Technical information
Security Measures
Issue 7 June 2001
4-29
Enter up to 10 barrier codes (use all seven digits) and assign each a COR
and COS that allow only necessary calls. The COR should be restricted so
that even if a hacker deciphers the barrier code, a valid authorization code
is still needed to make a call.
NOTE:
Use Remote Access only on an as-needed basis, and assign a
unique COR to each barrier code. Change the barrier codes
periodically. See ‘‘Remote Access Barrier Code Aging/Access Limits
(DEFINITY G3V3 and Later)’’ on page 4-66.
When assigning authorization codes used only to upgrade FRLs, use an
outward-restricted COR with the appropriate FRL. Use
change
authorization code
to display the Authorization Code-COR Mapping
screen.
NOTE:
Be sure to remove the authorization code whenever an authorized
user leaves the company or no longer needs the Remote Access
feature.
Consider using a special partition group for the Remote Access COR, and
then administer the AAR/ARS tables only for those external locations you
allow Remote Access users to call. Use
change cor to specify either the
Time-of-Day routing or partition group. Use
change ars analysis partition
to define the appropriate partition group.
Monitor authorization code usage with CDR. See ‘‘Call Detail Recording
(CDR) / Station Message Detail Recording (SMDR)’’ on page 4-52 for
further details.
For DEFINITY G2 and System 85:
Use PROC010 WORD1-4 to set COS 31 for Remote Access.
Use PROC285 WORD1 FIELD1 to require a barrier code for Remote
Access.
NOTE:
As an alternative, you can require an authorization code. However,
since only one code can be used to gain access to Remote Access,
more protection is provided when you require a barrier code to enter
Remote Access and then an authorization code to dial out of the
system.
Use PROC350 WORD2 FIELD1 = 26 to assign an access code that allows
you to change the barrier code using the attendant console.
When authorization codes are assigned, use PROC282 WORD1 FIELD2
to administer the lowest FRL you can.