10 The OCSS Settings Tab

The Oracle® Communications Security Shield (OCSS) Settings tab displays information that you need for installing the Cloud Communication Service and provides links to system-wide settings.

The OCSS Settings Tab Display and Operations

The Oracle® Communications Security Shield (OCSS) Settings tab provides links to dialogs where you set thresholds, behaviors, and enforcement actions for call traffic. The tab also includes a link to the Configuration Wizard. Before you install the Cloud Communication Service (CCS), refer to the CCS Configuration link which provides information that the CCS installation script requires you to supply.

The following screen capture shows the Settings tab landing page, which defaults to the CCS Configuration page.

This screen capture shows the settings page, which displays links in the navigation pane to the CCS Configuration, Autonomous Threat Protection dialog, Call Type Classification dialog, Reputation Score Classification dialog, and Configuration Wizard. The center pane shows the CCS Configuration page, which is the default display.

CCS Configuration—Displays information that you need to provide when installing the Cloud Communication Service. (You cannot edit the information displayed here.)

Number Normalization—Displays a table of Inbound Calling Number Normalization rules. The system provides two default rules. You can create up to twenty-three more rules.

Autonomous Threat Protection—Displays configuration dialogs for configuring General settings, Threat Vector Thresholds, and Domain Thresholds.

Call Type Classifications—Displays descriptions of call type classifications and provides configurable enforcement settings.

Reputation Score Classification—Displays descriptions of reputation score classifications and provides configurable enforcement settings.

Configuration Wizard—Displays the Configuration Wizard that you can use to set the initial configuration or edit an existing configuration.

Cloud Communications Service Configuration Settings

When you download Oracle® Communications Security Shield (OCSS) software and unpack the archive.tgz file, the system populates the CCS Configuration fields on the Settings tab with information you need when you run the Cloud Communications Service (CCS) installation script.

Access OCSS, click the Settings tab, and click CCS Configuration to see the CCS Configuration page.

Note:

You cannot edit this page from OCSS. Make edits through your Oracle Cloud Infrastructure (OCI) account.

This screen capture shows the CCS settings that OCSSC provides: OCSS Tenant ID, OCSSC FQDN, Identity Domain FQDN, Identity Domain ID, CCS Client ID, and CCS Client ID Secret.

See "Install, Configure, and Activate the Cloud Communication Service" in the OCSS Installation and Maintenance Guide.

Inbound Calling Number Normalization

Oracle® Communications Security Shield (OCSS) uses the E.164 format for phone numbers sent in the look-up API from the Oracle Communications Session Border Controller (OCSBC). Because OCSS is often deployed in scenarios that use phone number formats other than E.164, OCSS provides a way to normalize inbound calling numbers through translation rules.

Inbound calling number normalization rules translate phone numbers into the E.164 format when your OCSBC receives traffic that uses other phone number format conventions. OCSS can normalize inbound phone numbers from multiple SIP trunk providers, as well. In this way, OCSS can work with different countries, formats, and SIP Trunk providers.

To see the Number Normalization page, go to the Settings tab and click the Number Normalization link in the navigation pane. The following screen capture shows the Number Normalization landing page, which displays the Default Inbound Calling Number Normalization Rules along with the Enable-Disable toggle and the Add button.

This screen capture shows the Number Normalization landing page that you access from the Settings tab. The landing page displays the Enable-Disable control, the Add button, and a table of number normalization rules with columns (from left to right) named Rule Name, State, Calling Number Pattern, and Translation Pattern.

The Number Normalization table columns include:
  • Rule Name—Shows the list of rules in alphabetical order with no order of precedence for enforcement.
  • State—Shows whether the rule is enabled or disabled. Note: Regardless of the state, you can add, edit, and delete the rule.
  • Calling Number Pattern—Shows the regular expression that specifies a phone number pattern for non-conforming inbound calling numbers that you want OCSS to normalize into E.164 format. OCSS automatically generates the pattern from the settings you specify when adding or editing a normalization rule.
  • Translation Pattern—Shows the regular expression that specifies how to translate non-conforming inbound calling numbers that match the calling number pattern regular expression into E.164 format. OCSS automatically generates the pattern from the settings you specify when adding or editing a normalization rule.

