sccs 5 win2k security guide

Nortel Networks – Metro & Enterprise Networks

Symposium Call Center Server 5.0 Security Guide for Windows 2000 Issue 1.00 May 13, 2004

ABSTRACT

This guide describes the Symposium Call Center Server R5.0 security model and architecture, and the minimum security settings in Windows 2000 Server for a successful R5.0 installation and operation. The guide also provides security recommendations that customers can adopt to their own security policies and configurations.

NOTICE TO HOLDERS OF PAPER COPIES: Upon receipt of a new issue, destroy the previous issue or mark it “OBSOLETE”.

CONFIDENTIAL INFORMATION: The information contained in this document is the property of Nortel Networks. Except as specifically authorized in writing by Nortel Networks, the holder of this document shall keep all information contained herein confidential and shall protect same in whole or in part from disclosure and dissemination to all third parties.

Trademarks Nortel Networks Proprietary

ii Symposium Call Center Server 5.0 Security Guide for Windows 2000 Issue 1.00

Trademarks

The following are trademarks of Nortel Networks: Nortel Networks, BNR, ACD, BCS, CallPilot, DMS, DMS-100, DMS-250, DMS-MTX, DMS-SCP, DNC, DPN-100, DVS, DualMode, FastView, Helmsman, M2317, MAP, Symposium, Meridian Digital Centrex (MDC), Meridian, Meridian 1, Meridian Link, Meridian MAX, Meridian NAC, Meridian CCR, Meridian IVR, Meridian Terminal Emulator, MFA, Norstar, PowerTouch, SL-1, SL-100, SuperNode, Telesis, Unity.

Action Request System and AR System are trademarks of Remedy Corporation.

AMDEK is a trademark of Amdek Corporation.

ANSI is a trademark of the American National Standards Institute.

ClearCase is a registered trademark and ClearCase MultiSite is a trademark of Rational Software Corporation.

Continuus, continuus/CM, and Continuus/PT are trademarks of Continuus Software Corporation. CaseWare/CM, CaseWare/PT, CaseWare, ACCENT, and Amplify Control are registered trademarks of Continuus Software Corporation.

Courier is a trademark of Smith-Corona Corporation.

CT Connect, CT Media is a registered trademark of Dialogic.

Frame, FrameBuilder and FrameMaker are trademarks of Adobe Systems Incorporated.

Helvetica and Times are trademarks of Linotype AG or its subsidiaries.

InstallShield is a registered trademark of InstallShield Software Corporation.

Interleaf is a trademark of Interleaf, Inc.

Macintosh, Power Macintosh, and Apple are registered trademarks of Apple Computer, Inc. Mac OS is a trademark of Apple Computer, Inc.

Microsoft Windows, Microsoft Word, Microsoft Excel, PowerPoint, Microsoft Project, Microsoft File Extension, and MS-DOS are trademarks of Microsoft Corporation.

Novell is a trademark of Novell, Inc.

Olecera Chart is a trademark of KL Group Inc.

Portable Document Format is a trademark of Adobe Systems Incorporated.

PostScript is a trademark of Adobe Systems Incorporated.

SYBASE is a trademark of Sybase, Inc.

UNIX is a trademark of UNIX System Laboratories.

Versatility, Versatility Administrator, Versatility Call Blending, Versatility Campaign Plus, Versatility Insight, Versatility Predictive, Versatility Telesales / Teleservice are trademarks of Versatility Inc.

WinRunner, TSL and Context Sensitive are trademarks of Mercury Interactive Corporation.

© 2004 Nortel Networks Corporation

Approvals Nortel Networks Proprietary

Issue 1.00 Symposium Call Center Server 5.0 Security Guide for Windows 2000 iii

Approvals

Prepared By

Ronald Chan Date Support Engineer, Contact Center Technology Support Enterprise Networks, Call Center Technology & Solutions Nortel Networks Corporation

Reviewed and Approved By

Rick Medeiros Date Manager, Contact Center Technology & Dev Support Enterprise Networks, Call Center Technology & Solutions Nortel Networks Corporation

Eugene Garvin Date Senior Manager, Contact Center Server R&D Enterprise Networks, Call Center Technology & Solutions Nortel Networks Corporation

Revision history Nortel Networks Proprietary

iv Symposium Call Center Server 5.0 Security Guide for Windows 2000 Issue 1.00

Revision history

Issue Number Issue Date

Type of Review Reason(s) for Issue

Author(s)

0.01 March 16, 2004

Draft copy

Initial draft for internal review

Ronald Chan

0.02 April 27, 2004

Draft copy

Updates from internal review

Ronald Chan

1.00 May 13, 2004

Approval copy

Updates from external review

Section 2.1 Clarify Windows 2000 Server including both Standard and Advanced Edition

Section 4.2 Change web link to SCCS 5.0 product information page

Ronald Chan

Table of contents Nortel Networks Proprietary

Issue 1.00 Symposium Call Center Server 5.0 Security Guide for Windows 2000 v

Table of contents 1 Introduction ........................................................................................................ 1

1.1 Purpose............................................................................................................................... 1 1.2 Scope.................................................................................................................................. 1 1.3 Intended audience .............................................................................................................. 2

2 Security Models.................................................................................................. 3 2.1 Symposium Call Center Server security architecture ......................................................... 3

2.1.1 Symposium Call Center Server network security layer ......................................... 3 2.1.1.1 Standalone server ........................................................................................... 5 2.1.1.2 Embedded LAN configuration ......................................................................... 5 2.1.1.3 Customer LAN configuration ........................................................................... 5 2.1.1.3.1 Default network binding protocols ............................................................ 5 2.1.1.3.2 Static IP address....................................................................................... 6 2.1.1.3.3 DNS consideration.................................................................................... 6 2.1.1.4 Firewall ............................................................................................................ 6 2.1.2 Symposium Call Center Server server security layer ............................................ 8 2.1.2.1 Windows 2000 Server configuration ............................................................... 8 2.1.2.2 Windows 2000 security settings...................................................................... 9 2.1.2.3 Server configuration ........................................................................................ 9 2.1.3 Symposium Call Center Server application security layer..................................... 9 2.1.3.1 Database access security ............................................................................... 9 2.1.3.2 MAS security server ...................................................................................... 10 2.1.3.3 Remote backup and restore security ............................................................ 10

3 Default R5.0 server security settings and configuration .............................. 11 3.1 Default Windows 2000 Server configuration .................................................................... 11

3.1.1 Default installed Windows 2000 Server components .......................................... 12 3.1.2 Default Windows 2000 services .......................................................................... 16

3.2 Default Windows 2000 security settings........................................................................... 26 3.2.1 Default password policy....................................................................................... 27 3.2.2 Default account lockout policy ............................................................................. 28 3.2.3 Default user rights assignments .......................................................................... 28 3.2.4 Default security setting ........................................................................................ 36 3.2.5 Default IP security policy ..................................................................................... 40 3.2.6 Default audit policy .............................................................................................. 41

3.3 Default Symposium Call Center Server server configuration ........................................... 42 3.3.1 Default disk partitioning type ............................................................................... 42 3.3.2 Default Windows local users ............................................................................... 42 3.3.3 Default print server and file sharing configuration ............................................... 44 3.3.4 Default Internet access ........................................................................................ 44

4 Security recommendations ............................................................................. 45 4.1 Security risk management and policy............................................................................... 45

4.1.1 Risk management................................................................................................ 45 4.1.2 Security policy...................................................................................................... 46

4.2 Windows 2000 security patches and hot fixes.................................................................. 46 4.3 Windows 2000 user accounts and passwords ................................................................. 47 4.4 Anonymous logon ............................................................................................................. 48 4.5 Third-party applications .................................................................................................... 48 4.6 Anti-virus scanning ........................................................................................................... 50 4.7 Internet access ................................................................................................................. 53 4.8 E-mail access ................................................................................................................... 53 4.9 File and folder sharing ...................................................................................................... 53

Table of contents Nortel Networks Proprietary

vi Symposium Call Center Server 5.0 Security Guide for Windows 2000 Issue 1.00

4.10 File and folder permission................................................................................................. 53 4.11 Encryption ......................................................................................................................... 54 4.12 Microsoft Baseline Security Advisor ................................................................................. 55 4.13 SNMP Configuration ......................................................................................................... 58 4.14 Remote support access .................................................................................................... 58 4.15 Symposium Call Center Server backup and restore strategy .......................................... 59

5 Glossary............................................................................................................ 61

6 References........................................................................................................ 63

List of figure Nortel Networks Proprietary

Issue 1.00 Symposium Call Center Server 5.0 Security Guide for Windows 2000 vii

List of figure Figure 1 Symposium Call Center Server Security Architecture.................................................................... 3 Figure 2 Symposium Call Center Server Network Security Layer................................................................ 4

List of tables Nortel Networks Proprietary

viii Symposium Call Center Server 5.0 Security Guide for Windows 2000 Issue 1.00

List of tables Table 1 Symposium Call Center Server Default Network Protocols ............................................................ 6 Table 2 Symposium Call Center Server Ports Usage .................................................................................. 7 Table 3 Default Installed Windows 2000 Server Components ................................................................... 12 Table 4 Default Windows 2000 services .................................................................................................... 16 Table 5 Default Password Policy ................................................................................................................ 27 Table 6 Default Account Lockout Policy ..................................................................................................... 28 Table 7 Default User Rights Assignments.................................................................................................. 29 Table 8 Default Security Setting ................................................................................................................. 37 Table 9 Default IP Security Policy .............................................................................................................. 40 Table 10 Default Audit Policy...................................................................................................................... 41 Table 11 Default Symposium Call Center Server Windows Local Users ................................................... 43 Table 12 Symposium Call Center Server File and Folder Permission ....................................................... 54 Table 13 MBSA scanning items and Symposium Call Center Server recommendations .......................... 55

Introduction Nortel Networks Proprietary

Issue 1.00 Symposium Call Center Server 5.0 Security Guide for Windows 2000 1

1 Introduction

1.1 Purpose

Server security has become a critical issue in the software industry. It is important for customers to protect all the servers in their network environment (including Symposium Call Center Server) from various security attacks, threats, and vulnerabilities. Since each customer has their own security policies and requirements, it is impossible to present a single Symposium Call Center Server security configuration that will meet all customer needs. This guide describes the basic Symposium Call Center Server R5.0 security model and default security configuration for a successful Symposium Call Center Server R5.0 installation and operation. In addition, this guide includes a set of recommendations for security policies and configuration. Customers can adopt the default and recommended security policies and integrate them with their own security policy for the Symposium Call Center Server R5.0 server.

