AT&T DEFINITY Generic 3 Manuale Utente
Security Issues
I-2
Issue 4 September 1995
Front-Ending Remote Access
Via this method, authorized external callers are given a VDN extension to call
instead of the remote access extension, which is kept private. The corresponding
call vector can then implement a number of security checks before routing
callers to the remote access extension. Routing can be done via a
instead of the remote access extension, which is kept private. The corresponding
call vector can then implement a number of security checks before routing
callers to the remote access extension. Routing can be done via a
route-to
number
or
route-to digits
step.
The following advantages are possible via this method.
■
Call Vectoring can introduce a delay before the dial-tone is provided to the
caller. Immediate dial-tone is often one criterion searc hed for by a
hacker’s programs when the hacker is trying to break into a system.
caller. Immediate dial-tone is often one criterion searc hed for by a
hacker’s programs when the hacker is trying to break into a system.
■
A recorded announcement declaring that the use of the switch services by
unauthorized callers is illegal and that the call is subject to monitoring
and/or recording can be played for the caller.
unauthorized callers is illegal and that the call is subject to monitoring
and/or recording can be played for the caller.
■
Call Prompting can be used to prompt for a password. In such a case, the
call is routed only if there is a match on the password.
call is routed only if there is a match on the password.
■
Use of the remote access extension can be limited to certain times of the
day or certain days of the week.
day or certain days of the week.
■
Real-time and historical reports on the use of the remote access feature
can be accessed from BCMS and/or CMS.
can be accessed from BCMS and/or CMS.
■
Different passwords can be used on different days of the week or at
different times during the day.
different times during the day.
■
Many VDNs that call the remote access extension can be identified.
Accordingly, individuals or groups can be given their own VDN with
unique passwords, permissions and reports. Any abuse of the system or
security leak can then be attributed to an individual or a group.
Accordingly, individuals or groups can be given their own VDN with
unique passwords, permissions and reports. Any abuse of the system or
security leak can then be attributed to an individual or a group.
■
The caller can be routed to a VRU using the
converse-on
step where more
sophisticated security checking, such as speaker recognition, can take
place.
place.
■
Anyone failing any of the security checks can be routed to a ‘‘security”
VDN that routes the caller to security personnel with a display set or to a
VRU. Such a call would show ‘‘security’’ and possibly also the attempted
password on the display. If the call is passed to a VRU, the VDN, the ANI
and/or the prompted digits can be captured. BCMS/CMS reports on this
security violation VDN will give information on how often and when security
violations occur.
VDN that routes the caller to security personnel with a display set or to a
VRU. Such a call would show ‘‘security’’ and possibly also the attempted
password on the display. If the call is passed to a VRU, the VDN, the ANI
and/or the prompted digits can be captured. BCMS/CMS reports on this
security violation VDN will give information on how often and when security
violations occur.
Replacing Remote Access
For this method, the remote access extension is not used. One or more VDNs are
designed to access call vectors that can employ all of the security checks
described in the previous section. The same reports and monitoring/recording
designed to access call vectors that can employ all of the security checks
described in the previous section. The same reports and monitoring/recording