Using number normalization rules is optional, and OCSS defaults to the disabled state. When no Number Normalization rule exists, OCSS uses the calling number as received in either the FROM or PAI. When Number Normalization rules exist, OCSS applies the rule to the calling number in the FROM and PAI. Phone number normalization works regardless of optional Header Manipulation Rules (HMR) on the Oracle Communications Border Controller that may manipulate the number.

Only a user assigned to the OCSS Configuration Editor role can add, edit, or delete phone Number Normalization rules. OCSS supports up to twenty-five number normalization rules, including the two default rules.

Note:

The Activity log captures changes to number normalization and provides a filter called Inbound Call Number Normalization to help you find the changes.

See Syntax for Inbound Number Normalization Regular Expressions and Add Inbound Phone Number Normalization Rules.

Default Inbound Calling Number Normalization Rules

Oracle® Communications Security Shield (OCSS) provides two default inbound calling number normalization rules. A user assigned to the OCSS Configuration Editor role can enable, disable (default), and edit the rules.

International rule for North America and Caribbean

When the calling number of an inbound call includes an International Direct Dialing (IDD) prefix of 011, remove the 011 prefix. For example: translate 01144206555121 to 44206555121.

The Inbound Number Normalization Rules table displays the following information.
  • Rule Name—International Inbound Calls in North America and Caribbean with 011 IDD Prefix (Remove IDD prefix)
  • State—Enabled
  • Calling Number Pattern—^011(\d*)$
  • Translation Pattern—$1

National rule for North America and Caribbean

National rule for North America and Caribbean. When the calling number of an inbound call is a ten digit E.164 number, prepend it with 1. For example, translate 2065551212 to 12065551212.

The Inbound Number Normalization Rules table displays the following information.
  • Rule Name—North America and Caribbean Domestic Calls (Prepend 1)
  • State—Enabled
  • Calling Number Pattern—^(\d{10})$
  • Translation Pattern—1$1

Inbound Calling Number Normalization Configuration Parameters

When you create a rule for inbound calling number normalization, Oracle® Communications Security Shield (OCSS) uses the settings in the Add dialog to create the regular expressions needed for normalizing phone numbers. You can add, edit, and delete rules with the service enabled or disabled.

The following screen capture shows the Add dialog for creating Inbound Calling Number Normalization rules.

This screen capture shows the Add dialog that displays the configuration parameters described in the following text.

Number Normalization Rule Configuration Parameters

Name—The rule name can contain up to 255 characters, so you can make the name descriptive and unique. The table on the Number Normalization page lists the rules in alphabetical order. OCSS enforces the rules in the following order of precedence:
  1. National Number Type in the order in which they were configured.
  2. International Number Type in the order in which they were configured.

State—The state of the rule, either enabled or disabled.

Number Type—The geographic scope of number you want normalized. Valid values: National | International.
  • National—The dialog displays the Number Length and Digits to Prepend fields.
  • International—The dialog hides the Number Length and Digits to Prepend fields.

Number Prefix—The leading digits (including the + character) of the inbound calling numbers that you want the calling number pattern to match.

Number Length—The length of the inbound calling numbers you want the call number pattern to match. You can specify the length of the number (including the + character) as any number, an exact number, or a range of numbers.
  • When you select Range, the dialog displays counters for setting the minimum and maximum number of digits.
  • When you select Exactly, the dialog displays a counter for setting the number.

Number of Leading Digits to Remove—The number of leading digits you want removed (including the + character).

Digits to Prepend—The digits you want OCSS to add, if any, to the inbound calling number for translation into the E.164 format. Valid values:
  • None—Hides the digits entry field.
  • Country Code—Displays the "Select Country" field and drop-down list.
  • Other—Displays a blank field where you can enter 1-15 digits.

Calling Number Pattern—Not directly configurable. Shows the regular expression for capturing non-conforming inbound calling numbers that you want OCSS to normalize into the E.164 format. OCSS generates and displays the pattern in the Add and Edit dialogs as you configure the rule. For example, the calling number pattern regular expression ^0(\d{6,9})$ describes phone numbers that start with 0 and are 7 to 10 digits long.