1.2 Scope

This guide covers the security model and guidelines for Symposium Call Center Server R5.0 (both nodal and NCC servers) running the Windows 2000 Server (Standard and Advanced Edition) operating system. It is not intended to be a comprehensive security guide for Windows 2000 Server, nor for the customer network itself. This guide is only applicable to Symposium Call Center Server R5.0 running on Windows 2000 Server (Standard and Advanced Server edition) platform and does not include earlier releases or other Symposium products, such as the regular Symposium Call Center Server Client application R4.0, Symposium Web Client 4.5, Symposium Express Call Center, or Symposium Web Center Portal.

The security settings and recommendations in this guide only cover the Symposium Call Center Server R5.0 server running with Windows 2000 Server (or Windows 2000 Advance Server) and do not include other components on the same network (for example, the M1 switch, desktop PC, Symposium Web Client application server etc.), or the actual customer network itself (for example, routers, firewalls etc.)

This guide does not include any actual procedures on how to show or change the Windows 2000 Server security settings. It assumes that the reader is familiar with security administration tools, either those supplied by Microsoft (for example, the Microsoft Management Console with appropriate plug-ins), or third-party software that is used to manage the listed security settings for Symposium Call Center Server.

Introduction Nortel Networks Proprietary

2 Symposium Call Center Server 5.0 Security Guide for Windows 2000 Issue 1.00

1.3 Intended audience

Caution

This guide contains sensitive security and configuration settings that a potential hacker can use to exploit the security risks of Symposium Call Center Server. Therefore, you must exercise caution and only release security settings information to people on a need-to-know basis.

This guide is intended to be used by anyone wishing to setup a security policy and configure Symposium Call Center Server R5.0 running on Windows 2000 Server within their own security environment. It assumes that the reader is familiar with all security subjects and features in Windows 2000 Server and in the customer network environment.

Security Models Nortel Networks Proprietary


2 Security Models

2.1 Symposium Call Center Server security architecture

The Symposium Call Center Server design incorporates various security features. Different security layers within the customer network, server PC, and the Symposium Call Center Server application provide overall system security. The Symposium Call Center Server security architecture can be divided into the following three major security layers:

• Network security

• Server security

• Application security

The relationship between the three security layers is shown in Figure 1.

Figure 1 Symposium Call Center Server Security Architecture

2.1.1 Symposium Call Center Server network security layer

The Symposium Call Center Server network security layer defines the network environment in which the Symposium Call Center Server R5.0 server should be configured. It also defines where the customer-supplied network firewall should be placed within the customer network to allow the server in Symposium Call Center Server and the Client (Standard Client and Web Client) to operate

Symposium Call Center Server network security (customer networks)

Symposium Call Center Server R5.0 server security

Symposium Call Center Server application security



properly. The network security layer protects Symposium Call Center Server from possible security attacks through the customer or external networks.

Figure 2 shows an overall Symposium Call Center Server network security layer within a typical customer network environment, including both the regular Symposium Call Center Server Client PC and Symposium Web Client.

Figure 2 Symposium Call Center Server Network Security Layer

Since each customer provides their own network and can have different configurations and requirements, it is impossible to provide a single network configuration for Symposium Call Center Server that meets all customer requirements. Therefore, Nortel Networks recommends you review and consider the following Symposium Call Center Server network and configuration settings when implementing your own network security and configuration settings.

northerntelecom

Telephone Switch

Symposium Call Center Server Server

ELAN Subnet

Symposium Call Center Server Clients

NCC Server Web Client Application Server

Nortel Networks Servers Subnet (CLAN)

Web Client Desktops

Corporate LAN

Firewall/Router

Nortel Contivity 1100

VPN connection for remote support access

SCCS Replication Server

SCCS Standby Server



2.1.1.1 Standalone server

Symposium Call Center Server (nodal and NCC server) is designed as a standalone server (Windows Workgroup) within the network instead of integrating with a Windows Domain. Symposium Call Center Server can coexist with and be located within a Windows Domain, but should not be registered in the domain. By configuring Symposium Call Center Server as a standalone server instead of integrating it with a Windows Domain, you minimize any exposure of the Symposium Call Center Server resources to the network and prevent domain users seeing and logging on to the server.

Symposium Call Center Server R5.0 does not require that any Windows Domain users log on to the server and does not need Windows 2000 Active Directory to operate, even though it runs within a Windows 2000 network environment.

2.1.1.2 Embedded LAN configuration

The Embedded LAN (ELAN) is used for the connection between the telephone PBX switch and Symposium Call Center Server. The ELAN carries all call traffic between the Symposium Call Center Server and the telephone switch (Meridian 1, Meridian IE, or CSE 1000). Symposium Call Center Server only requires a TCP/IP connection to the switch on the ELAN. There should not be a firewall between Symposium Call Center Server and the telephone switch.

For maximum ELAN call traffic performance and security, Nortel Networks recommends that the ELAN be completely isolated from other subnets, and from the external LAN or WAN within the network. Since the ELAN can also carry other telephone switch related traffic for other Nortel Networks products (for example, OTM), you must take into consideration these additional network configuration and security requirements to configure the ELAN (for example, adding a router/gateway or firewall between the ELAN and other subnets, the LAN or WAN).

2.1.1.3 Customer LAN configuration

Symposium Call Center Server (Nodal or NCC server) and the client PCs (both Symposium Call Center Server Client and Web Client) are connected through the Customer LAN (CLAN).

2.1.1.3.1 Default network binding protocols

The network connection protocol between Symposium Call Center server and the client PCs (both the Symposium Call Center Server Client and the Web Client application server) is based on TCP/IP. The Symposium Call Center Server Network Interface Card (NIC) should have the following default network protocol bindings:



Table 1 Symposium Call Center Server Default Network Protocols

Default network protocol Function

Client for Microsoft Network Allow Symposium Call Center Server to operate within the Microsoft network environment

File and Printer Sharing for Microsoft Network

Enabled by default. Must be enable for Symposium Call Center Server Remote Database Network Backup & Restore feature to work

Internet Protocol (TCP/IP) Base network protocol for Symposium Call Center Server

It is the implementation personnel’s responsibility to add additional binding protocols to the NIC, as necessary.

2.1.1.3.2 Static IP address

Symposium Call Center Server operates as a standalone server with a static IP address. The Symposium Call Center Server network interface must not be configured with DHCP.

2.1.1.3.3 DNS consideration

If a Domain Name Service (DNS) is configured and available on the CLAN, then the Symposium Call Center Server network interface should be registered with the specified DNS. If no DNS is available, then disable the DNS configuration in the Symposium Call Center Server network interface to prevent errors and possible performance impacts on the Symposium Call Center Server network connection.

2.1.1.4 Firewall

Symposium Call Center Server operates on two separate Embedded LAN (ELAN) and Customer LAN (CLAN) subnet configurations. The ELAN provides critical call traffic between Symposium Call Center Server and the telephone switch. For maximum network traffic performance and security, it is recommended that the ELAN be completely isolated from other subnets, or external LANs or WANs within the network. No firewall should be placed between Symposium Call Center Server and the telephone switch.



The Symposium Call Center Server Client or the Symposium Web Client application server is connected to the Symposium Call Center Server through the CLAN. The Remote Procedure Call (RPC) communication method is used between Symposium Call Center Server and the client PCs (both the Symposium Call Center Server Client and the Web Client application server). Since this communication method requires a large range of dynamic ports, it is not practical to implement a firewall between Symposium Call Center Server and the client PCs by restricting port access. However, you can place an appropriate firewall between the Symposium Web Client application server and the Web Client desktop PCs.

In spite of the requirement to open a very large range of ports in a firewall implementation, Nortel Networks acknowledge the fact that many customers have security policy that may requires knowing all ports being used by Symposium Call Center Server application. Table 2 lists all ports used between a Symposium Call Center Server and the Symposium Call Center Client, and between a Symposium Call Center Server and another Symposium Call Center Server or Symposium Call Center Web Client application server. The list does not include other base ports for Windows network connection, for example port 53 for DNS that may be needed in customer network configuration, and these ports should be known and provided by customers.

Table 2 Symposium Call Center Server Ports Usage

Port Number Functionality

Port 135 Microsoft Windows RPC Locator Service

Port 137 Microsoft NetBIOS Name Service (needed for SCCS Remote Database Backup & Restore feature if deployed)

Port 138 Microsoft NetBIOS Datagram Service (needed for SCCS Remote Database Backup & Restore feature if deployed)

Port 139 Microsoft NetBIOS Session Service (needed for SCCS Remote Database Backup & Restore feature if deployed)

Port 161 SNMP (needed if SNMP NMS is connected)

Port 162 SNMP Traps (needed if SNMP NMS is connected)

Port 530 Microsoft Windows RPC Courier Service.



