Security Issues

Front-Ending Remote Access

Via this method, authorized external callers are given a VDN extension to call instead of the remote access extension, which is kept private. The corresponding call vector can then implement a number of security checks before routing callers to the remote access extension. Routing can be done via a route-to number or route-to digits step.

The following advantages are possible via this method.

Call Vectoring can introduce a delay before the dial-tone is provided to the caller. Immediate dial-tone is often one criterion searched for by a hacker’s programs when the hacker is trying to break into a system.

A recorded announcement declaring that the use of the switch services by unauthorized callers is illegal and that the call is subject to monitoring and/or recording can be played for the caller.

Call Prompting can be used to prompt for a password. In such a case, the call is routed only if there is a match on the password.

Use of the remote access extension can be limited to certain times of the day or certain days of the week.

Real-time and historical reports on the use of the remote access feature can be accessed from BCMS and/or CMS.

Different passwords can be used on different days of the week or at different times during the day.

Many VDNs that call the remote access extension can be identified. Accordingly, individuals or groups can be given their own VDN with unique passwords, permissions and reports. Any abuse of the system or security leak can then be attributed to an individual or a group.

The caller can be routed to a VRU using the converse-onstep where more sophisticated security checking, such as speaker recognition, can take place.

Anyone failing any of the security checks can be routed to a ‘‘security” VDN that routes the caller to security personnel with a display set or to a VRU. Such a call would show ‘‘security’’ andpossibly also the attempted password on the display. If the call is passed to a VRU, the VDN, the ANI and/or the prompted digits can be captured. BCMS/CMS reports on this security violation VDN will give information on how often and when security violations occur.

Replacing Remote Access

For this method, the remote access extension is not used. One or more VDNs are designed to access call vectors that can employ all of the security checks described in the previous section. The same reports and monitoring/recording

I-2Issue 4 September 1995

Page 381 Page 383
Page 382
Image 382
AT&T 555-230-520 manual Front-Ending Remote Access, Replacing Remote Access
Page 381 Page 383
Top Page Image Contents