident ReportBusiness Name:Business Address: Contact Name: M

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-572: Created Disallow list 5 when encompasses the Caribbean countries:Puerto RicoPuerto RicoBahamas

Small Business Communications Systems5-58 Issue 7 June 2001All voice mail ports, extensions 563, 564, 565, 566, 567, 568, are accessing this list. C

MERLIN LEGEND/MAGIX Toll FraudIssue 7 June 20015-59Revised 8/17/00EXHIBIT 3: Letter from AvayaDear ,At your request, Avaya has conducted a toll fraud

Small Business Communications Systems5-60 Issue 7 June 2001MERLIN Plus Communications SystemThis section provides information on protecting the MERLI

MERLIN Plus Communications SystemIssue 7 June 20015-61 Monitor your SMDR records and/or your Call Accounting System reports regularly for signs of i

Issue 7 June 2001 1-11About This DocumentScope of this HandbookThis handbook discusses security risks and measures that can help prevent external tel

Small Business Communications Systems5-62 Issue 7 June 2001PARTNER II Communications SystemThis section provides information on protecting the PARTNE

System 25Issue 7 June 20015-63System 25This section provides information on protecting the System 25.Additional security measures are required to pro

Small Business Communications Systems5-64 Issue 7 June 2001Security Tips Evaluate the necessity for Remote Access. If this feature is not vital to y

System 25Issue 7 June 20015-65Security Tips The System Administration capability of the system is protected by a password. Passwords can be up to ei

Small Business Communications Systems5-66 Issue 7 June 2001

Issue 7 June 2001 6-16Voice Messaging SystemsThe information in this chapter helps prevent unauthorized users from finding pathways through the voice

Voice Messaging Systems6-2 Issue 7 June 2001Protecting Voice Messaging SystemsVoice messaging toll fraud has risen dramatically in recent years. Now

Protecting Voice Messaging SystemsIssue 7 June 20016-3All security restrictions that prevent transfer to these codes should be implemented. The only

Voice Messaging Systems6-4 Issue 7 June 2001 If you receive any strange messages on the voice mail system, if your greeting has been changed, or if

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20016-5Tools that Prevent Unauthorized CallsYou can help prevent

NoticeWhile reasonable efforts were made to ensure that the information in this document was complete and accurate at the time of printing, Avaya can

About This Document1-2 Issue 7 June 2001 MERLIN MAIL®-ML Voice Messaging System MERLIN MAIL® R3 Voice Messaging System PARTNER MAIL® System PARTN

Voice Messaging Systems6-6 Issue 7 June 2001The higher the FRL number, the greater the calling privileges. For example, if a station is not permitted

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20016-7Class of ServiceFor DEFINITY G2 and System 85, a voice mai

Voice Messaging Systems6-8 Issue 7 June 2001Limit Voice Mail to Internal CallingIf outcalling is not activated in the voice mail system, you can rest

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20016-9NOTE:In Table 6-2, FRLs 1 through 7 include the capabiliti

Voice Messaging Systems6-10 Issue 7 June 2001Allow Calling Only to Specified NumbersA reverse strategy to preventing calls is to allow outbound calls

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20016-11For DEFINITY ECS and DEFINITY G3: Use change ars analysi

Voice Messaging Systems6-12 Issue 7 June 2001See ‘‘Security Tips’’ on page 6-3 for additional ways to detect voice mail fraud.NOTE:The System Adminis

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20016-13 Administer the appropriate format to collect the most i

Voice Messaging Systems6-14 Issue 7 June 2001 To review the traffic measurements, use list measurements followed by one of the measurement types (tr

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20016-15 Establish short and long holding times. The defaults ar

Reason for ReissueIssue 7 June 20011-3Reason for ReissueThis issue, Issue 7 of the Avaya Security Handbook, updates information to include the follow

Voice Messaging Systems6-16 Issue 7 June 2001Unauthorized System UseYou can minimize the risk of unauthorized people gaining access to your system by

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20016-17Trusted Server SecurityA trusted server is a computer or

Voice Messaging Systems6-18 Issue 7 June 2001Internal Security. INTUITY AUDIX R4 allows the transmission between domains of two new message component

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20016-19The record reveals the routing of the call, including the

Voice Messaging Systems6-20 Issue 7 June 2001Outgoing Voice Call Detail Record (AUDIX Voice Mail System Only)An outgoing call record is also created

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20016-21Protecting PasswordsThe AUDIX, DEFINITY AUDIX, and Avaya

Voice Messaging Systems6-22 Issue 7 June 2001Security FeaturesBefore implementing any security measures to protect the voice mail system, it is impor

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20016-23Enhanced Call TransferWith Enhanced Call Transfer, the vo

Voice Messaging Systems6-24 Issue 7 June 2001This restriction may not be acceptable where it is desirable to have the call follow the coverage path o

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20016-25AMIS NetworkingAMIS Networking (the DEFINITY AUDIX System

About This Document1-4 Issue 7 June 2001How this Guide is OrganizedThe Avaya Security Handbook has the following chapters:Chapter 1: About This Docum

Voice Messaging Systems6-26 Issue 7 June 2001For ALL systems (DEFINITY ECS, DEFINITY G1, G2, G3, System 75, and System 85 R2V4):1. On the AUDIX Voice

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20016-27After you activate Enhanced Call Transfer, test it by fol

Voice Messaging Systems6-28 Issue 7 June 2001Limit OutcallingThe measures you can take to minimize the security risk of outcalling depend on how it i

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20016-29Security Tips Require callers to use passwords. Have th

Voice Messaging Systems6-30 Issue 7 June 2001Protecting PasswordsThe AUDIX Voice Power System offers password protection to help restrict unauthorize

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20016-31Security MeasuresThe security measures described in this

Voice Messaging Systems6-32 Issue 7 June 2001NOTE:On AUDIX Voice Power System 2.1.1, mailboxes can be set individually to “1 minute,” reducing the cl

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20016-33Security MeasuresDesign applications with toll fraud in m

Voice Messaging Systems6-34 Issue 7 June 2001Security TipsToll fraud is possible when the application allows the incoming caller to make a network co

MERLIN II Communications SystemIssue 7 June 20016-35The MERLIN MAIL Voice Messaging System provides automated attendant, call answer, and voice mail

Avaya’s Statement of DirectionIssue 7 June 20011-5Avaya’s Statement of DirectionThe telecommunications industry is faced with a significant and growi

Voice Messaging Systems6-36 Issue 7 June 2001To reduce the risk of unauthorized access through your voice messaging system, observe the following pro

MERLIN LEGEND Communications SystemIssue 7 June 20016-37MERLIN LEGEND Communications SystemThe MERLIN LEGEND Communications System may be used with t

Voice Messaging Systems6-38 Issue 7 June 2001Protecting the AUDIX Voice Power SystemThe AUDIX Voice Power System provides both automated attendant an

MERLIN LEGEND Communications SystemIssue 7 June 20016-39 Set up auto attendant selection codes so that they do not permit outside line selection. A