Port Number Functionality (needed if Symposium TAPI server is connected)

Port 1024 to 65535 This is range of ports that can be used by RPC dynamic ports.

Note: There are other hard coded ports used by Symposium Call Center Server, however they all fall within the range of that need to be opened for RPC

It is the implementation personnel’s responsibility to provide and implement any firewalls.

2.1.2 Symposium Call Center Server server security layer

The Symposium Call Center Server R5.0 server security layer defines the security settings and configuration on the Symposium Call Center Server PC. The server security layer protects the Symposium Call Center Server PC from various security attacks and vulnerabilities. The security layer is implemented through security features included in the Windows 2000 Server operating system and through the appropriate server configuration. The overall server security layer consists of the following main security strategies:

• Windows 2000 Server configuration

• Windows 2000 security settings

• Server configuration

2.1.2.1 Windows 2000 Server configuration

The Windows 2000 Server configuration security strategy relies on the default Windows 2000 Server operating system installation and configuration. The default installation and configuration only installs and configures those Windows 2000 components that are required for proper Symposium Call Center Server R5.0 operation. By not installing any unnecessary Windows 2000 components, you minimize the risk of possible security attacks and vulnerabilities through these components. The details of the default Windows 2000 Server configuration are documented in section 3 of this guide.

For details installing Windows 2000 Server according to the default Symposium Call Center Server configuration, see the Nortel Networks Symposium Call Center Server Installation and Maintenance Guide for Release 5.0 [1].



2.1.2.2 Windows 2000 security settings

The Windows 2000 security setting strategy includes a set of default security settings and a users policy designed to protect Symposium Call Center Server by minimizing possible unauthorized access and changes to the server. For details, see section 3 of this guide.

2.1.2.3 Server configuration

The server configuration strategy includes a set of default server configuration settings, such as file system type partitioning, file sharing etc., that help minimize the exposure of the server to potential attackers. For details, see section 3 of this guide.

2.1.3 Symposium Call Center Server application security layer

The Symposium Call Center Server application security layer includes built-in security functions that protect critical information about the Symposium Call Center Server application, customer call center configuration and statistics from illegal access. The application security layer consists of the following major components:

• database access security

• MAS security service

• remote backup and restore security

2.1.3.1 Database access security

Database access security is controlled by the Sybase ASE 12 SQL Server access authorization component. Only authorized database user accounts with correct passwords can access the database through pre-assigned access rights. All critical call center configuration information and customer call statistics are stored in the database. Nortel Networks proprietary information is also stored in the database and can only be accessed by the “system administrator” (SA) account. Details of this account are considered Nortel Networks confidential and, therefore, are not released to any customers. Customers do not need to perform any database access or maintenance operations that require “SA” account access. Instead, customers use other Symposium Call Center Server user accounts to access the database and create custom call statistic reports.

Customers can access the database through the pre-defined “sysadmin” account and other Symposium Call Center Server user accounts created by the Symposium Call Center Server administrators or supervisors. The sysadmin account is different from the SA account. Customers can change the passwords for all created Symposium Call Center Server user accounts, including the pre-defined sysadmin account. In fact, for security purposes, customers must change



the default password for the sysadmin account when logging on to Symposium Call Center Server for the first time.

The database access security model further protects database integrity from unauthorized access and updates by providing pre-defined database views from which customers retrieve database information.

2.1.3.2 MAS security server

The MAS security server is a Symposium Call Center Server service that provides security authentication for the connection between the server in Symposium Call Center Server and Symposium Call Center Server Client PC. The Symposium Call Center Server Client must log on to Symposium Call Center Server through the MAS security service using a valid Symposium Call Center Server user account and password. The MAS security server encrypts and decrypts Symposium Call Center user account passwords using a proprietary algorithm.

Symposium Call Center Server user accounts are separate and different from the client PC’s local or network login account, and the server’s local Windows login accounts. The Symposium Call Center Server user account login does not require Windows login on the Symposium Call Center Server, nor does it require Windows Domain Controller or Windows 2000 Active Directory.

2.1.3.3 Remote backup and restore security

Symposium Call Center Server R5.0 supports database backup and restore on a remote network computer within the Symposium Call Center Server standalone server configuration. Procedures are provided to setup the proper local user account on both the remote backup computer and the server in Symposium Call Center Server to ensure that only assigned user accounts and privileges are used for the remote backup and restore. Customers must exercise proper security measures for the shared remote backup folder on the remote computer to prevent unauthorized access to the Symposium Call Center Server backup files.

Remote backup and restore configuration procedures are documented in Nortel Networks Symposium Call Center Server Installation and Maintenance Guide for Release 5.0 [1].

Default R5.0 server security settings and configurationNortel Networks Proprietary


3 Default R5.0 server security settings and configuration

Caution

This guide contains sensitive security and configuration settings that a potential hacker could use to exploit the security risks of the Symposium Call Center Server. Therefore, you must exercise caution and only release security settings information to people on a need-to-know basis.

3.1 Default Windows 2000 Server configuration

Symposium Call Center Server R5.0 includes a set of recommendations for the installation and configuration of the Windows 2000 Server operating system. When followed, these recommendations provide a security environment that satisfies most typical customer security requirements. To install and configure Windows 2000 Server according to these recommendations, follow the instructions listed in the Nortel Networks Symposium Call Center Server Installation and Maintenance Guide for Release 5.0[1]. The default configuration listed only covers the Windows 2000 Server operating system configuration and does not include any hardware platform-specific configuration or security settings.

The Windows 2000 Server configuration and security settings listed in this guide include both the default Symposium Call Center Server settings (as installed when you follow the guidelines documented in Nortel Networks Symposium Call Center Server Installation and Maintenance Guide for Release 5.0 [1]), and the minimum Symposium Call Center Server settings (the minimum setting required for Symposium Call Center Server R5.0 operation). Nortel Networks has verified the default Windows 2000 Server configuration as listed to ensure its compatibility with the proper Symposium Call Center Server installation and operation. Therefore, if you choose to alter the default Windows 2000 Server configuration to meet specific customer requirements, note that Nortel Networks will not have verified the impact of such change on the Symposium Call Center Server installation and operation. Customers who deviate from the recommended default Windows 2000 Server configuration must not change or exceed any of the listed Symposium Call Center Server minimum requirements, and must test their Windows 2000 Server configuration with Symposium Call Center Server R5.0 in a non-production environment before putting the configuration online.



3.1.1 Default installed Windows 2000 Server components

For proper Symposium Call Center Server R5.0 operation, Nortel Networks recommends installing only the required Windows 2000 Server operating system components. Table 3 lists the default Windows 2000 Server installed components and the minimum component requirements for proper Symposium Call Center Server R5.0 operation.

Table 3 Default Installed Windows 2000 Server Components

Windows 2000 component

Windows 2000 sub-component

Default Symposium Call Center Server configuration

Symposium Call Center Server minimum requirement

Accessories and Utilities

Accessibility Wizard

Installed No dependency

Accessories Installed No dependency

Communications Installed No dependency

Games Installed No dependency

Multimedia Installed No dependency

Certificates Service

Certificate Service CA

Not installed No dependency

Certificate Web Enrollment Support


Indexing Service Installed No dependency

Internet Information Service (IIS)

Common Files Not installed No dependency (must not be installed for security and performance consideration)

Documentation Not installed No dependency (must not be installed for security and performance






Symposium Call Center Server minimum requirement consideration)

File Transfer Protocol (FTP) Server

Not installed No dependency (must not be installed for security and performance consideration)

FrontPage 2000 Server Extension


Internet Information Service Snap-In


Internet Service Manager (HTML)


NNTP Service Not installed No dependency (must not be installed for security and performance consideration)

SMTP Service Not installed No dependency (must not be installed for security and performance







Visual InterDev RAD Remote Development Support


World Wide Web Server


Management and Monitoring Tools

Connection Manager Components


Network Monitor Tools


Simple Network Management Protocol

Installed Must be installed for sending Symposium Call Center Server event traps

Networking Service

COM Internet Service Proxy


Domain Name System (DNS)

Not installed No dependency (must not be installed for






Symposium Call Center Server minimum requirement security and performance consideration)

Dynamic Host Configuration Protocol (DHCP)

Not installed Must not be installed

Internet Authentication Service


QoS Admission Control Service


Simple TCP/IP Services


Site Server ILS Services


Windows Internet Name Service (WINS)








Other Network File and Print Services

File Service for Macintosh


Print Service for Macintosh


Print Service for Unix


Remote Installation Service


Remote Storage Not installed No dependency

Script Debugger Installed No dependency

Terminal Services Client Creator Files Not installed No dependency (recommend not to be installed for security and performance consideration)

Enable Terminal Services

Not installed No dependency (recommend not to be installed for security and performance







Terminal Service Licensing


Windows Media Services

Windows Media Service


Windows Media Service Admin


3.1.2 Default Windows 2000 services

When you install Windows 2000, the installation program creates and configures default Windows services that run when the system is started. Table 4 lists the default Windows 2000 services and the minimum service configuration for Symposium Call Center Server if the Windows 2000 Server is installed with the default Windows components (as listed in Table 3).