Translation Pattern—Not directly configurable. Shows the regular expression for how to translate non-conforming inbound calling numbers that match the calling number pattern into the E.164 format. OCSS generates and displays the pattern in the Add and Edit dialogs as you configure the rule. The regular expression consists of the Country Code or a 1-15 digit number (if specified) and $1. $1 captures the characters in the Calling Number Pattern regular expression included inside the parenthesis. For example, the translation pattern regular expression 31$1 adds a prefix of 31 to the captures (the phone number pattern characters in parenthesis), which translates the calling number 0206551212 to 31206551212.

Note:

OCSS automatically generates both the Calling Number Pattern and Translation Pattern regular expressions as you configure the rule using the Number Prefix, Number Length, Number of Digits to Remove, and Country Code to Append values you specify. See Syntax for Inbound Number Normalization Regular Expressions.

Syntax for Inbound Number Normalization Regular Expressions

Oracle® Communications Security Shield (OCSS) uses regular expressions to specify the patterns for inbound phone number normalization calling number matching and translation.

OCSS automatically generates or updates the regular expressions for both the Calling Number pattern and Translation pattern from the Number Prefix, Number Length, Number of Digits to Remove, and Country Code to Append values that you specify when you Add Inbound Phone Number Normalization Rules or Edit an Inbound Calling Number Normalization Rule. The following information describes the characters and syntax used in the regular expressions.

Regular Expression Syntax

Anchors

The regular expression uses anchor characters to match the beginning or end of a line.
  • ^ Matches the start of a line, not including the first character of the line.
  • $ Matches the end of a line, not including the last character or the line.

Marked Group

A section beginning with open parenthesis and ending with a closed parenthesis acts as a Marked Group. The string that matches the group pattern is preserved for later use.
  • ( ) Used to group expressions and to capture a set of characters for use in a back-reference.

Shorthand Character Classes

Shorthand expressions describe a class of characters, for example, \d matches any numeric digit.
  • \d Matches a numeric digit (0-9)

Repeaters

The repeater characters ( *, +, ?, and {} ) enable matching of a character, expression, or character class that is repeated.
  • * Match the preceding character or expression from zero to unlimited times.
  • [n] Match the preceding character or expression exactly n times.

Enable and Disable Inbound Calling Number Normalization Operations

A user assigned to the OCSS Configuration Editor role can enable or disable the Oracle® Communications Security Shield (OCSS) inbound calling number normalization feature as needed. The default state is enabled.

Before You Begin
  • Confirm that you are assigned to the OCSS Configuration Editor role.
The following procedure enables or disables the inbound calling number normalization feature.

Note:

You can enable or disable inbound calling number normalization rules individually.
  1. Access the Settings tab and click Number Normalization.
  2. On the Number Normalization page, click State and do one of the following:
    • Click Enabled. (Default)
    • Click Disabled.

Add Inbound Phone Number Normalization Rules

To specify how Oracle® Communications Security Shield (OCSS) transposes phone numbers from a variety of formats into the E.164 format, you can create up to twenty-three rules for inbound phone number normalization in addition to the two default rules.

Before You Begin
Use the following procedure to add Number Normalization rules.
  1. Access the Settings tab and click Number Normalization.
  2. On the Number Normalization page, click Add.
  3. In the Add dialog, do the following:
    • Name—Enter up to 255 characters to create a unique name or description for the rule.
    • State—Set the state for the rule. Valid values: Enabled | Disabled.
    • Number Type—Set the geographic scope of the number you want normalized. When you select National, the dialog displays the Number Length and Digits to Prepend fields. When you select International, the dialog hides the Number Length field and Digits to Prepend fields. Valid values: National | International.
    • Number Prefix—Set the leading digits (including the + character) you want removed from the inbound calling number. The number of digits (including the + character) you set here must match the number you set in the Number of Leading Digits to Remove parameter. For example, if you enter the prefix +44 here, you must set the Number of Leading Digits to Remove parameter to 3.
    • Number Length—Set the rule for matching the number length. When you select Range, the dialog displays controls for setting the minimum and maximum number of digits. Valid values: Any | Exactly | Range.
    • Number of Leading Digits to Remove—Set the number of leading digits you want removed (including the + character). The number you set here, must match the number of digits (including the + character) you entered in the Number Prefix parameter.
    • Digits to Prepend—Set a choice for the number of digits to prepend. Valid values: None—Hides the digits entry field. | Country Code—Displays the "Select Country" field and drop-down list. | Other—Displays a blank field where you can enter 1-15 digits.
    • Calling Number Pattern—Not directly configurable. As you configure the number normalization rule, OCSS auto fills this field based on your input from the preceding parameters.
    • Translation Pattern—Not directly configurable. As you configure the number normalization rule, OCSS auto fills this field based on your input from the preceding parameters.
  4. Do one of the following:
    • Click Add —Adds the rule to the table and closes the dialog.
    • Click Add Another—Adds the rule to the table, keeps the dialog displayed, and clears the settings so you can create another rule.

