Technical information

ManualsBrandsAT&T ManualsNetwork RouterDEFINITY Remote Port Security Device

281

282

283

284

285

286

287

288

289

290

Other Products and Services

8-6 Issue 7 June 2001

Security Tips

The following tips are for the PassageWay Telephony Server administrator.

 When the product is installed, do the following:

For Netware only:

 Use the NetWare Administrator feature (NetWare 4.10 and 4.11) or

SYSCON utility (NetWare 3.12) to set the appropriate login and

password restrictions (for example, require users to have passwords

with a minimum length of 7 characters, enable password aging, and

so forth).

 Use the NetWare Administrator feature (NetWare 4.10 and 4.11) or

SYSCON utility (NetWare 3.12) to enable the Intruder Detection

feature and to lock accounts after several invalid login attempts

have been made.

 Enable the “Restrict users to Home Worktop” feature.

For Windows NT only:

 Disable the “Extended Worktop Access” feature.

 Take full advantage of Windows NT user manager administration,

including password options.

 Take full advantage of Windows NT event log (for example, for

monitoring failed login attempts).

 Educate administrative personnel about the capabilities of the

PassageWay Telephony Server. Administrators must understand that the

programming interface provides “third party control” capabilities. These

capabilities allow an end user application to monitor and control phones

other than the user's to the extent that the PassageWay Telephony

Server's Security database will permit. Therefore, administrators must be

familiar with the procedures in the PassageWay

Telephony Services:

NetWare Manager’s Guide and in the PassageWay

Telephony Services

for Windows NT

Network Manager’s Guide that regulate what features a

user may request and the phones and other devices for which a user may

request a feature.

 There is little need for a “Device Group” that contains all devices, except

perhaps for tracking, billing, or a similar application. The presence of such

groups may be an indicator of unauthorized control, monitoring, or other

security problem. Limit the use of these groups to those who need them.

 Similarly, minimize the use of the “exception list” feature in defining Device

Groups. An exception list gives permission to operate on all devices except

those explicitly named; therefore, an exception list is often a large Device

Group and has the same vulnerabilities as a Device Group containing all

devices.