Table 4 Default Windows 2000 services

Windows 2000 service Default Symposium Call Center Server configuration


Alerter Automatic No dependency

Application Management Manual No dependency

ASM_Service Automatic (Disabled for NCC server)

Must be enabled for SCCS except for NCC server (built-in SCCS service)





AUDIT_Service Automatic Must be enabled for SCCS including NCC server (built-in SCCS service)

ClipBook Manual No dependency

COM+ Event System Manual No dependency

Computer Browser Automatic No dependency

DBNotifier_Service Automatic Must be enabled for SCCS including NCC server (built-in SCCS service)

DHCP Client Automatic No dependency

Distributed File System Automatic No dependency

Distributed Link Tracking Client Automatic No dependency

Distributed Link Tracking Server Manual No dependency

Distributed Transaction Coordinator

Automatic No dependency

DNS Client Automatic Must be enabled for Symposium Call Center Server if the server NIC is DNS enabled

EB_Service Automatic (Disabled for NCC server)


ES_Service Automatic (Disabled for NCC server)






Event Log Automatic Must be enabled for Symposium Call Center Server

Fax Service Manual No dependency

File Replication Manual No dependency

HDC_Service Automatic (Disabled for NCC server)


HDM_Service Automatic Must be enabled for SCCS including NCC server (built-in SCCS service)

Host Application Integration Automatic (Disabled for NCC server)

Must be enabled for Symposium Call Center Server if Data Integration Wizard is enabled in keycode (built-in SCCS service)

Indexing Service Manual No dependency

Internet Connection Sharing Manual No dependency

Intersite Messaging Disabled No dependency

IPSEC Policy Agent Automatic No dependency

IS_Service Automatic (Disabled for NCC server)


Kerberos Key Distribution Center Disabled No dependency

Licensing Logging Service Automatic No dependency





Logical Disk Manager Automatic Must be enabled for Symposium Call Center Server

Logical Disk Manager Administrative Service

Manual No dependency

MAS Backup/Restore Automatic Must be enabled for SCCS including NCC server (built-in SCCS service)

MAS Configuration Manager Automatic Must be enabled for SCCS including NCC server (built-in SCCS service)

MAS Event Scheduler Automatic Must be enabled for SCCS including NCC server (built-in SCCS service)

MAS Fault Manager Automatic Must be enabled for SCCS including NCC server (built-in SCCS service)

MAS LinkHandler Port #2 Automatic Must be enabled for SCCS including NCC server (built-in SCCS service)

MAS OM Server Automatic Must be enabled for SCCS including NCC server (built-in SCCS service)

MAS Security Automatic Must be enabled for SCCS including NCC server (built-in SCCS service)





MAS Service Daemon Automatic Must be enabled for SCCS including NCC server (built-in SCCS service)

MAS Service Manager Automatic Must be enabled for SCCS including NCC server (built-in SCCS service)

MAS Time Service Automatic Must be enabled for SCCS including NCC server (built-in SCCS service)

Messenger Disabled No dependency

MLSM_Service Automatic (Disabled for NCC server)


NameService Automatic (Not applicable to NCC server)

Must be enabled for Symposium Call Center Server (built-in SCCS Visibroker service)

NBNM_Service Automatic Must be enabled for SCCS including NCC server (built-in SCCS service)

NBTSM_Service Automatic (Disabled for NCC Server)


NCCOAM_Service Disabled (Automatic if it is a NCC server)

Must be disabled for SCCS except for NCC server (built-




Symposium Call Center Server minimum requirement in SCCS service)

NDLOAM_Service Automatic (Disabled for NCC server)


Net Logon Manual No dependency

Net Meeting Remote Desktop Sharing


Network Connections Manual No dependency

Network DDE Manual No dependency

Network DDE DSDM Manual No dependency

NITSM_Service Automatic (Disabled for NCC server)


NT LM Security Support Provider Manual No dependency

OAM_Service Automatic Must be enabled for SCCS including NCC server (built-in SCCS service)

pcAnywhere Host Service Automatic Must be enabled for Symposium Call Center Server remote support connection (built-in pcAnywhere service)

Performance Logs and Alerts Manual No dependency

Plug and Play Automatic No dependency

Print Spooler Automatic No dependency





Protected Storage Automatic No dependency

QoS RSVP Manual No dependency

RDC_Service Automatic (Disabled for NCC server)


Remote Access Auto Communication Manager


Remote Access Connection Manager


Remote Procedure Call (RPC) Automatic Must be enabled for Symposium Call Center Server

Remote Procedure Call (RPC) Locator

Manual Must be enabled for Symposium Call Center Server

Remote Registry Service Automatic No dependency

Remote Storage Automatic No dependency

Routing and Remote Access Disabled No dependency

RSM_Service Automatic (Disabled for NCC server)


RunAs Service Automatic Must be enabled for Symposium Call Center Server

SDMCA_Service Automatic (Disabled for NCC server)






SDP_Service Automatic (Disabled for NCC server)


Security Accounts Manager Automatic Must be enabled for Symposium Call Center Server

Server Automatic Must be enabled for Symposium Call Center Server

Smart Card Manual No dependency

Smart Card Helper Manual No dependency

SNMP Service Automatic Must be enabled for sending Symposium Call Center Server traps

SNMP Trap Service Manual Must be enabled for sending Symposium Call Center Server traps

Sybase BCKServer_<computername>_BS

Automatic Must be enabled for SCCS including NCC server (built-in Sybase service)

Sybase MONServer_<computername>_MS

Manual Must be enabled for SCCS including NCC server (built-in Sybase service)

Sybase SQLServer_<computername>

Automatic Must be enabled for SCCS including NCC server (built-in Sybase service)





Sybase XPServer_<computername>_XP

Manual Must be enabled for SCCS including NCC server (built-in Sybase service)

System Event Notification Automatic No dependency

Task Scheduler Automatic Must be enabled for Symposium Call Center Server

TCP/IP NetBIOS Helper Service Automatic Must be enabled for Symposium Call Center Server Remote Network Database Backup & Restore feature to function

Telephony Manual No dependency

Telnet Manual No dependency

Terminal Service Disabled No dependency (recommend Disabled for Symposium Call Center Server)

TFA_Service Automatic (Disabled for NCC server)


TFABRIDGE_Service Automatic (Disabled for NCC server)


TFE Bridge Connector Manual (Disabled for NCC server)

Must be enabled for SCCS except for




Symposium Call Center Server minimum requirement NCC server (built-in SCCS service)

TFE_Service Automatic (Disabled for NCC server)


Uninterrupted Power Supply Manual No dependency

Utility Manager Manual No dependency

VSM_Service Automatic (Disabled for NCC server)


Windows Installer Manual Must be enabled for Symposium Call Center Server

Windows Management Instrumentation


Windows Management Instrumentation Driver Extension


Windows Time Manual No dependency

Workstation Automatic Must be enabled for Symposium Call Center Server

3.2 Default Windows 2000 security settings

The Windows 2000 Server operating system on the Symposium Call Center Server R5.0 server is protected by the Windows 2000 local security policy. Since Symposium Call Center Server R5.0 does not require Active Directory to work, Windows 2000 Group Policies will not be discussed in this guide.



As part of Symposium Call Center Server R5.0, Nortel Networks recommends a set of default security settings for the Windows 2000 local security policy that provides a security environment for most typical customer security requirements. Nortel Networks has verified that this default Windows 2000 local security policy is compatible with the proper Symposium Call Center Server installation and operation. Therefore, if you choose to alter the default Windows 2000 security policy (both local and group policy) to meet specific customer security requirements, note that Nortel Networks will not have verified the impact of such a change on the Symposium Call Center Server installation and operation. Customers who deviate from the recommended default Windows 2000 Server security policy (both local and group policy) must not change or exceed any of the listed Symposium Call Center Server minimum requirements, and must test their Windows 2000 Server security policy with Symposium Call Center Server R5.0 in a non-production environment before putting the policy online.

3.2.1 Default password policy

Symposium Call Center Server R5.0 recommends the following default password policy (applicable to the installed Windows 2000 user accounts).

Table 5 Default Password Policy

Policy Default Windows 2000 setting


Enforce password history 0 password remembered No dependency

Maximum password age 42 days No dependency

Minimum password age 0 days No dependency

Minimum password length

0 characters Must be less than 6 characters for Symposium Call Center Server installation. Password length can be changed after Symposium Call Center Server installation.

Password must meet complexity requirements

Disabled Disabled for Symposium Call Center Server installation

Store password using Disabled No dependency





reversible encryption for all users in the domain

(recommend Disabled)

Since the installation of the Symposium Call Center Server application creates additional Windows accounts with default passwords, the Windows 2000 password policy should be in the default setting (as listed in Table 5) before you install Symposium Call Center Server. Customers can change the Windows 2000 password policy as required after the Symposium Call Center Server application, in which case, they must also make appropriate password changes for all local Windows accounts that are created with the Symposium Call Center Server installation. Nortel Networks recommends that all local Windows account passwords (including accounts created by Symposium Call Center Server) be changed from their default values immediately after installing Symposium Call Center Server.

3.2.2 Default account lockout policy

Table 6 lists the default account lockout security setting and the minimum requirements for Symposium Call Center Server R5.0.

Table 6 Default Account Lockout Policy



Account lockout threshold

0 invalid logon attempts No dependency

Account lockout duration Not defined No dependency

Reset account lockout counter after

Not defined No dependency

3.2.3 Default user rights assignments

Table 7 lists the default user rights assignments security setting and the minimum requirements for Symposium Call Center Server R5.0.



Table 7 Default User Rights Assignments

Policy Default groups with this policy

Default accounts with this policy


Access this computer from the network

NGen System, NGen Distributor, Everyone, Users, Power Users, Backup Operators, Administrator

Administrator, NGenSys, NGenDist, NGenDesign

Must be set for the NGen System, NGen Distributor, and Administrator groups.

Must be set for the Administrator, NGenSys, NGenDist, and NGenDesigner accounts.

Act as part of the operating system

NGen System, NGen Design

NGenSys, NGenDesign

Must be set for the NGen System, and NGen Design groups.

Must be set for the NGenSys, and NGenDesign accounts.

