Technical information
System Security Action Plan
Issue 7 June 2001
14-3
System Security Action Plan
Figure 14-1. System Security Action Plan
Educate End Users Establish Port Security Procedures
Secure the Administration System Perform Security Monitoring
The first step customers should take in
tightening the security of their systems
is to increase end-users’ awareness of
the system’s security features and
vulnerabilities.
Develop and implement a toll fraud detection
and reaction plan with all employees.
Train users on remote access responsibilities
and security procedures.
Establish and maintain security policies
regarding password/authorization code
protection.
Once you have established an effective
Control administrative access passwords,
and change them frequently.
Never store administrative port numbers or
passwords as part of a connection “script.”
Use Remote Port Security Device to “lock-up”
administrative ports.
Monitor call detail records and “800 service”
billing records for unusual activity.
Monitor “invalid login attempt” activity levels
on remote access and administration ports.
Establish thresholds and monitor port and
trunk activity levels.
port security plan, you need to protect it.
Management of the access into adminis-
trative and maintenance capabilities is an
important part of the total System Security
Plan.
System Security Monitoring plays a
critical role in a customer’s overall
security scheme. By monitoring
system security precautions already
taken, customers can react quickly
to any potential threat detected.
Use passwords, authorization codes, and
barrier codes. Set them to maximum length
Assign calling privilege restriction levels to
users on a need-to-call basis.
Block off-hours and weekend calling privileges,
or use alternate restriction levels when possible.
and change them frequently.
Customers must establish security
measures to manage and control
access to the ports into the communication
system. The security measures should
also control the calling privileges users
will have access to.