Edit an Inbound Calling Number Normalization Rule

A user assigned to the OCSS Configuration Editor role can edit an Oracle® Communications Security Shield (OCSS) inbound calling number normalization rule. OCSS updates the Calling Number Pattern and Translation Pattern as you edit the rule.

Before You Begin
  • Confirm that you are assigned to the OCSS Configuration Editor role.

Use the following procedure to edit Number Normalization rules.

  1. Access the Settings tab and click Number Normalization.
  2. In the table on the Number Normalization page, hover over the row that you want to edit.
    OCSS displays the pencil icon at the end of the row.
  3. Click the pencil icon.
    OCSS displays the Edit Number Normalization Rule dialog.
  4. Edit as many Inbound Calling Number Normalization Configuration Parameters as needed.
  5. Click Save.

Delete an Inbound Calling Number Normalization Rule

A user assigned to the OCSS Configuration Editor role can delete an Oracle® Communications Security Shield (OCSS) inbound calling number normalization rule.

Before You Begin
  • Confirm that you are assigned to the OCSS Configuration Editor role.

Use the following procedure to delete Number Normalization rules.

  1. Access the Settings tab and click Number Normalization.
  2. On the Number Normalization page, hover over the row that you want to delete.
    OCSS displays the trash can icon at the end of the row.
  3. Click the trash can icon and OK.
    OCSS deletes the rule.

Autonomous Threat Protection Settings

After you install the Oracle® Communications Security Shield (OCSS) service components, you can optionally change the default OCSS settings that control and manage call activity passing through your Oracle Communications Session Border Controller (OCSBC). The default settings allow the OCSS service to pass calls and perform services without further configuration or intervention. The default settings may or may not suit your business needs, so Oracle recommends that you consider the settings according to your needs and revisit them regularly. Adjusting the settings is a continuous process to engage in as your business evolves. You can make assessments and adjust the settings as needed, for example, to allow for marketing campaigns and daily call peaks.

The Settings tab provides an entry point to the dialogs that you use to set the Autonomous Threat Protection settings. When you click the link, the page header displays links to the pages for setting the General, Threat Vector Thresholds, and Domain Thresholds.

This screen capture shows the link on the Setting page that launches the Autonomous Threat Protection dialog where you can set thresholds for General, Threat Vector Thresholds, and Domain Thresholds.

See the following topics for information about the types of Autonomous Threat Protection settings shown in the preceding screen capture.

Autonomous Threat Protection General Settings

Threat Vector Thresholds

Domain Thresholds

Autonomous Threat Protection General Settings

On the Autonomous Threat Protection page, click General to display the settings that affect your deployment globally. Oracle recommends that you revisit these settings regularly because adjusting them is a continuous process as your business needs change. For example, you might need to adjust the settings to allow for marketing campaigns and daily call peaks.

This screen capture shows the settings available on the Autonomous Threat Protection Settings dialog. The following text describes the settings.

Service Domain Home Country—Your physical geographical location. The OCSS verifies that a call uses the same country code as the home country, which defines all other calls as international. No default.

Block Caller ID Spoofing—When enabled, the OCSS checks caller ID numbers to detect spoofs and blocks calls to potentially malicious caller IDs, regardless of the reputation score. Default: Disabled.

Block Unverified Callers—When enabled, the OCSS blocks inbound, unverified callers. Default: Disabled.