Voice Messaging Systems6-40 Issue 7 June 2001 Enter # in the Subscriber Password field to prevent access to the corresponding voice mail. Enter yes

MERLIN LEGEND Communications SystemIssue 7 June 20016-41Security Tips At the switch, assign toll restrictions to voice message system and automated

Voice Messaging Systems6-42 Issue 7 June 2001Basic Call TransferWith Basic Call Transfer, after a voice mail system caller enters *T, the system perf

MERLIN LEGEND Communications SystemIssue 7 June 20016-43 Avoid or closely monitor the use of “guest” mailboxes (mailboxes without a physical extensi

Voice Messaging Systems6-44 Issue 7 June 2001Protecting the MERLIN MAIL, MERLINMAIL-ML, MERLIN MAIL R3, and MERLINLEGEND Mail Voice Messaging Systems

MERLIN LEGEND Communications SystemIssue 7 June 20016-45Take the following preventative measures to limit the risk of unauthorized use of the automat

About This Document1-6 Issue 7 June 2001To help customers use and manage their systems in light of the trade-off decisions they make and to ensure th

Voice Messaging Systems6-46 Issue 7 June 2001Hackers may also use a computer to dial an access code and then publish the information for other hacker

MERLIN LEGEND Communications SystemIssue 7 June 20016-47 Set the maximum number of digits in an extension parameter appropriate to your dial plan. T

Voice Messaging Systems6-48 Issue 7 June 2001Additional MERLIN MAIL R3 and MERLIN LEGEND Mail Voice Messaging System Security FeaturesThe MERLIN MAIL

Messaging 2000 Voice Mail SystemIssue 7 June 20016-49Messaging 2000 Voice Mail SystemThe Messaging 2000 (M2000) System provides Voice Mail services f

Voice Messaging Systems6-50 Issue 7 June 2001When Quick Assist is run in Recover Mode from the Quick Assist icon in the Lucent folder, use the “Mailb

Messaging 2000 Voice Mail SystemIssue 7 June 20016-51The Uninitialized Mailbox report lists all mailboxes for which the password has not yet been cha

Voice Messaging Systems6-52 Issue 7 June 2001Mailbox Lock-Out Option on the Class of Service dialog box determines whether this feature is enabled. T

Messaging 2000 Voice Mail SystemIssue 7 June 20016-53 Securing the M2000 System PCIt is imperative that the M2000 system PC be protected from unauth

Voice Messaging Systems6-54 Issue 7 June 2001Security Recommendations for Remote AccessRemote access to the system should be secured via the followin

PARTNER II Communications SystemIssue 7 June 20016-55Protecting PasswordsFor PARTNER MAIL Release 1 and all releases of PARTNER MAIL VS, passwords ca

Avaya/Customer Security Roles and ResponsibilitiesIssue 7 June 20011-7Avaya/Customer Security Roles and ResponsibilitiesThe purchase of a telecommuni

Voice Messaging Systems6-56 Issue 7 June 2001 Instruct employees not to make a statement, in their recorded greeting, indicating that they will acce

PARTNER Plus Communications SystemIssue 7 June 20016-57Protecting the PARTNER MAIL and PARTNERMAIL VS SystemsThe PARTNER MAIL and PARTNER MAIL VS Sys

Voice Messaging Systems6-58 Issue 7 June 2001 Require the System Administrator and all voice mailbox owners to change their password from the defaul

System 25Issue 7 June 20016-59System 25System 25 may be used with the AUDIX Voice Power System. (For information on this system, see ‘‘Protecting the

Voice Messaging Systems6-60 Issue 7 June 2001Protecting PasswordsThe AUDIX Voice Power System offers password protection to help restrict unauthorize

System 25Issue 7 June 20016-61Security MeasuresThe security measures described in this section do not apply if you are using Release 1.0 of the AUDIX

Voice Messaging Systems6-62 Issue 7 June 2001

Issue 7 June 2001 7-17Automated AttendantDEFINITY ECS, DEFINITYCommunications Systems, System 75,and System 85Automated attendant is a service that c

Automated Attendant7-2 Issue 7 June 2001Tools that Prevent Unauthorized CallsYou can help prevent unauthorized callers who enter the automated attend

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20017-3For example, when automated attendant ports are assigned t

About This Document1-8 Issue 7 June 2001Avaya’s Roles and Responsibilities1. Avaya, as a manufacturer, has the responsibility to PROVIDE the customer

Automated Attendant7-4 Issue 7 June 2001 Outward Restriction: restricts the user from placing calls over CO, FX, or WATS trunks using dial access co

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20017-5Toll Analysis When an automated attendant system transfers

Automated Attendant7-6 Issue 7 June 2001Prevent Calls to Certain NumbersIf some menu options transfer to locations off-premises, you can still protec

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20017-7For DEFINITY G2 and System 85: Use PROC311 WORD2 to estab

Automated Attendant7-8 Issue 7 June 2001Detecting Automated Attendant Toll FraudTable 7-2 shows the reports that help determine if your automated att

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20017-9Call Detail Recording (CDR) / Station MessageDetail Record

Automated Attendant7-10 Issue 7 June 2001Call Traffic ReportThis report provides hourly port usage data and counts the number of calls originated by

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20017-11ARS Measurement SelectionThe ARS Measurement Selection ca

Automated Attendant7-12 Issue 7 June 2001 Assign an aca referral button on that station (or the attendant station). Use change trunk group to displ

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20017-13Call Traffic ReportThis report provides hourly port usage

Avaya Security OfferingsIssue 7 June 20011-9Avaya Security OfferingsAvaya has developed a variety of offerings to assist in maximizing the security o

Automated Attendant7-14 Issue 7 June 2001Also reported is the session termination method. Each possible termination method is assigned a value as sho

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20017-15Unsuccessful call transfer attempts can result in multipl

Automated Attendant7-16 Issue 7 June 2001Protecting Automated Attendant on the AUDIX Voice Mail System This section discusses security measures imple

DEFINITY ECS, DEFINITY Communications Systems, System 75, and System 85Issue 7 June 20017-17For DEFINITY G2 and System 85:1. On the AUDIX Voice Mail

Automated Attendant7-18 Issue 7 June 2001Protecting Automated Attendant on theCONVERSANT Voice Information System The CONVERSANT Voice Information Sy

MERLIN II Communications System R3Issue 7 June 20017-19MERLIN II Communications System R3MERLIN MAIL Voice Messaging SystemThe MERLIN MAIL Voice Mess

Automated Attendant7-20 Issue 7 June 2001MERLIN LEGEND Communications SystemAUDIX Voice Power SystemThe MERLIN LEGEND Communications System supports

PARTNER II Communications SystemIssue 7 June 20017-21PARTNER II Communications SystemThe PARTNER II Communications System supports the PARTNER MAIL S

Automated Attendant7-22 Issue 7 June 2001PARTNER Plus Communications SystemThe PARTNER Plus Communications System R3.1 and later releases, supports t

Issue 7 June 2001 8-18Other Products and ServicesThis chapter contains security information for Avaya products other than PBXs and adjuncts that have