Add workstations to domain

NGen Distributor NGenDist, NGenDesign

Must be set for the NGen Distributor group.

Must be set for the NGenDist, and NGenDesign accounts.

Back up files and directory

Administrators, Ngen System, Ngen Distributor, Backup Operator

Administrator, NgenSys, NGenDist, NGenDesign

Must be set for the NGen System, NGen Distributor groups.

Must be set for the NGenSys,





Symposium Call Center Server minimum requirement NGenDist, and NGenDesign accounts.

Bypass traverse checking

Administrators, NGen Distributor, Backup Operators, Power Users, Users, Everyone


Must be set for the NGen Distributor group.

Must be set for the NGenSys, NGenDist, and NGenDesign accounts

Change the system time

NGen Distributor, Administrators, Power Users


Must be set for the NGen Distributor, and Administrators groups.

Must be set for the Administrator, NGenSys, NGenDist, and NGenDesign accounts.

Create a pagefile Administrators, NGen Design


Must be set for the Administrators, and NGen Design groups.


Create a token object


NGenSys Must be set for the NGen System, and NGen Design groups.






Must be set for the NGenSys account.

Create permanent shared objects


NGenSys Must be set for the NGen System, and NGen Design groups.

Must be set for the NGenSys account

Debug programs Administrators, NGen System, NGen Design


No dependency. If removed, Nortel Networks may request to set it again for diagnosing specific site problem.

Force shutdown from a remote system

Administrators, NGen Design


Must be set for the Administrators, and NGen Design groups.


Generate security audits

NGen Distributor NGenDist, NGenDesign

No dependency

Increase quotas Administrators, NGen Distributor


Must be set for the Administrators, and NGen Distrobutor groups.







Increase scheduling priority

Administrators, NGen System, NGen Design


Must be set for the Administrators, NGen System, and NGen Design groups.


Load and unload device drivers




Must be set for the Administrator, NGenSys, NGenDist, and NGen Design accounts.

Lock pages in memory


NGenSys, NGenDesign

Must be set for the NGen System, and NGen Design groups.

Must be set for the NGenSys, and NGenDesign





Symposium Call Center Server minimum requirement accounts.

Log on as a batch file

NGen System, NGen Distributor

NGenSys, NGenDist, NGenDesign

Must be set for the NGen System, and NGen Distributor groups.

Must be set for the NGenSys, NGenDist, and NGenDesign accounts.

Log on as a service

NGen System, NGen Distributor

NGenSys, NGenDist, NGenDesign

Must be set for the NGen System, and NGen Distributor groups.

Must be set for the NGenSys, NGenDist, and NGenDesign accounts.

Log on locally Administrators, NGen Distributor, TSInternetUser, Guest, Users, Power Users, Backup Operators


Must be set for the Administrators, and NGen Distributor groups.


Manage auditing and security log

Administrators, NGen Distributor



Must be set for the





Symposium Call Center Server minimum requirement Administrator, NGenSys, NGenDist, and NGenDesign accounts.

Modify firmware environment values


Administrator, NGenSys, NGenDist, and NGenDesign



Profile single process

Administrators, NGen System, NGen Design, Power Users




Profile system performance



Must be set for for Administrators, NGen System, and NGen Design groups.

Must be set for the Administrator, NGenSys, NGenDist, and





Symposium Call Center Server minimum requirement NGenDesign accounts.

Remove computer from docking station

Administrators, Users, Power Users


No dependency

Replace a process level token


NGenSys, NGenDesign

Must be set for the NGen System groups.

Must be set for the NgenSys accounts.

Restore files and directories

Administrators, NGen System, NGen Dsitributor, Backup Operators

Administrator, NGenSys, NGenDist, and NGenDesign

Must be set for the Administrators, NGen System, and NGen Distributor groups.


Shut down the system

Administrators, NGen Distributor, Backup Operators, Power Users



Must be set for the Administrator, NGenSys, NGenDist, and NGenDesign accounts

Take ownership of files or other

Administrators, NGen Distributor

Administrator, NGenSys,

Must be set for the Administrators,






objects NGenDist, NGenDesign

and NGen Distributor groups.


Deny access to this computer from the network

Not defined Not defined No dependency

Deny logon as a batch job


Deny logon as a service


Deny logon locally


Enable computer and user accounts to be trusted for delegation


3.2.4 Default security setting

Table 8 lists the default security setting and minimum requirements for Symposium Call Center Server R5.0.



Table 8 Default Security Setting



Number of previous logons to cache (in case domain controller is not available)

10 logons No dependency

Prompt user to change password before expiration

14 days No dependency

Amount of idle time required before disconnecting session

15 minutes No dependency

Allowed to eject removal NTFS media

Administrator No dependency

Allow system to be shut down without having to log on

Disabled No dependency (recommend Disabled)

Audit the access of global system objects

Disabled No dependency

Audit use of Backup and Restore privilege


Clear virtual memory pagefile when system shutdown


Digitally sign client communication (always)


Digitally sign server communication (always)


Digitally sign server communication (when possible)


Disable CTRL+ALT+DEL requirement for logon






Do not display last user name in logon session


Prevent system maintenance of computer account password


Recovery Console: Allow automatic administrative logon


Recovery Console: Allow floppy copy and access to all drives and all folders


Restrict CD-ROM access to locally logged-on user only


Restrict floppy access to locally logged-on user only


Secure channel: Digitally encrypt or sign secure channel data (always)


Secure channel: Require strong (Windows 2000 or later) session key


Send unencrypted password to connect to third party SMB servers


Shut down system immediately if unable to log security audits


Automatically log off users when logon time expires (local)

Enabled No dependency (recommend Enabled)





Digitally sign client communication (when possible)

Enabled No dependency

Prevent users from installing printer driver

Enabled No dependency (recommend Enabled)

Secure channel: Digitally encrypt secure channel data (when possible)


Secure channel: Digitally sign secure channel data (when possible)


Strengthen default permissions of global system objects (e.g. Symbolic Links)


Smart card removal behavior

No Action No dependency

Additional restrictions for anonymous connections

None. Rely on default permissions

No dependency

Allow server operators to schedule task (domain controllers only)

Not defined No dependency (recommend Not defined)

Rename administrator account

Not defined No dependency (recommend Not d1efined for Symposium Call Center Server installation)

Rename guest account Not defined No dependency

Unsigned driver installation behavior


Unsigned non-driver installation behavior






LAN Manager Authentication Level

Send LM & NTLM responses

No dependency (recommend remain in default setting)

Message text for users attempting to log on

On No dependency

Message title for users attempting to log on

On No dependency

3.2.5 Default IP security policy

Table 9 lists the default IP security policies assigned and the minimum requirements for Symposium Call Center Server R5.0.

Table 9 Default IP Security Policy

Name Description Default policy assigned


Client (Respond Only)

Communicate normally (unsecured). Use the default response rule to negotiate with servers that request security. Only the requested protocol and port traffic with that service is secured.

No No dependency (recommend No)

Secure Server (Require Security)

For all IP traffic, always require security using Kerberos trust. Do NOT allow unsecured communication with untrusted clients.


Server (Request Security)

For all IP traffic, always request security using Kerberos trust. Allow unsecured communication with clients that do not respond to




Name Description Default policy assigned


request

3.2.6 Default audit policy

Table 10 lists the default Windows 2000 audit policies and minimum requirements for Symposium Call Center Server R5.0.

Table 10 Default Audit Policy



Audit account logon events

No auditing No dependency

Audit directory service access

No auditing No dependency (recommend No Auditing to maximize Symposium Call Center Server performance)

Audit process tracking No auditing No dependency (recommend No Auditing to maximize Symposium Call Center Server performance)

Audit account management

No auditing No dependency

Audit policy change No auditing No dependency

Audit privilege use No auditing No dependency

Audit object access No auditing No dependency (recommend No Auditing to maximize Symposium Call Center Server




Symposium Call Center Server minimum requirement performance)

Audit logon events No auditing No dependency

Audit system events No auditing No dependency (recommend No Auditing to maximize Symposium Call Center Server performance)

3.3 Default Symposium Call Center Server server configuration

Nortel Networks recommends a default configuration for the Symposium Call Center Server R5.0 server that provides additional security for the server. Nortel Networks has verified the default configuration as listed to ensure its compatibility with the proper Symposium Call Center Server installation and operation. Therefore, if you choose to alter the default server configuration to meet specific customer requirements, note that Nortel Networks will not have verified the impact of such a change on the Symposium Call Center Server installation and configuration. Customers who deviate from the recommended default server configuration must not change or exceed any listed Symposium Call Center Server minimum requirements, and must test their server configuration with Symposium Call Center Server R5.0 in a non-production environment before putting the server online.

3.3.1 Default disk partitioning type

Symposium Call Center Server R5.0 supports Windows NTFS disk partitioning only. Windows NTFS provides additional security for server files. Symposium Call Center Server R5.0 requires that all disk partitions be NTFS.

3.3.2 Default Windows local users

Symposium Call Center Server R5.0 installs three additional Windows 2000 local users during the Symposium Call Center Server software installation. Table 11 lists the three default Symposium Call Center Server Windows local users and how the accounts are used.



Table 11 Default Symposium Call Center Server Windows Local Users

Default Symposium Call Center Server Windows local user

Used for Symposium Call Center Server minimum requirement

NGenSys Used by customer to log in to Symposium Call Center Server for regular server maintenance (for example, PEP/SU installation etc.).

Must not be removed or renamed from Windows

NGenDist Used by distribution channels and support personnel to log in to Symposium Call Center Server for maintenance and supports (for example, remote support login).

Must not be removed from Windows

NGenDesign Used by Nortel Networks to log in to Symposium Call Center Server. This account is reserved for Nortel Networks usage only.