Block Anonymous Callers—When enabled, the OCSS blocks inbound calls that contain Anonymous in one or both of the FROM and P-Asserted Identity headers and one or both of the username and hostname parts. For example, suppose a fraudster removes the user identity and inserts anonymous@, private@, restricted@, user@example1.edu, null@ or other such entries in the FROM or the P-Asserted Identity (PAI) headers. The result makes the caller identification anonymous and unverifiable. You can block such calls. Also, when the FROM header includes a phone number and PAI is either not present or shows a phone number and the Privacy header includes any of the privileged values, such as: "ïd", "user", or "header",OCSS, blocks the call. Default: Disabled.

Block Inbound Calls that Fail STIR Validation—When enabled, OCSS overrides the reputation score enforcement action configuration for a call that failed STIR verification at your SIP trunk provider or your Service Provider and blocks the call. When disabled, OCSS uuses the final reputation score, Access Control List, or Call Type enforcement action to determine the enforcement action for a call that failed STIR verification at your SIP trunk provider or your Service Provider. When a call fails STIR verification and the configured enforcement action for the reputation score is other than "Block" (for example: Continue), OCSS applies the configured action and does not block the call. Default: Disabled.

Note:

The STIR validation indicator is received from the SIP Trunk provider or Communication Service Provider (CSP) in the INVITE. The STIR validation is not an action by OCSS. The CSP checks for presence of the parameter, and based on the value, determines whether the STIR validation failed in the service provider network.

See Edit General Settings.

Edit General Settings

Provisioning the Oracle® Communications Security Shield (OCSS) requires you to set the Service Domain Home Country to define which calls to consider as in-country. The other settings on the General page are optional.

  1. Do one of the following:
    1. From the Settings tab, click Autonomous Threat Protection, and click General.
    2. From the Dashboard, expand the Autonomous Threat Protection tile, click Edit Settings, and click General.
  2. In the General dialog, do the following.
  3. Click Save.

Threat Vector Thresholds

The Threat Vector Thresholds dialog on the Autonomous Threat Protection tab contains settings for managing risky call traffic and call flooding. Oracle sets the defaults for the thresholds, which you can change at any time with no reboot required. Oracle recommends that you revisit the Autonomous Threat Protection settings regularly because adjusting them is a continuous process as your business evolves. You can adjust the settings as needed, for example, to allow for marketing campaigns, daily call peaks, and other reasons for tightening or loosening control of call traffic volume.

This screen capture shows the Threat Vector Thresholds dialog where you can change the default settings for telephony denial of service, traffic pumping, and toll fraud for international numbers to suit your needs.

Network-wide TDoS and Overload Protection—Prevents a flood of calls coming in that creates a denial of service situation. Limits the number of incoming calls in a ten second window.
  • Call Attempt Rate Threshold—The number of call attempts per ten second window that you want to allow. Default: 1000. Valid values: 1-10,000.
  • Action—The action to take when the OCSS (OCSS) detects a network-wide TDoS and overload attack. Default: Allow. Valid values: Allow | Rate Limit.
Traffic Pumping—Sets upper and lower boundaries for the call attempt rate to prevent artificially high inbound call rates per interval of time.
  • Call Attempt Rate for Business Hours
    • Upper Threshold—Set the number of call attempts per second at which you want the session border controller to recognize call flooding and start performing the configured action during business hours. Default: 25.00 Valid values: 1.00-100.00
    • Lower Threshold—Set the number of call attempts per second at which you want the session border controller to resume allowing all calls after a call flooding incident that occurred during business hours. Default: 20.00 Valid values: 1.00-100.00
  • Call Attempt Rate for Non-Business Hours
    • Upper Threshold—Set the number of call attempts per second at which you want the session border controller to recognize call flooding and start performing the configured action during non-business hours. Default: 25.00 Valid values: 1.00-100.00
    • Lower Threshold—Set the number of call attempts per second at which you want the session border controller to resume allowing all calls after a call flooding incident that occurred during non-business hours. Default: 20.00 Valid values: 1.00-100.00
  • Action—Set the action you want the session border controller to perform when OCSS detects call flooding. Default: Continue. Valid values: Continue | Block | Rate Limit.
Toll Fraud (International Premium Numbers)—Helps the system to discover voice mail hijacking or PBX hacking.
  • Call Rate—The number of active calls to international premium numbers that you want to allow. Default: 100. Valid values: 1-10,000.
  • Call Attempt Rate—The number of call attempts to international premium numbers per session border controller per second that you want to allow. Default: 1000. Valid values: 1-100,000.
  • Call Duration Non-Bus Hrs—The total call duration (in seconds) for all calls to premium rate services, toll free numbers, and international destinations per second during non-business hours. Default: 1,800. Valid values:1-1,000,000.
  • Call Duration Bus Hrs—The total call duration (in seconds) for all calls to premium rate services, toll free numbers, and international destinations per second during business hours. Default: 3,600. Valid values:1-1,000,000.
  • Action—The action to take when the OCSS detects Toll Free Fraud. Default: Allow. Valid values: Allow | Block.