About This Document1-10 Issue 7 June 2001Avaya Toll Fraud Crisis InterventionIf you suspect you are being victimized by toll fraud or theft of servic

Other Products and Services8-2 Issue 7 June 2001For additional information on administering CMS, refer to the following documents: Call Management S

CallMaster PCIssue 7 June 20018-3CallMaster PCCallMaster PC, a software application used with the DEFINITY ECS, gives Call Center agents and supervis

Other Products and Services8-4 Issue 7 June 2001Multipoint Conferencing Unit(MCU)/Conference Reservation andControl System (CRCS)The MCU has a DEFINI

PassageWay® Telephony Services for NetWare® and Windows NT®Issue 7 June 20018-5PassageWay® Telephony Services forNetWare® and Windows NT®NOTE:The fol

Other Products and Services8-6 Issue 7 June 2001Security TipsThe following tips are for the PassageWay Telephony Server administrator.  When the pro

PassageWay® Telephony Services for NetWare® and Windows NT®Issue 7 June 20018-7 PassageWay Telephony Server administrators should be aware of switch

Other Products and Services8-8 Issue 7 June 2001 Set a maximum number of login attempts per call Allow time to enter the complete login Disconnect

TransTalk 9000 Digital Wireless SystemIssue 7 June 20018-9TransTalk 9000 Digital Wireless SystemThe TransTalk 9000 Digital Wireless System is a flexi

Other Products and Services8-10 Issue 7 June 2001

Issue 7 June 2001 9-19Call RoutingCall Routing Call FlowThe following is the basic call flow through the DEFINITY ECS, DEFINITY G1 and G3, or System

Related DocumentationIssue 7 June 20011-11Helplines For technical assistance or support with DEFINITY ECS, DEFINITY Communications System, System 75

Call Routing9-2 Issue 7 June 2001The system checks the calling permissions of the originator’s COR to see if the COR of the originator is allowed to

Issue 7 June 2001 10-110Blocking CallsCountry CodesThe following is a list of international country codes for direct dialing. In developing your ARS

Blocking Calls10-2 Issue 7 June 2001Azerbaijan 994Bahamas 1-242*Bahrain 973Bangladesh 880Barbados 1-246*Barbuda 1-268*Belarus 375Belgium 32Belize 501

Country CodesIssue 7 June 200110-3Cocos-Keeling Islands 61Colombia 57Comoros 269Congo 242Cook Islands 682Costa Rica 506Croatia 385Cuba 53Cuba (Guanta

Blocking Calls10-4 Issue 7 June 2001French Polynesia 689Gabon 241Gambia 220Georgia 995Germany 49Ghana 233Gibraltar 350Global Mobile Satellite System

Country CodesIssue 7 June 200110-5Iraq 964Ireland 353Iridium (under deactivation) 8816, 8817Israel 972Italy 39Ivory Coast 225Jamaica 1-876*Japan 81Jo

Blocking Calls10-6 Issue 7 June 2001Marshall Islands 692Martinique 596Mauritania 222Mauritius 230Maayotte Island 269Mexico 52Micronesia (Federal Stat

Country CodesIssue 7 June 200110-7Palau 680Palestine 970Panama 507Papua New Guinea 675Paraguay 595Peru 51Philippines 63Poland 48Portugal 351Puerto Ri

Blocking Calls10-8 Issue 7 June 2001Spain 34Sri Lanka 94Sudan 249Suriname 597Swaziland 268Sweden 46Switzerland 41Syria 963Taiwan 886Tajikistan 992Tan

Blocking Toll Fraud DestinationsIssue 7 June 200110-9Blocking Toll Fraud DestinationsToll fraud calls are placed to locations all over the world. Tab

ContentsIssue 7 June 2001 iii1 About This Document 1-1 Scope of this Handbook 1-1 Reason for Reissue 1-3 Intended Audience 1-3 How this Guide i

About This Document1-12 Issue 7 June 2001

Blocking Calls10-10 Issue 7 June 2001Blocking ARS Calls on DEFINITY G1 and System 75Use the following procedure to block calls to the destinations li

Blocking Toll Fraud DestinationsIssue 7 June 200110-114. Enter the routing pattern changes to ARS FNPA tables 500 to 599 and 900 to 999 as shown in t

Blocking Calls10-12 Issue 7 June 20015. Use change rhnpa table 31 to display the RHNPA Table 31 screen.6. Enter the routing pattern changes to RHNPA

Blocking Toll Fraud DestinationsIssue 7 June 200110-13ARS RHNPA TABLE: 31OFFICE CODES: 500-599Pattern Choices01:2 03: 05: 07: 09: 11:02: 04: 06: 08:

Blocking Calls10-14 Issue 7 June 2001Blocking ARS Calls on G2.1 and System 85Use the following procedure to block calls to the destinations listed in

Blocking Toll Fraud DestinationsIssue 7 June 200110-15Blocking WCR Calls on DEFINITY G2.2Use the following procedure to block calls to the destinatio

Blocking Calls10-16 Issue 7 June 2001Blocking ARS Calls on G3This section contains a sample ARS Digit Analysis Table for G3. In the example, internat

Blocking Toll Fraud DestinationsIssue 7 June 200110-1701198 10 23 int0700 11 11 op101xxxx 5 5 op101xxxx 12 12 hnpa101xxxx0 6 6 1 op101xxxx0 16 16 1 o

Blocking Calls10-18 Issue 7 June 2001Blocking ARS Calls on System 25 R3V3The Toll Call Allowed/Disallowed Lists, available in System 25 R3V3, permit

Issue 7 June 2001 11-111Remote Access Example (DEFINITY ECS, DEFINITY G1, G3, and System 75)This chapter provides procedures for setting up and disab

Issue 7 June 2001 2-12IntroductionBackgroundTelecommunications fraud is the unauthorized use of a company’s telecommunications service. This type of

Remote Access Example (DEFINITY ECS, DEFINITY G1, G3, and System 75)11-2 Issue 7 June 200111. Select a PGN (1 through 8) that is not in use in any ot

Permanently Disabling Remote AccessIssue 7 June 200111-319. For all the Route Patterns assigned to ARS/AAR Partition 8, use change route-pattern to a

Remote Access Example (DEFINITY ECS, DEFINITY G1, G3, and System 75)11-4 Issue 7 June 2001

Issue 7 June 2001 12-112Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECSThis chapter provides information on administeri

Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS12-2 Issue 7 June 2001Administering the SVN FeatureThis section contains

Administering the SVN FeatureIssue 7 June 200112-3 Time IntervalEnter the time interval within which a login security violation must occur. The rang

Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS12-4 Issue 7 June 2001List the Status of a Login IDTo list the status of

Administering the SVN FeatureIssue 7 June 200112-5 Login ThresholdEnter the minimum number of login attempts that will be permitted before a referra

Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS12-6 Issue 7 June 2001Administering Remote Access Kill After N AttemptsF

Administering the SVN FeatureIssue 7 June 200112-7If the Remote Access feature is to be dormant for a period of time, the feature can be disabled usi