Must not be removed from Windows

Since the Symposium Call Center Server application has a dependency on the NGenSys account, this account name must not be changed. Customers can change the account names for NGenDist and NGenDesign after the Symposium Call Center Server installation, but this will prevent distribution channels and Nortel support groups from using the default account names to perform Symposium Call Center Server maintenance or support.

All three default Symposium Call Center Server Windows local users are initially created with default passwords. Customers are encouraged to change the default passwords after successful Symposium Call Center Server installation. Procedures for changing the passwords for these default accounts are documented in the Nortel Networks Symposium Call Center Server Installation and Maintenance Guide for Release 5.0[1].



3.3.3 Default print server and file sharing configuration

The Symposium Call Center Server R5.0 default network setting enables Print Server and File Sharing in the installed protocol stack, but the Symposium Call Center Server configuration does not include a default print server or a shared network folder or file. It is a Symposium Call Center Server R5.0 minimum requirement that no print server be configured on the Symposium Call Center Server R5.0 server.

For security reasons, Nortel Networks recommends that customers do not share any Symposium Call Center Server folders or files over the network. In addition, Nortel Networks recommends that only the local Administrator and Symposium Call Center Server default Windows users be granted write access to Symposium Call Center Server folders. If customers need to download any Symposium Call Center Server files (for example, PEPs or SUs), then Nortel Networks recommends that they download them to a remote computer instead of directly to the Symposium Call Center Server. After downloading the file to the remote computer, the customer can then share it with the server in the Symposium Call Center Server over the network.

3.3.4 Default Internet access

By default, Windows 2000 automatically includes a version of Internet Explorer that you can configure and use for Internet access. However, since Symposium Call Center Server does not require an Internet connection, it is a Symposium Call Center Server R5.0 minimum requirement that the Internet connection remain un-configured. Nortel Networks stipulates that there should be no Internet or Intranet access directly from the Symposium Call Center Server R5.0 server. Failure to meet this requirement may expose the server to severe security risks.

Security recommendations Nortel Networks Proprietary


4 Security recommendations

This section includes recommended security practices for Symposium Call Center Server R5.0. Nortel Networks recommends that customers consider these suggestions when deciding on their own security policies and practices. This section is not intended to list security settings that meet specific customer requirements. Customers should review their security requirements and compare them with the default and minimum Symposium Call Center Server security settings and configuration (listed in section 3 of this guide), together with the security recommendations listed in this section, before deciding on the appropriate overall Symposium Call Center Server security configuration.

The following security recommendations are not intended to be a comprehensive security guideline for all security-related issues that customers might need to consider. These security recommendations are only intended to be used as guidelines when planning and implementing the proper Symposium Call Center Server R5.0 security policies and practices within your specific environment and according to your security requirements.

4.1 Security risk management and policy

Security threats are increasing constantly, and it is a high priority for all organizations to secure all resources on the network, including Symposium Call Center Server. There is no such thing as a completely secure Symposium Call Center Server that fully meets all the different customer security requirements. To secure Symposium Call Center Server, you must provide your own appropriate security risk management and policy plan.

Symposium Call Center Server R5.0 comes with a set of default security settings that meet most common security protection requirements. Nortel Networks has verified the default Windows 2000 Server configuration as listed to ensure its compatibility with the proper Symposium Call Center Server installation and operation. Therefore, if you choose to alter the default Windows 2000 Server operating system configuration to meet specific customer requirements, note that Nortel Networks will not have verified the impact of such a change on the Symposium Call Center Server installation and configuration. Customers who deviate from the recommended Windows 2000 Server configuration (as listed in section 3 of this guide), and must test their Windows 2000 Server configuration with Symposium Call Center Server R5.0 in a non-production environment before putting the configuration online.

4.1.1 Risk management

To provide a proper secure environment, you must examine your environment and assess the risks you currently face, determine an acceptable level of risk, and maintain the risk at or below acceptable level. Risk can be reduced by increasing



the security of your server and environment. As a general rule, the higher the level of security, the more costly the risk management policy is to implement and the more likely that reductions in functionality will occur. You must review the required security level and determine how it might impact Symposium Call Center Server.

4.1.2 Security policy

The security policy defines the procedures for configuring and managing security in your environment. Organizations may have a predefined general server security policy that can conflict with the Symposium Call Center Server default setting. You must review your security policy and determine how it can be implemented with Symposium Call Center Server. Since Symposium Call Center Server is designed as a special real-time call processing platform instead of a general purpose IT server, certain IT server security policies may not be compatible with Symposium Call Center Server. In this case, you may need to relax your security settings to meet the Symposium Call Center Server minimum requirements.

If you have additional local security policy changes for the Symposium Call Center Server, then you must apply the additional security policy after you install Symposium Call Center Server to minimize any possible conflict with the default setting that are made during installation.

4.2 Windows 2000 security patches and hot fixes

Microsoft constantly identifies new Windows 2000 security vulnerabilities. Nortel Networks will monitor and validate newly issued Windows 2000 service packs, security patches and hot-fixes that are applicable to Symposium Call Center Server R5.0. The list of applicable Microsoft service packs and security hot-fixes is documented in the Symposium Products Service Packs Compatibility and Security Hotfixes Applicability List that is available on Nortel Networks Partner Information Center Web site:

https://app12.nortelnetworks.com/cgi-bin/mynn/home/NN_prodDoc.jsp?BkMg=0&prodID=45280&progSrcID=-8026&whereClause=23&curOid=12460

Nortel Networks will occasionally issue security bulletins to warn customers of critical security issues and provide recommended actions. Customers should apply all recommended security actions from Nortel Networks at the earliest possible time.

Customers are encouraged to install the latest available Windows 2000 service packs that have been validated by Nortel Networks. You should schedule regular reviews of your configuration and apply the latest available Windows 2000 service pack as part of your security risk management plan.



Given the number of operating system security patches and the complexity inherent in any network, Nortel Networks recommends that you create a systematic and accountable process for identifying and applying security patches.

To help create such a process, you can follow a series of best practices guidelines, as documented in the National Institute of Standards and Technology (NIST) Special Bulletin 800-40, Procedures for Handling a Security Patches. This bulletin suggests that if an organization does not have a centralized group to coordinate the storage, evaluation, and chronicling of security patches into a library, then system administrators or the contact center administrator must fulfill this role.

In addition to these guidelines, whenever possible, Nortel Networks recommends that you follow Microsoft's recommendations regarding newly discovered vulnerabilities and that you promptly install any security patches issued by Microsoft.

Whenever possible, Nortel Networks incorporates the latest OS security recommendations and patches in an integrated solutions testing strategy during each test cycle. However, due to the urgent nature of security patches when vulnerabilities are discovered, Nortel Networks recommends that customers follow Microsoft's guidelines as they are issued, including any Microsoft installation procedures and security patch rollback processes that may be in place. Finally, you must make a full system backup before patching the system to ensure that a rollback is possible, if required.

4.3 Windows 2000 user accounts and passwords

Symposium Call Center Server R5.0 installs three default Windows 2000 local user accounts (NGenSys, NGenDist, and NGenDesign) with default passwords. The initial Symposium Call Center Server Windows account passwords include six characters (or less). To prevent Symposium Call Center Server software installation errors, you must ensure that the minimum password length in the Windows 2000 security policy does not exceed six characters before you install the software. You can change the password length and apply any additional changes to the account and password security policy after you install Symposium Call Center Server. If you increase the password length, you must also make the corresponding change to the passwords for the default Symposium Call Center Server Windows local user accounts.

All three default Symposium Call Center Server Windows local user accounts are created for a specific purpose. You must not change the account name for the NGenSys account. You may change the account names for NGenDist and NGenDesign. However, if you do so, you must provide these new account names to the Distributor/Nortel Networks Support personnel or they will not be able to use these default accounts to access the server remotely. If you change any of the default Symposium Call Center Server Windows local user account names, the



changed accounts will not be removed by the Symposium Call Center Server R5.0 software uninstall program, and instead must be removed manually.

For security reasons, customers are encouraged to change the passwords for these default accounts upon successful Symposium Call Center Server installation. If you change the password for the “NGenSys” account, then you must also update the Symposium Call Center Server Backup and Restore service password (refer to the Nortel Networks Symposium Call Center Server Installation & Maintenance Guide for Release 5.0[1] for the password change procedures).

You must not add any additional Windows 2000 user accounts to Symposium Call Center Server (except the account for the R5.0 Remote Database Backup and Restore feature). With the exception of the Administrator account, other default Windows 2000 accounts (for example, Guest) can be disabled or removed to increase the security of the server. If you change the default Administrator account name, it has no impact on the normal operation of the Symposium Call Center Server R5.0 server. However, it will cause the Platform Vendor Independence Check (PVI Check) utility to notify you that an invalid administrator account is being used. Therefore, Nortel Networks recommends that you change the Administrator account name only after you install the Symposium Call Center Server R5.0 software.

4.4 Anonymous logon

The Windows 2000 Server default installation allows you to log on remotely as “Anonymous,” a feature that can expose some server information. Since Symposium Call Center Server R5.0 does not require an Anonymous logon, Nortel Networks recommends that you disable the Anonymous logon by changing the Additional restriction for anonymous connections security policy to No access without explicit anonymous permission, or changing the “HKLM/SYSTEM/CurrentControlSet/Control/LSA/RestrictAnonymous” registry key value from the default value of “0” to “2”.

4.5 Third-party applications

Due to the mission-critical, real-time processing performed by Symposium Call Center Server, Nortel Networks stipulates that no other “application” class software be installed on the server, but that certain “utility” class software may be installed, providing that it conforms to the guidelines listed below.

