Instruction manual

ManualsBrandsBetter Music Builder ManualsMicrophones and systemsVM-82U G3

291

292

293

294

295

296

297

298

299

300

Other products and services

9-6 Issue 9 May 2003

Security tips

The following tips are for the PassageWay Telephony Server administrator.

When the product is installed, do the following:

For Netware only:

■ Use the NetWare Administrator feature (NetWare 4.10 and 4.11) or

SYSCON utility (NetWare 3.12) to set the appropriate login and

password restrictions (for example, require users to have passwords

with a minimum length of 7 characters, enable password aging, and

so forth).

■ Use the NetWare Administrator feature (NetWare 4.10 and 4.11) or

SYSCON utility (NetWare 3.12) to enable the Intruder Detection

feature and to lock accounts after several invalid login attempts

have been made.

■ Enable the “Restrict users to Home Worktop” feature.

For Windows NT only:

■ Disable the Extended Worktop Access feature.

■ Take full advantage of Windows NT user manager administration,

including password options.

■ Take full advantage of Windows NT event log (for example, for

monitoring failed login attempts).

■ Educate administrative personnel about the capabilities of the

PassageWay Telephony Server. Administrators must understand that the

programming interface provides “third party control” capabilities. These

capabilities allow an end user application to monitor and control phones

other than the user's to the extent that the PassageWay Telephony

Server's security database will permit. Therefore, administrators must be

familiar with the procedures in the PassageWay documentation that

regulate what features a user may request and the phones and other

devices for which a user may request a feature.

■ There is little need for a device group that contains all devices, except

perhaps for tracking, billing, or a similar application. The presence of such

groups may be an indicator of unauthorized control, monitoring, or other

security problem. Limit the use of these groups to those who need them.

■ Similarly, minimize the use of the “exception list” feature in defining device

groups. An exception list gives permission to operate on all devices except

those explicitly named; therefore, an exception list is often a large device

group and has the same vulnerabilities as a device group containing all

devices.