Introduction2-2 Issue 7 June 2001Who is the Enemy?Hackers and PhreakersHackers and “phreakers” (phone freaks) use personal computers, random number g

Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS12-8 Issue 7 June 2001Enter the enable login <login ID> command to

Administering the SVN FeatureIssue 7 June 200112-9 Time IntervalEnter the time interval within which the authorization code security violations must

Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS12-10 Issue 7 June 2001 Originating ExtensionThis is a dynamic field th

Administering Barrier Code AgingIssue 7 June 200112-11 Announcement ExtensionThis field contains an extension corresponding to a recorded announceme

Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS12-12 Issue 7 June 2001 Barrier CodeAssign a barrier code that conforms

Administering Customer Logins and Forced Password AgingIssue 7 June 200112-13 Calls UsedThis field is a display-only field that specifies the number

Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS12-14 Issue 7 June 2001To add a customer login you must be a superuser,

Administering Customer Logins and Forced Password AgingIssue 7 June 200112-159. In the Password Aging Cycle Length field, enter the number of days (f

Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS12-16 Issue 7 June 20016. Enter a password for the new login in the Logi

Administering Customer Logins and Forced Password AgingIssue 7 June 200112-17If the Maintenance option is set to y on the Customer Options form, the

What is in a Loss?Issue 7 June 20012-3Call sell operations are dependent on calling card numbers or other means to fraudulently use a customer premis

Administering Features of the DEFINITY G3V3 and Later, Including DEFINITY ECS12-18 Issue 7 June 2001Administering the Security Violations ReportsThe

Issue 7 June 2001 13-113Changing Your PasswordThis chapter provides steps for changing passwords for systems listed in this handbook, where applicabl

Changing Your Password13-2 Issue 7 June 2001AUDIX Voice Power System System administrators:1. Access the AUDIX Voice Power System main menu.2. Selec

CONVERSANT Voice Information SystemIssue 7 June 200113-36. When prompted to repeat the new password (re-enter new password), enter the new password a

Changing Your Password13-4 Issue 7 June 2001DEFINITY AUDIX System System administrators:You can change two passwords: 1) that of the currently logge

DEFINITY ECS and DEFINITY G1 and G3Issue 7 June 200113-5DEFINITY ECS and DEFINITY G1 and G3 System administrators:Use the Change Password form to ch

Changing Your Password13-6 Issue 7 June 2001DEFINITY G2For DEFINITY G2, passwords are shared between the customer and Avaya. Contact the Database Adm

MERLIN MAIL or MERLIN MAIL-ML Voice Messaging SystemIssue 7 June 200113-7MERLIN MAIL or MERLIN MAIL-MLVoice Messaging SystemNOTE:No default password

Changing Your Password13-8 Issue 7 June 2001MERLIN MAIL R3, MERLIN LEGENDMail, or PARTNER MAIL R3 VoiceMessaging System System administrators:You ca

PARTNER MAIL SystemIssue 7 June 200113-9PARTNER MAIL System System administrators:Change your password by means of the Voice Mail Menu.1. To access

Introduction2-4 Issue 7 June 2001Known Toll Fraud ActivityUnderstanding how hackers penetrate your system is the first step in learning what to do to

Changing Your Password13-10 Issue 7 June 2001System 25 System administrators:1. From the Main Menu prompt, enter 4.2. At Action = enter 75.3. At Dat

System 85Issue 7 June 200113-11 End users:Use the Change Password form to change the login password.1. Verify that the screen displays:command:2. En

Changing Your Password13-12 Issue 7 June 2001

Issue 7 June 2001 14-114Toll Fraud Job AidsThe job aids in this appendix are tools for your organization to use in securing your system against toll

Toll Fraud Job Aids14-2 Issue 7 June 2001 An upsurge in use on DISA or other trunks. Unusual increase in customer premises equipment-based system m

System Security Action PlanIssue 7 June 200114-3System Security Action PlanFigure 14-1. System Security Action PlanEducate End Users Establish Port S

Toll Fraud Job Aids14-4 Issue 7 June 2001Top 10 Tips to Help Prevent Phone “Phraud”1. Protect System Administration AccessInsure secure passwords exi

Top 10 Tips to Help Prevent Phone “Phraud”Issue 7 June 200114-59. Monitor Traffic and System Activity for Abnormal PatternsActivate features that “Tu

Toll Fraud Job Aids14-6 Issue 7 June 2001

Issue 7 June 2001 15-115Special Security Product and Service OffersRemote Port Security Device (RPSD)The Remote Port Security Device (RPSD)1 offers e

Known Toll Fraud ActivityIssue 7 June 20012-5— Voice MailThere are two types of voice mail fraud. The first type, which is responsible for the bulk o

Special Security Product and Service Offers15-2 Issue 7 June 2001The Key and Lock use a sophisticated dynamic challenge/response technique to assist

Remote Port Security Device (RPSD)Issue 7 June 200115-3Securing DEFINITY Systems (Prior to Release 7.2)with the Remote Port Security Device (RPSD)If

Special Security Product and Service Offers15-4 Issue 7 June 2001Securing DEFINITY Systems (Release 7.2 and Later) with AccessSecurity Gateway (ASG)T

Securing DEFINITY Systems (Release 7.2 and Later) with Access Security Gateway (ASG)Issue 7 June 200115-5Administering Access Security GatewayUse the

Special Security Product and Service Offers15-6 Issue 7 June 2001Logging in via Access Security Gateway (Session Establishment)Use the following proc

Securing DEFINITY Systems (Release 7.2 and Later) with Access Security Gateway (ASG)Issue 7 June 200115-7Maintaining Login IDsTemporarily Disabling A

Special Security Product and Service Offers15-8 Issue 7 June 2001Loss of an ASG KeyIf a user loses their ASG Key, he/she must notify the system admin

Securing DEFINITY Systems (Release 7.2 and Later) with Access Security Gateway (ASG)Issue 7 June 200115-9 Security MeasurementsAccess Security Gatew

Special Security Product and Service Offers15-10 Issue 7 June 2001Logging In With ASGWhen you begin a remote session with an Intuity AUDIX system tha

Securing DEFINITY Systems (Release 7.2 and Later) with Access Security Gateway (ASG)Issue 7 June 200115-11Adding an ASG Login You must be logged in a

Introduction2-6 Issue 7 June 2001If the system allows uninterrupted, continuous access, a war dialer can crack a 6-digit code within 6 hours. The cod

Special Security Product and Service Offers15-12 Issue 7 June 2001Blocking or Reinstating Access Privileges for anASG LoginIf a user will not need ac

Securing DEFINITY Systems (Release 7.2 and Later) with Access Security Gateway (ASG)Issue 7 June 200115-13Displaying ASG Login InformationIf you need

Special Security Product and Service Offers15-14 Issue 7 June 20012. Type a new value in the Number of failed login attempts: field, if needed.(This

Avaya SupportIssue 7 June 200115-15Avaya SupportAvaya provides RPSD Keys to their maintenance centers to accommodate access to systems you secure wit