• “Application” class software generally requires a certain amount of system resources and is not to be installed on the Symposium Call Center Server. The addition of third-party applications may cause a real-time system, such as Symposium Call Center Server, to operate outside of the known engineering limits and hence create potential unknown system problems (for example, CPU contentions, increased network traffic loading, disk access degradations, etc.)



• Certain third-party “utility” class software applications, such as hardware diagnostics or backup tools, generally require less system resources during the normal operations of Symposium Call Center Server and are, therefore, permitted. Exceptions are utilities that may cause system problems and degrade performance, such as screen savers. Anti-virus software is classed as a utility and is subject to the generic guidelines below, as well as to a specific series of recommendations detailed further in this guide.

Note: Third party backup software can only be used for offline full backups. The database backup must be performed using the utility provided by Symposium Call Center Server due to proprietary functions called upon during the backup routine.

Guidelines for “utility” implementations

1. During run-time, the utility must not degrade the Symposium Call Center Server system beyond an average 50 percent CPU utilization. Furthermore, the utility must not lower the minimum amount of free hard disk space required by Symposium Call Center Server and the Windows operating system.

2. The utility must not cause any improper software shutdowns or out of sequence shutdowns.

3. The utility must not administer the Symposium Call Center Server software.

4. If the utility has its own database, it must not impact the Symposium Sybase database.

5. A Disk Compression utility must not be used.

6. Memory Tweaking utilities (for example, WinRAM Turbo, Memory Zipper, etc.) that are used to “reclaim” memory unused by Microsoft must not be used.

7. The installation or un-installation of the utility class software must not impact/conflict with the Symposium Call Center Server software (for example, DLL conflicts). If it does impact/conflict with the Symposium Call Center Server software, then you may need to rebuild the server.

8. The installation or un-installation of the utility class software must not impact/conflict with the Symposium Call Center Server minimum security settings and configuration (for example, enabling IIS service, conflicts in the Windows 2000 security settings, etc.). If it does impact/conflict with the Symposium Call Center Server minimum



security settings and configuration, then you may need to rebuild the server.

9. The installation of the utility class software must be performed after the Symposium Call Center Server is installed.

10. The software must not be installed within the Symposium Call Center Server folder on the D: drive. Nortel Networks recommends that you install the software in its own folder on the C: drive.

11. The software must be virus free. Do not install any software when the origin of the software is not known.

It is the implementation personnel’s responsibility to perform tests to ensure that these conditions and recommendations are met prior to putting the server into production. As part of the fault diagnostic process, the Distributor/End User may be asked to remove third-party software.

4.6 Anti-virus scanning

Noted that the risk of virus infection on the Symposium Call Center R5.0 server is minimal due to the following reasons:

• The server requires limited access for support.

• Typically, only maintenance personnel have local access to the server and remote access through pcAnywhere.

• All Nortel Networks software distributions including PEPs and SUs are virus free.

• Customers are discouraged from installing non-Symposium Call Center Server software on the server, which minimizes the risk of encountering infected software on the server.

• Customers are discouraged from directly accessing the Internet from the server, which minimizes the risk of getting a virus through the Internet.

• There should be no e-mail activity of any kind on the Symposium Call Center Server R5.0 server, which eliminates any chance of getting a virus through e-mail.

• There should be no shared folders or files on the Symposium Call Center Server R5.0 server, which eliminates any chance of getting a virus through open file/folder sharing.



In spite of the above recommendations, Nortel Networks acknowledges the fact that many customers have security policies that may require that anti-virus software be installed on the Symposium Call Center Server R5.0 server.

Nortel Networks has carried out testing on a representative sample of anti-virus software packages (Norton, McAfee, and Innoculate) in order to determine the following generic guidelines for the use of anti-virus software:

• The Symposium Call Center Server software must be installed on the server before you install the anti-virus software. When the anti-virus software is installed, it is the implementation personnel’s responsibility to perform testing with the anti-virus software, in accordance with the guidelines for “utility” implementations outlined in section 4.5 of this guide.

• During PEP installations on both the client and server, all anti-virus functionality should be disabled (for example, firewalls, (passive) scanning, auto updates etc.) and should not be started up automatically until the entire Symposium Call Center Server installation procedure is complete. You may re-enable the anti-virus functionality afterwards, as required.

• If personal firewalls are enabled on the Symposium Call Center Server client PC, then the Report Listener may be flagged as trying to access the Internet. You must configure the ‘Properties’ to allow the Report Listener to access the Symposium Call Center Server R5.0 server through the firewall.

• Set virus scans to run on the server during off-peak hours, and not to start on the hour. Note that several maintenance tasks are automatically activated on Symposium Call Center Server at midnight, so an off-midnight time should be set for virus scans. Similarly, active virus scans should be disabled when running diagnostic traces or logs on the Symposium Call Center Server R5.0 server.

• Infected file quarantine policy on the Server and Client: The anti-virus software should not be configured to deal automatically with suspected infected files. In the event that infected files are located, do not attempt to replace or remove them. Contact your local Nortel Networks Support representative for assistance in determining if the files are part of the Symposium Call Center Server application, or a critical system file.

• Nortel Networks recommends that you exclude the following files from scanning:

F:\Nortel\Database\ <additional database drive>:\Nortel\Database



In addition, the following file should be excluded: D:\Nortel\ICCM\bin\Tools2.exe (You will encounter file access errors in the Scan Activity log if you do not exclude this file from scanning.)

• You must not connect the Symposium Call Center Server R5.0 server directly to the Internet to download virus definitions or updated files. In addition, Nortel Networks recommends that you do not connect the Symposium Call Center Server client PC to the Internet. Instead, you should download virus definitions and update files to another location on your network, and then manually upload to the Symposium Call Center Server R5.0 server. This is the same recommended procedure for downloading Symposium Call Center Server PEPs. This recommendation limits access to the Internet, and thus reduces the risk of downloading infected files.

• In addition, all PEP files, CD-ROMs, and floppy disks should be scanned prior to installing or uploading to the server. This practice minimizes any exposure to infected files from outside sources.

• SNMP alerting on virus confirmation: At this time, Nortel Networks has not tested this feature and is unable to ascertain whether it poses any potential risks to Symposium Call Center Server. It is, therefore, not recommended that you activate this feature.

• Capacity considerations: Note that running virus scan software can place an additional load on server in Symposium Call Center Server. It is the implementation personnel’s responsibility to run the Windows 2000 Server Performance Monitor tool on the server to gauge CPU utilization. If the anti-virus software scan causes the server’s average CPU utilization to exceed 50 percent for longer than 20 minutes, then the anti-virus software should not be loaded onto the Symposium Call Center Server R5.0 server.

Note:

• Nortel Networks does not provide support on the configuration of anti-virus software, but it will endeavor to offer guidance where possible. Questions or problems on anti-virus software should be directed to the appropriate vendor.

• The above recommendations are intended as guidelines only, and do not constitute a guarantee of compatibility. Nortel Networks does not plan to perform ongoing compatibility testing, or testing on other anti-virus packages.



• If performance or functionality issues are raised to Nortel Networks Support, as part of the fault diagnosis process, the customer/distributor may be asked to remove third-party utility software or anti-virus software.

4.7 Internet access

Internet access poses a major source of security risks, threats, and vulnerabilities to the server. By default, Windows 2000 Server installs Internet Explorer, which can be configured for accessing the Internet. Since Symposium Call Center Server R5.0 does not require Internet access, Nortel Networks recommends that you refrain from accessing the Internet or Intranet directly from the Symposium Call Center Server R5.0 server.

Nortel Networks recommends that if you require access to the Nortel Networks Web site (for example, to obtain the latest PEP/SU etc.), then you should use a separate PC that is virus free.

4.8 E-mail access

Electronic mail (e-mail) and applications using the SMTP service are a major source of security risks, threats, and vulnerabilities. By default, Windows 2000 Server installs Outlook Express, which can be configured to access an e-mail system. Since Symposium Call Center Server R5.0 does not require SMTP service, Nortel Networks recommends that you refrain from accessing any e-mail systems or installing any applications that will enable the SMTP service on the Symposium Call Center Server R5.0 server.

4.9 File and folder sharing

One of the most common forms of malicious code attack (for example, the Code Red and Nimda viruses) occurs through file and folder sharing on the server. By default, Symposium Call Center Server R5.0 does not include any shared folders or files on the server. To help maintain a secure environment, you must not share any installed file or folder at any time. Nortel Networks recommends that you refrain from granting write access permissions to any files or folders (except for the default permissions granted by Symposium Call Center Server) on the Symposium Call Center Server R5.0 server. If there is an absolute need to share files or folders on the server, then you must be cautious when granting write access permission to users on your network and remove the shared access immediately after the user completes the required task.

4.10 File and folder permission

By default, Windows 2000 grant “Everyone” group with Full Control permission for all disk drives without other account or group. This default permission allows everyone accessing the server can have full control on all files and folders, and it is considered as a high security risk. It is a common security policy and practice to



remove the “Everyone” group permission for all disk drives and add specific Windows user account or group with specific permission. Symposium Call Center Server supports the removal of the “Everyone” group as long as the following recommended accounts and groups as listed in Table 12 are added to the specified disk. Symposium Call Center Server can fail to operate if these recommended accounts and groups are not added with the required permission.

