Technical information
Issue 7 June 2001 8-1
8
Other Products and Services
This chapter contains security information for Avaya products other than PBXs
and adjuncts that have become available since Issue 2 of this handbook. For
information on the Avaya I
NTUITY System and the PARTNER MAIL VS System,
which have also become available since the last issue of the handbook, see
Chapter 6.
Call Management System (R3V4)
Call Management System (R3V4) is an MIS system for Call Centers that provides
real time and historical data about the status and performance of a customer’s call
including information about agents, trunks, trunk groups, splits/skills, busy hours,
forecasts, and so on. The application currently resides on personal computer
platforms as an adjunct to the Avaya DEFINITY ECS and DEFINITY
Communications Systems.
Security could be breached if a customer adds modems to the platform for
supervisor access from remote locations. If access to UNIX is allowed, and the
modems and station lines from the PBX are not secured, it would be possible to
make data calls to other computers via the platform. If the customer has modem
access to CMS, then the possibility for toll fraud exists if a hacker can get into the
switch from CMS.
Security Tips
The following considerations are for the CMS administrator.
When setting up the ports, modems should be defined in UNIX (using the
FACE administration tool) for INBOUND access only.
If station lines are used for the modems, the COS or COR should be set to
disallow outbound dialing capabilities.
Switchhook flash and distinctive audible alert should be set to no on the
station forms.
Remote users should not have access to UNIX via the CMS application.
Restrict access by means of the User Permissions feature of CMS.