Special Security Product and Service Offers15-16 Issue 7 June 2001Toll Fraud Contact ListContact: For:Your Avaya Account Executive or Design Speciali

Issue 7 June 2001 16-116Product Security ChecklistsThis chapter contains the following security checklists: General Security Procedures (page 16-2)

Product Security Checklists16-2 Issue 7 June 2001 System 75 (page 16-14) System 85 (page 16-20) PassageWay Telephony Services (page 16-66)General

General Security ProceduresIssue 7 June 200116-3Customer EducationSystem manager/administrator has copy of Security Handbook/Toll Fraud OverviewSyste

Product Security Checklists16-4 Issue 7 June 2001AUDIX, DEFINITY AUDIX andINTUITY AUDIX Voice MessagingSystemsAlso see the general security checklist

AUDIX, DEFINITY AUDIX and INTUITY AUDIX Voice Messaging SystemsIssue 7 June 200116-5(Table 16-2. AUDIX, DEFINITY AUDIX and INTUITY AUDIX Voice Messag

Known Toll Fraud ActivityIssue 7 June 20012-7— LoopingLooping is a method that call sell operators use to circumvent restrictions that IXCs (Interexc

Product Security Checklists16-6 Issue 7 June 2001AUDIX Voice Power SystemAlso see the general security checklist on page 16-2, the security checklist

AUDIX Voice Power SystemIssue 7 June 200116-7Table 16-3. AUDIX Voice Power SystemY/N11. If “NO” (N), provide Note reference number and explain.Note N

Product Security Checklists16-8 Issue 7 June 2001BasicWorksAlso see the general security checklist on page 16-2.Customer: ___________________________

BasicWorksIssue 7 June 200116-9Password aging activatedLogins temporarily disabled when not needed (“disable/enable” commands)Customer access to INAD

Product Security Checklists16-10 Issue 7 June 2001COR-to-COR restrictions on dial-accessed trunksAutomatic Circuit Assurance (ACA) on trunks groupsSM

BasicWorksIssue 7 June 200116-11Authorization codes usedOperator calls restrictedSwitch-hook flash denied on FAX machines, modems, etc.COR-to-COR res

Product Security Checklists16-12 Issue 7 June 2001CONVERSANT Voice Information SystemAlso see the general security checklist on page 16-2, and the se

CONVERSANT Voice Information SystemIssue 7 June 200116-13Host PBXAnalog ports in CONVERSANT Voice Information System hunt group restricted from toll

Product Security Checklists16-14 Issue 7 June 2001DEFINITY ECS, DEFINITY G1 and G3, and System 75Also see the general security checklist on page 16-2

DEFINITY ECS, DEFINITY G1 and G3, and System 75Issue 7 June 200116-15Logins automatically disabled after security violations (G3V3 and later)Login pe

Introduction2-8 Issue 7 June 2001This same scam could also easily apply to messages left on voice mail. The person could state, “I’m John Doe calling

Product Security Checklists16-16 Issue 7 June 2001Second dial tone omitted between barrier and authorization codesAuthorization code timeout to atten

DEFINITY ECS, DEFINITY G1 and G3, and System 75Issue 7 June 200116-17SMDR/CDR activated on all trunk groupsTrunks measured by BCMS/CMSTrunk-to-Trunk

Product Security Checklists16-18 Issue 7 June 2001Station Security Code Security Violation Notification feature active Station Security Code Securit

DEFINITY ECS, DEFINITY G1 and G3, and System 75Issue 7 June 200116-19Switch-hook flash denied on FAX machines, modems, etc.COR-to-COR restrictions us

Product Security Checklists16-20 Issue 7 June 2001DEFINITY G2 and System 85Also see the general security checklist on page 16-2, and the security che

DEFINITY G2 and System 85Issue 7 June 200116-21Attendant Control of Trunk Group activated for any trunk groups with TACsVDNs have their own restricte

Product Security Checklists16-22 Issue 7 June 2001SMDR/CAS/CDR reports monitored daily, including authorization code violationsTraffic measurement re

DEFINITY G2 and System 85Issue 7 June 200116-23Administration login password changed on regular basisTransfer to Subscribers Only = y (AVP)Change pas

Product Security Checklists16-24 Issue 7 June 2001DIMENSION PBX SystemAlso see the general security checklist on page 16-2, and the security checklis

DIMENSION PBX SystemIssue 7 June 200116-25Ports for adjuncts in own restricted COSAuthorization codes usedAuthorization codes not sequential900, 976

Issue 7 June 2001 3-13Security RisksOverviewIn order for your system to be secure against toll fraud, you need to address access, egress, and system

Product Security Checklists16-26 Issue 7 June 2001Barrier code is a random 4-digit sequenceProduct MonitoringSMDR reports monitored daily, including

MERLIN II Communications SystemIssue 7 June 200116-27MERLIN II Communications SystemAlso see the general security checklist on page 16-2, and the sec

Product Security Checklists16-28 Issue 7 June 2001If outcalling enabled: All voice mail ports except last one toll restricted Last port for voice m

MERLIN LEGEND Communications SystemIssue 7 June 200116-29MERLIN LEGEND Communications SystemAlso see the general security checklist on page 16-2, and

Product Security Checklists16-30 Issue 7 June 2001Trunk groups dial access = nFRLs assigned to limit network access based on business needsRemote Acc

MERLIN LEGEND Communications SystemIssue 7 June 200116-31Disallow list created containing 0, 011, 10, 700, 800, 1800, 809, 1809, 411, 1411, 900, and

Product Security Checklists16-32 Issue 7 June 2001MERLIN MAIL Voice Messaging SystemAlso see the general security checklist on page 16-2, and the sec

MERLIN MAIL Voice Messaging SystemIssue 7 June 200116-33MERLIN LEGEND Communications System voice mail port(s) used for outcalling restricted via all

Product Security Checklists16-34 Issue 7 June 2001MERLIN MAIL-ML Voice Messaging SystemAlso see the general security checklist on page 16-2, and the

MERLIN MAIL-ML Voice Messaging SystemIssue 7 June 200116-35MERLIN LEGEND Communications System voice mail port(s) used for outcalling restricted via

Contentsiv Issue 7 June 2001  Automated Attendant 3-3 Other Port Security Risks 3-3 Voice Messaging Systems 3-4 Administration / Maintenance Acce

Security Risks3-2 Issue 7 June 2001Remote AccessRemote Access, or Direct Inward System Access (DISA), permits callers from the public network to acce

Product Security Checklists16-36 Issue 7 June 2001MERLIN MAIL R3 Voice Messaging SystemAlso see the general security checklist on page 16-2, and the

MERLIN MAIL R3 Voice Messaging SystemIssue 7 June 200116-37Transfer restricted to subscribers onlyLogin attempts before warning message < 6Login a

Product Security Checklists16-38 Issue 7 June 2001Automated AttendantNo pooled facility access codes translated on menusNo ARS codes translated on me

MERLIN Plus Communications SystemIssue 7 June 200116-39MERLIN Plus Communications SystemAlso see the general security checklist on page 16-2, and the