Table 12 Symposium Call Center Server File and Folder Permission

Account/Group Permission Applied to Granted Disk

Administrators Full Control This folder, Subfolders and files

All drives

SYSTEM Full Control This folder, Subfolders and files

All drives

Creator Owner Full Control Subfolders and files C: drive only (Microsoft’s recommendation)

Everyone Read & Execute This folder only Root of C: drive only (Microsoft’s recommendation)

Read This folder, Subfolders and files

D: drive only (do not need this permission for normal Symposium Call Center operation, only needed for running automatic test suite by Nortel Networks product verification group)

4.11 Encryption

Windows 2000 supports file and folder encryption. However, Symposium Call Center Server R5.0 does not support or require any form of file and folder encryption by Windows 2000. You must not attempt to encrypt any installed Symposium Call Center Server files or folders, including all Symposium Call Center Server database folders and files. If Windows 2000 encryption is enabled



on any Symposium Call Center Server database folders or files, it will corrupt the database. In this case, Symposium Call Center Server can only be recovered by re-installing and then restoring the database from the latest available database backup.

4.12 Microsoft Baseline Security Advisor

Symposium Call Center Server R5.0 is compatible with the Microsoft Baseline Security Advisor (MBSA) security tool. You can use this tool to scan the Symposium Call Center Server R5.0 server to check if it meets the Microsoft baseline security recommendations for Windows 2000 Server. If you want to run the MBSA tool against the Symposium Call Center Server R5.0 server, then Nortel Networks recommends that you run this tool after the Symposium Call Center Server R5.0 software is installed. Due to the default configuration of Symposium Call Center Server R5.0, the MBSA may issue certain security non-compliance statements or warnings. Table 13 lists the typical MBSA version 1.2 scanning items and Nortel Networks recommendations for Symposium Call Center Server.

Table 13 MBSA scanning items and Symposium Call Center Server recommendations

MBSA scanned item Symposium Call Center Server recommendation

MSXML Security Updates

MBSA may indicate that latest security updates are out-of-date. Symposium Call Center Server has no dependency on the MSXML, and it is customer’s option to install the latest MSXML security update as recommended by Microsoft.

Windows Security Updates

MBSA may indicate that the latest critical security updates are missing. Check against the latest Symposium Products Service Packs Compatibility and Security Hotfixes Applicability list for applicable Microsoft security updates and installed all applicable security updates.

Microsoft VM Security Updates

MBSA may indicate that latest security updates are out-of-date. Symposium Call Center Server has no dependency on the Microsoft VM, and it is customer’s option to install the latest Microsoft VM security update as recommended by Microsoft.

Office Security Updates MBSA may indicate that latest security updates are out-of-date. Symposium Call Center Server has no dependency on the Microsoft Office, and it is



MBSA scanned item Symposium Call Center Server recommendation customer’s option to install the latest Microsoft Office security update as recommended by Microsoft.

Windows Media Player Security Updates

MBSA may indicate that latest security updates are out-of-date. Symposium Call Center Server has no dependency on the Windows Media Player, and it is customer’s option to install the latest Windows Media Player security update as recommended by Microsoft.

MDAC Security Updates MBSA may indicate that the latest critical security updates are missing. Check against the latest Symposium Products Service Packs Compatibility and Security Hotfixes Applicability list for applicable Microsoft security updates and installed all applicable security updates.

Restrict Anonymous MBSA may indicate non-compliance. Restrict anonymous access as recommended by Microsoft.

Administrators MBSA may warn that more than two administrators are found in the computer. Check and confirm that only the “Administrator”, “NGenSys”, “NGenDist”, “NGenDesign”, and the remote database backup and restore users are listed in the Administrator group. Remove any additional administrator accounts.

Password Expiration MBSA may warn that all user accounts have non-expiring passwords. “NGenSys” and the remote database backup and restore users must be configured with non-expiring passwords. Other users can be configured with password expiration, as required.

Internet Connection Firewall

Internet Connection Firewall is not available on Windows 2000 platform. MBSA should indicate Internet Connection Firewall is not installed or configured properly, or is not available on this version of Windows.

Local Account Password Test

MBSA may warn that some user accounts have blank or simple passwords, or could not be analyzed. The passwords for the Symposium Call Center Server default local accounts (NGenSys, NGenDist, and NGenDesign) should pass this test. Check and change user passwords if required.



MBSA scanned item Symposium Call Center Server recommendation

Automatic Updates MBSA may indicate non-compliance. Recommend to review and configure the server with the appropriate method to obtain the Microsoft updates.

File System MBSA should indicate that all hard drives are using the NTFS system. Repartition and reinstall Symposium Call Center Server if any software or database drives used by Symposium Call Center Server are not using NTFS.

Autologon MBSA should indicate that Autologon is not configured on this computer. Remove Autologon if configured.

Guest Account MBSA should indicate that the Guest account is disabled on this computer. Disable or remove the Guest account if enabled.

Auditing MBSA may suggest turning on Auditing. Follow the Symposium Call Center Server R5.0 guidelines on the auditing policy (section 3.2.6 of this guide).

Services MBSA may suggest removing unneeded services (for example, Remote Access Connection Manager, Telnet etc.). Do not remove the Remote Access Connection Manager if the RAS method is used for a remote access (pcAnywhere) connection instead of direct modem. Since Symposium Call Center Server does not require the Telnet service, you can remove it as recommended by Microsoft. Review other listed unneeded services and disable them if they are not listed as Symposium Call Center Server required services (section 3.1.2 of this guide).

Shares MBSA may suggest shares on the server. Ensure that only the system default shares are on the server with the proper permissions. Symposium Call Center Server does not require any additional share to work.

Windows Version MBSA must list the Windows version as the Windows 2000 Server version.

IIS Status MBSA should indicate that this service is not running on the computer. Remove the IIS service if it is



MBSA scanned item Symposium Call Center Server recommendation running.

SQL Server/MSDE Status

MBSA should indicate that SQL Server and/or MSDE is not installed on this computer. Remove SQL Server and/or MSDE if it is installed.

IE Zones MBSA may indicate that Internet Explorer zones do not have secure settings for access. It is acceptable for Symposium Call Center Server if IE is not configured and used for Internet access.

Macro Security MBSA should indicate that no Microsoft Office products are installed. Remove all Microsoft Office products from the server.

4.13 SNMP Configuration

Symposium Call Center Server R5.0 supports sending Symposium Call Center Server error and alarm events as SNMP traps only, and no other SNMP functions are provided. Nortel Networks recommends the following security configuration to reduce the security risk from SNMP service:

• If no SNMP service (including receiving Symposium Call Center Server SNMP traps) is required by a NMS on the customer network from the Symposium Call Center Server, Nortel Networks recommends you to disable or remove the SNMP Service and SNMP Trap Service from the Windows services. Disabling or removing the SNMP Service and SNMP Trap Service only disable the Symposium Call Center Server capability to send error and alarm events as SNMP traps and will not interfere with other Symposium Call Center Server functions.

• Nortel Networks recommends using a customer defined community name instead of the well known “public” community name for SNMP traps.

• Nortel Networks recommends configuring SNMP Service to accept SNMP packets only from a specified list of known SNMP hosts instead of accepting SNMP packets from any host.

4.14 Remote support access

Symposium Call Center Server R5.0 supports remote connection to the server through pcAnywhere so that Distributors/Nortel Networks support groups can perform remote server maintenance. Customers can configure either a direct



modem, Remote Access Service (RAS), or VPN (with Nortel Networks Contivity product) connection method.

Nortel Networks recommends the VPN connection method together with the proper firewall or subnet isolation between the Symposium Call Center Server network subnet and the corporate network, as it provides a secure connection that minimizes the risk of exposing other customer network resources to the remote connection.

To prevent illegal access to the Symposium Call Center Server R5.0 server through the remote connection, you must configure the appropriate pcAnywhere and RAS (if configured) logon accounts and passwords. Nortel Networks recommends that you do not use any default or simple passwords for the pcAnywhere and RAS logon accounts.

For security reason, a firewall may be placed before the Symposium Call Center Server in the network path for the remote connection. In order to allow pcAnywhere remote session to be successful, the port 5631 (TCP) and port 5632 (UDP) must be opened.

4.15 Symposium Call Center Server backup and restore strategy

A proper Symposium Call Center Server backup and restore strategy is critical to recover the Symposium Call Center Server R5.0 sever in event of virus infection or server security damage beyond repair. The Symposium Call Center Server R5.0 Standby Server function does not replace the requirement of regular Symposium Call Center Server backup. It is important to note that Symposium Call Center Server backup and restore strategy must be included as part of your security risk management plan. Nortel Networks recommends that you schedule and perform regular Symposium Call Center Server database backups (local tape or remote database backups). In addition, you must have an up to date Symposium Call Center Server Platform Recovery Disk (PRD) stored in a secure place. Nortel Networks recommends that you create a new PRD whenever there is a Symposium Call Center Server platform configuration change (for example, if you run the Symposium Call Center Server R5.0 Server Setup Configuration Utility, Database Expansion utility, etc.).



[ This page is left intentionally blank ]

Glossary Nortel Networks Proprietary


5 Glossary

The glossary provided relates solely to this document.

CLAN Customer Local Area Network

DHCP Dynamic Host Connection Protocol

DNS Domain Name Service

ELAN Embedded Local Area Network

IT Information Technology

LAN Local Area Network

MAS Meridian Application Server

NCC Network Control Center

Nortel Networks Servers Subnet Previously known as CLAN

PC Personal Computer

PEP Performance Enhancement Package

PRD Platform Recovery Disk

RAS Remote Access Service

SCCS Symposium Call Center Server

SMTP Simple Mail Transfer Protocol

SU Service Update

WAN Wide Area Network

Glossary Nortel Networks Proprietary


[ This page is left intentionally blank ]

References Nortel Networks Proprietary


6 References [1] Nortel Networks Symposium Call Center Server Installation and Maintenance Guide,

Product release 4.2, Standard 1.0, April 2002

Nortel Networks Proprietary


[ Last Page ]

sccs 5 win2k security guide

Documents