Q. Why does InfoPlus ask for a Level 2 Password to perform a Security Audit on a Heritage Nortel Communication Server?

A. The purpose of a Security Audit is to find potential weak areas of the Communication Server's programming that may be subject to abuse or attack by unauthorized individuals. In many cases, it is the weakest link in the chain of security features that is attacked. For example, the most secure and well designed station programming is significantly compromised if you have a Limited Access Password of 0000 defined. Thus, for a Security Audit to have any significant value, all aspects of a Communication Server's defenses must be analyzed. Up to 101 administrative passwords can be defined for a Heritage Nortel system, and if any of them are too simple, or set up incorrectly, the rest of your security measures are compromised. The Level 2 Password is required to obtain information about these passwords, and the other features associated with administrative security, such as the use of Login Names and Lockout thresholds. In addition, it is required to determine the Secure Data Password which must be used to analyze significant features like Direct Inward System Access (DISA) and Authorization Codes. Without this information, the recommendations of the audit, intended to provide protection against unauthorized use, are weakened.

Q. Can the Security Audit be run without the Level 2 Password?

A. No. We cannot honestly say we've never audited a Heritage Nortel system without analyzing some of its most sensitive security features. That's not fair to our customers nor our reputation for providing reliable and accurate information.

Q. Giving Bristol Capital my Level 2 Password makes me nervous. What can I do to make sure this information doesn't fall into the wrong hands?

A. First, perform a back up of your Heritage Nortel system's data (from Load 43 - EDD) soon before the audit. This will give you a known copy of your data should you ever suspect unauthorized changes were made. After the audit, we highly recommend you change your Level 2 Password. In fact, we'll often suggest the change right in the audit if your password doesn't meet our recommendations. If your audit indicates your Level 2 password is unacceptable, use the reasons provided to define a more secure password in your Communication Server. Even if we indicate the password is acceptable, you should change it to a different password that is as complex or more complex than your current Level 2 Password. What makes a password complex is its length, lack of repeated or consecutive characters, use of both letters and numbers, and avoidance of using names, telephone numbers, serial numbers, etc.