Product Security Checklists16-40 Issue 7 June 2001Messaging 2000 Voice Mail SystemAlso see the general security checklist on page 16-2.Customer: ____

Messaging 2000 Voice Mail SystemIssue 7 June 200116-41[Recommended] Use the Randomly Generated method of assigning passwords to new mailboxes.[Recomm

Product Security Checklists16-42 Issue 7 June 2001[Required] Set the Consecutive Login Failures Before Lock-Out parameter on the Subscriber tab in Sy

Messaging 2000 Voice Mail SystemIssue 7 June 200116-43[Recommended] When Quick Assist is run in recover mode from the \CVR prompt in an OS/2 window,

Product Security Checklists16-44 Issue 7 June 2001End-User Education[Required] The end-user must periodically/frequently change all secondary passwor

Multimedia Communications Exchange ServerIssue 7 June 200116-45Multimedia Communications Exchange ServerAlso see the general security checklist on pa

Automated AttendantIssue 7 June 20013-3Automated AttendantAutomated attendant systems direct calls to pre-designated stations by offering callers a m

Product Security Checklists16-46 Issue 7 June 2001Multipoint Conferencing Unit(MCU)/Conference Reservation andControl System (CRCS)Also see the gener

Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System (CRCS)Issue 7 June 200116-47Customer EducationSystem manager/administrat

Product Security Checklists16-48 Issue 7 June 2001ESM Security ChecklistNOTE:See the appropriate security checklist for the host MSM.MCU Product Chec

Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System (CRCS)Issue 7 June 200116-49Table 16-18. ESM Y/N11. If “NO” (N), provide

Product Security Checklists16-50 Issue 7 June 2001CRCS Security ChecklistCustomer: _________________________________________CRCS Type: ______________

Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System (CRCS)Issue 7 June 200116-51MSM Security ChecklistSee the appropriate se

Product Security Checklists16-52 Issue 7 June 2001Table 16-20. MSM Y/N1Note N/ASystem AdministrationCustomer advised of all logins under their contro

Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System (CRCS)Issue 7 June 200116-53Remote Access administered Remote access nu

Product Security Checklists16-54 Issue 7 June 2001Tie trunk groups are COR-to-COR restrictedTrunk groups have dial access = nCOR-to-COR restrictions

Multipoint Conferencing Unit (MCU)/Conference Reservation and Control System (CRCS)Issue 7 June 200116-55Data Origination feature code not translated

Security Risks3-4 Issue 7 June 2001Voice Messaging SystemsVoice messaging systems provide a variety of voice messaging applications; operating simila

Product Security Checklists16-56 Issue 7 June 2001PARTNER, PARTNER II, and PARTNER Plus Communications Systems, and PARTNER Advanced Communications S

PARTNER, PARTNER II, and PARTNER Plus Communications Systems, and PARTNER Advanced Communications System (ACS)Issue 7 June 200116-57Customer Educatio

Product Security Checklists16-58 Issue 7 June 2001Customer is aware of network-based toll fraud surveillance offerings such as netPROTECTCustomer kno

PARTNER, PARTNER II, and PARTNER Plus Communications Systems, and PARTNER Advanced Communications System (ACS)Issue 7 June 200116-59System Administra

Product Security Checklists16-60 Issue 7 June 2001Product Monitoringfor PARTNER Plus, PARTNER II, and PARTNER ACS onlySMDR/Call Accounting reports mo

PARTNER MAIL, PARTNER MAIL VS, and PARTNER Voice Mail (PVM) SystemsIssue 7 June 200116-61PARTNER MAIL, PARTNER MAIL VS, and PARTNER Voice Mail (PVM)

Product Security Checklists16-62 Issue 7 June 2001for PARTNER MAIL System onlySystem mailboxes (90 to 98 and 9999) assigned COS 7 to 9 to prevent tra

System 25Issue 7 June 200116-63System 25Also see the general security checklist on page 16-2, and the security checklist for any attached voice mail

Product Security Checklists16-64 Issue 7 June 2001Positive disconnect verified with loop start trunksRemote AccessRemote activated only if requiredUs

System 25Issue 7 June 200116-65Disable remote maintenance access when not in useProduct MonitoringSMDR/CAS reports monitored daily, administration lo

Administration / Maintenance AccessIssue 7 June 20013-5The following is a list of customer logins for systems in this handbook that provide login cap

Product Security Checklists16-66 Issue 7 June 2001PassageWay Telephony ServicesAlso see the general security checklist on page 16-2.Customer: _______

PassageWay Telephony ServicesIssue 7 June 200116-67System AdministrationGuidelines followed for logins/passwords for user accounts. (See PassageWay c

Product Security Checklists16-68 Issue 7 June 2001For NetWare only:Used the NetWare Administrator feature (NetWare 4.10 and 4.11) or SYSCON utility (

PassageWay Telephony ServicesIssue 7 June 200116-69Access ControlTo ensure protection of sensitive system files used by Tserver, only System Administ

Product Security Checklists16-70 Issue 7 June 2001 Configure the following security options:— Require login names for callers— Make passwords case s

Issue 7 June 2001 17-117Large Business Communications Systems Security Tools by ReleaseThe following tables contain page references for the available

Large Business Communications Systems Security Tools by Release17-2 Issue 7 June 2001Alternate Facility Restriction Levels‘‘Remote Access’’ on page 3

Issue 7 June 2001 17-3Barrier Code ‘‘Remote Access’’ on page 3-2‘‘Security Tips’’ on page 4-2‘‘Barrier Codes’’ on page 4-4‘‘Restrict Who Can Use Remo

Large Business Communications Systems Security Tools by Release17-4 Issue 7 June 2001Call Detail Recording (SMDR)‘‘Call Detail Recording (CDR) / Stat

Issue 7 June 2001 17-5Class of Service ‘‘Class of Service’’ on page 4-16‘‘Class of Service’’ on page 6-7‘‘Class of Service’’ on page 7-3xxxxxxxxxCMS

Security Risks3-6 Issue 7 June 2001Increasing Adjunct Access SecuritySince system adjuncts can be used to log in to otherwise “protected” systems, yo

Large Business Communications Systems Security Tools by Release17-6 Issue 7 June 2001Facility Restriction Levels‘‘Class of Restriction’’ on page 4-13

Issue 7 June 2001 17-7INADS Port Access Restrictions‘‘Adding Customer Logins and Assigning Initial Password’’ on page 12-13xxList Call Forward Comman

Large Business Communications Systems Security Tools by Release17-8 Issue 7 June 2001Recent Change History Report‘‘Recent Change History Report (DEFI

Issue 7 June 2001 17-9Security Violation Notification Feature‘‘Security Violation Notification Feature (DEFINITY ECS and DEFINITY G3 only)’’ on page

Large Business Communications Systems Security Tools by Release17-10 Issue 7 June 2001Traffic Measurements and Performance‘‘Traffic Measurements and

Issue 7 June 2001 18-118Non-supported ProductsProducts No Longer SupportedBelow are listed the products Avaya no longer supports as of the given date

Non-supported Products18-2 Issue 7 June 2001Non-supported Products as of Sept. 30, 2000As of September 30, 2000, Avaya no longer supports these produ

Issue 7 June 2001 GL-1 GLGlossaryAAARAutomatic Alternate Routing ACAAutomatic Circuit AssuranceACDAutomatic Call DistributionADAPAUDIX Data Acquisiti

GlossaryGL-2 Issue 7 June 2001 ARS Dial ToneThe dial tone callers hear after they enter the ARS feature access code.AttendantThe operator of the cons

GlossaryIssue 7 June 2001 GL-3 Call ForwardingA set of features that allow calls destined for an extension to be redirected to another extension, des

Administration / Maintenance AccessIssue 7 June 20013-7Another area that may be vulnerable to toll fraud is the System 75 and the DEFINITY ECS, DEFIN

GlossaryGL-4 Issue 7 June 2001 Class of RestrictionA number (0 through 63) that specifies the calling privileges and limitations assigned to stations

GlossaryIssue 7 June 2001 GL-5 ETNElectronic Tandem NetworkEnhanced Call TransferAn AUDIX Voice Mail System feature that provides security by interac

GlossaryGL-6 Issue 7 June 2001 Feature Access CodeA code used to access a feature, such as ARS, Data Origination, Priority Calling and Call Pickup.Fo

GlossaryIssue 7 June 2001 GL-7 LLECLocal Exchange Carrier

GlossaryGL-8 Issue 7 June 2001 MManual Terminating RestrictionPrevents the station from receiving calls other than those originated by the attendant.

GlossaryIssue 7 June 2001 GL-9 Outward RestrictedRestricts the station from placing outgoing calls over specified trunks.PPARTNER AttendantAn Avaya a

GlossaryGL-10 Issue 7 June 2001 Referral CallAn internally-generated call that terminates to a designated destination and indicates an event such as

GlossaryIssue 7 June 2001 GL-11 Service ObservingThe monitoring of actual calls in progress for security purposes.Station Message Detail RecordingCre

GlossaryGL-12 Issue 7 June 2001 UDPUniform Dial PlanUniform Dial PlanA feature that allows a unique 4- or 5-digit number assignment for each terminal

Issue 7 June 2001 IN-1 INIndexNumerics 0 calls, 4-23, 4-53 00 calls, 4-23 01 calls, 4-34 blocking, 10-14 010 calls, 4-34 011 calls, 4-34, 4-53 10xxx

Security Risks3-8 Issue 7 June 2001General Security MeasuresGeneral security measures can be taken systemwide to discourage unauthorized use.Educatin

IndexIN-2 Issue 7 June 2001authorization code, 4-3, 4-17, 4-21, 4-28, 4-29, 6-56, 6-58 invalid login attempts, 4-63 maximum allowed, 4-8 monitoring u

IndexIssue 7 June 2001 IN-3 Call Forward Off-Net, 4-16, 6-7, 7-3 Call Forwarding, 2-8, 4-69 Feature Access Code, 4-8 call list, 6-7, 7-5 free, 4-18 s

IndexIN-4 Issue 7 June 2001Data Restriction Feature Access Code, 4-8 DCS, see Distributed Communication System default passwords changing, 3-4 DEFINI

IndexIssue 7 June 2001 IN-5 Feature Access Code, 2-5 Abbreviated Dialing, 4-8 ARS/AAR, 4-8 Call Forwarding, 4-8 Data Origination, 4-8 Data Privacy, 4

IndexIN-6 Issue 7 June 2001M maintenance access, 3-7 maintenance port, 3-9 target of abuse, 2-4 Malicious Call Trace, 4-67 Manager I, 6-13 reporting,

IndexIssue 7 June 2001 IN-7 Outgoing Trunk to Outgoing Trunk Transfer disabling, 4-43 Outward Restriction, 4-14, 4-16, 6-7, 7-4 overlapped sending, 4

IndexIN-8 Issue 7 June 2001Remote Access, (continued)status report, 4-63 System 25, 5-63 System 75, 4-2 System 85, 4-2 Violations Status Report, 4-64

IndexIssue 7 June 2001 IN-9 service observing, 4-68, 4-69 shoulder surfing, 2-6 six-digit screening, 2-8 SMDR reports, 5-6, 5-13, 5-61, 5-64, 6-34, 6

IndexIN-10 Issue 7 June 2001traffic abnormal patterns, 7-10 measurements, 4-53 monitoring flow, 4-55 reports, 6-18, 6-29, 7-13 Trans Talk 9000 Digita

IndexIssue 7 June 2001 IN-11 voice terminal Public Restriction, 4-15 Termination Restriction, 4-15 voice terminal group attendant-controlled, 4-19 vo

General Security MeasuresIssue 7 June 20013-9Establishing a PolicyAs a safeguard against toll fraud, follow these guidelines: Change passwords frequ

IndexIN-12 Issue 7 June 2001

Security Risks3-10 Issue 7 June 2001Security Goals TablesThe following tables list the security goals for each communications system, and provide an

Security Goals TablesIssue 7 June 20013-11Suppress dial tone after barrier code enteredSuppress Remote Access Dial Tone — (G1, G3 and System 75 R1V3

ContentsIssue 7 June 2001 v Tools that Restrict Unauthorized Outgoing Calls 4-12Class of Restriction 4-13Calling Party and Called Party Restrictions

Security Risks3-12 Issue 7 June 2001Limit calling permissionsCOS (G2 and System 85 only)Set COS restrictionsCOR (G1, G3, and System 75 only)Set FRLSe

Security Goals TablesIssue 7 June 20013-13Prevent exit from Voice Messaging SystemLimit calling permissionsCOR (G1, G3, and System 75 only)Set low FR

Security Risks3-14 Issue 7 June 2001Prevent exit from Automated Attendant ServiceLimit calling permissionsCOR (G1, G3, and System 75 only)Set low FRL

Security Goals TablesIssue 7 June 20013-15Prevent unauthorized outgoing callsLimit calling permissionsSwitch dial restrictionsSet outward/toll restri

Security Risks3-16 Issue 7 June 2001Protect Remote System ProgrammingRequire password to access system programmingSystem Programming password (MERLIN

Security Goals TablesIssue 7 June 20013-17Prevent exit from Voice Messaging SystemLimit calling permissionsSwitch Dial Restrictions (System 25, MERLI

Security Risks3-18 Issue 7 June 2001Prevent theft of information via Voice Messaging SystemAssign secure passwordsPasswords Encourage users to select

Security Goals TablesIssue 7 June 20013-19Table 3-3. Security Goals: PARTNER II and PARTNER Plus Communications SystemsSecurity Goal Method Security

Security Risks3-20 Issue 7 June 2001Prevent theft of information via Voice Messaging SystemAssign secure passwordsPasswords (PARTNER Plus Communicati

Issue 7 June 2001 4-14Large Business Communications SystemsThis chapter provides information on protecting the following: DEFINITY ECS Release 5 and

Contentsvi Issue 7 June 2001 Provide Individualized Calling Privileges Using FRLs 4-30Prevent After-Hours Calling Using Time of DayRouting or Alterna

Large Business Communications Systems4-2 Issue 7 June 2001Keeping Unauthorized Third Partiesfrom Entering the SystemHow Third Parties Enter the Syste

Keeping Unauthorized Third Parties from Entering the SystemIssue 7 June 20014-3 Require maximum length barrier codes and authorization codes. For Sy

Large Business Communications Systems4-4 Issue 7 June 2001*For ASAI, see the applicable product feature description.Barrier CodesFigure 4-1 illustrat

Keeping Unauthorized Third Parties from Entering the SystemIssue 7 June 20014-5Figure 4-1. Remote Access Call PathINCOMINGREMOTEACCESS CALLYESYESNOYE

Large Business Communications Systems4-6 Issue 7 June 2001For DEFINITY ECS, DEFINITY G1, G3, and System 75, you can assign up to 10 barrier codes to

Keeping Unauthorized Third Parties from Entering the SystemIssue 7 June 20014-7For DEFINITY G2 and System 85, either a barrier code or an authorizati

Large Business Communications Systems4-8 Issue 7 June 2001The authorization code option requires that the caller enter a valid authorization code to

Keeping Unauthorized Third Parties from Entering the SystemIssue 7 June 20014-9Night ServiceYou can control the time of day that Remote Access is ava

Large Business Communications Systems4-10 Issue 7 June 2001Protecting Vectors That Contain Call PromptingHackers try to enter unanticipated digit str

Keeping Unauthorized Third Parties from Entering the SystemIssue 7 June 20014-11Status Remote Access CommandFor DEFINITY G3V4 and later, which includ

ContentsIssue 7 June 2001 viiCall Detail Recording (CDR) / Station MessageDetail Recording (SMDR) 4-52Traffic Measurements and Performance 4-53Monito

Large Business Communications Systems4-12 Issue 7 June 2001Tools that Restrict Unauthorized Outgoing CallsUse the following tools to prevent fraudule

Tools that Restrict Unauthorized Outgoing CallsIssue 7 June 20014-13Class of RestrictionFor DEFINITY ECS, DEFINITY G1, G3, and System 75, the Class o

Large Business Communications Systems4-14 Issue 7 June 2001Calling Party and Called Party RestrictionsFor DEFINITY G3 systems prior to DEFINITY ECS R

Tools that Restrict Unauthorized Outgoing CallsIssue 7 June 20014-15COR-to-COR Restrictions/Calling PermissionsIf it is not practical to dial-access-

Large Business Communications Systems4-16 Issue 7 June 2001Class of ServiceFor DEFINITY G2 and System 85, station access to various switch features i

Tools that Restrict Unauthorized Outgoing CallsIssue 7 June 20014-17For DEFINITY G3V2 and later releases, which includes DEFINITY ECS, an additional

Large Business Communications Systems4-18 Issue 7 June 2001Alternate Facility Restriction LevelsFor DEFINITY G2, G3r, and System 85, this tool is use

Tools that Restrict Unauthorized Outgoing CallsIssue 7 June 20014-19ARS Dial ToneFor all switches, the dial tone after the ARS feature access code is

Large Business Communications Systems4-20 Issue 7 June 2001Restrictions — Individual and Group-Controlled(DEFINITY ECS, DEFINITY G1, G3, andSystem 75

Tools that Restrict Unauthorized Outgoing CallsIssue 7 June 20014-21Restricting Incoming Tie TrunksYou can deny access to AAR/ARS/WCR trunks when the

Contentsviii Issue 7 June 2001 Protecting Remote Access 5-12Security Tips 5-12Protecting Remote System Programming 5-14Security Tips 5-14Protecting R

Large Business Communications Systems4-22 Issue 7 June 2001DEFINITY G3V3 and later releases, including DEFINITY ECS Release 5 and later, offer three

Tools that Restrict Unauthorized Outgoing CallsIssue 7 June 20014-23World Class Routing (DEFINITY ECS andDEFINITY G2.2 and G3 only)The World Class Ro

Large Business Communications Systems4-24 Issue 7 June 2001Station Security Codes (SSCs)Station Security Codes (SSCs) are used with two features: Per

Tools that Restrict Unauthorized Outgoing CallsIssue 7 June 20014-25Security TipsPSA/TTI transactions are recorded in the history log, which can be a

Large Business Communications Systems4-26 Issue 7 June 2001For remote users, an additional security precaution for feature access is provided via the

Security MeasuresIssue 7 June 20014-27Security MeasuresThe following procedures explain how to use security tools to create restrictions that help pr

Large Business Communications Systems4-28 Issue 7 June 2001DEFINITY G3V3 and later systems, which includes DEFINITY ECS, are shipped without any cust

Security MeasuresIssue 7 June 20014-29 Enter up to 10 barrier codes (use all seven digits) and assign each a COR and COS that allow only necessary c

Large Business Communications Systems4-30 Issue 7 June 2001 Use PROC286 WORD1 FIELD16 to send calls to an intercept tone, a CAS attendant, or a loca

Security MeasuresIssue 7 June 20014-31NOTE:FRLs 1 through 7 include the capabilities of the lower FRLs.For DEFINITY ECS, DEFINITY G1, G3 and System 7

ContentsIssue 7 June 2001 ixMERLIN Mail/MERLIN LEGEND Mail/MERLINMessaging Toll Fraud at a Glance 5-46LEGEND/MAGIX Toll Fraud Check List 5-46LEGEND T

Large Business Communications Systems4-32 Issue 7 June 2001Prevent After-Hours Calling Using Time of DayRouting or Alternate FRLsYou can regulate the

Security MeasuresIssue 7 June 20014-33Block International CallingIf your company does not do business overseas, deny everyone the ability to directly

Large Business Communications Systems4-34 Issue 7 June 2001For DEFINITY ECS and DEFINITY G3: Enter change ars analysis partition to display the ARS

Security MeasuresIssue 7 June 20014-35For DEFINITY ECS and DEFINITY G3: Enter change ars analysis to display the ARS Analysis screen. Specify the t

Large Business Communications Systems4-36 Issue 7 June 2001Restrict Calls to Specified Area CodesIf your business does not make calls to certain area

Security MeasuresIssue 7 June 20014-37For DEFINITY G2.2: Use WCR with PROC314 WORD1 and WORD2 and permit only certain numbers. Consider using Networ

Large Business Communications Systems4-38 Issue 7 June 2001For DEFINITY G2 and System 85: Enter PROC000 WORDD2 FIELD5 to assign an extension to a gr

Security MeasuresIssue 7 June 20014-39Use Attendant Control of Trunk Group AccessIf direct access to trunk groups must be allowed, consider making th

Large Business Communications Systems4-40 Issue 7 June 2001 Time slot test call — Connects the voice terminal user to a specific time slot located o

Security MeasuresIssue 7 June 20014-41For DEFINITY ECS, DEFINITY G1, G3, and System 75: Use change cor to display the Class of Restriction screen.