Enforcement Action Descriptions

The following enforcement actions apply to the preceding parameters

  • Allow—Lets the calls traverse the session border controller with no enforcement action.
  • Continue—Lets call evaluation continue to the next stage even when OCSS detects threats, anomalies, or incidents. No enforcement action is applied for the threat, anomaly, or incident until further processing of the reputation score indicates that the call is in a high-risk category. OCSS then applies the enforcement action you configured for the risk category. See Reputation Score Classification Descriptions.
  • Block—Terminates the calls to prevent them from traversing the session border controller.
  • Rate Limit—Drops calls randomly when the incoming call rate exceeds the configured call rate until the rate of calls no longer exceeds the configured rate.

See Edit Threat Vector Thresholds.

Edit Threat Vector Thresholds

Oracle provides the Oracle® Communications Security Shield (OCSS) software with default threat vector settings so the system is ready to run the threat algorithms, detect potential threats, and perform protective actions without further input. If you want to change any of the defaults, you can reset them. The following procedure lists the defaults, ranges, valid values, and actions that you can set according to the needs of your deployment. You do not need to restart the system after making changes, but you need to save the changes.

The following list describes the enforcement actions available for the parameters in this procedure.

  • Allow—Lets the calls traverse the session border controller with no enforcement action.
  • Continue—Lets call evaluation continue to the next stage even when OCSS detects threats, anomalies, or incidents. No enforcement action is applied for the threat, anomaly, or incident until further processing of the reputation score indicates that the call is in a high-risk category. OCSS then applies the enforcement action you configured for the risk category. See Reputation Score Classification Descriptions.
  • Block—Terminates the calls to prevent them from traversing the session border controller.
  • Rate Limit—Drops calls randomly until the rate of calls traversing the session border controller matches the configured Call Attempt Rate Limit.
  1. Do one of the following:
    1. From the Settings tab, click Autonomous Threat Protection, and click Threat Vector Thresholds.
    2. From the Dashboard, expand the Autonomous Threat Protection tile, click Edit Settings, and click Threat Vector Thresholds.
  2. In the Threat Vector Thresholds dialog, do the following.
  3. Click Save.

Domain Thresholds

The Domain Thresholds dialog contains settings that inform the Oracle® Communications Security Shield (OCSS) about how you want to manage risky call traffic within the OCSS domain. Domain means all of the components and configurations used by, and affected by, the OCSS. The OCSS domain does not refer to, or equate to, the domain used for your Oracle Communications Session Border Controller, for example. Oracle recommends that you revisit these settings regularly because adjusting them is a continuous process as your business evolves. You can make assessments and adjust the settings as needed, for example, to allow for marketing campaigns and daily call peaks.

This screen capture shows the thresholds that you can set to define call budget limits and alerts for calls that exceeded your duration limits. The dialog contains controls for adjusting the thresholds up and down.

Call Budget Indicator for Business Hours—The threshold for detecting unusual spikes to high-cost destinations during business hours. Default: 10,000. Range: 1-1,000,000.

Call Budget Indicator for Non-Business Hours—The threshold for detecting unusual spikes to high-cost destinations during non-business hours. Default: 1,000. Range: 1-1,000,000

See Edit Domain Thresholds.

Edit Domain Thresholds

The Oracle® Communications Security Shield (OCSS) provides certain settings that you can set for the domain.

The following procedure lists the defaults, ranges, valid values, and actions that you can set according to the needs of your deployment. You do not need to restart the system after making changes.
  1. Do one of the following:
    1. From the Settings tab, click Autonomous Threat Protection, and click Domain Thresholds.
    2. From the Dashboard, expand the Autonomous Threat Protection tile, click Edit Settings, and click DomainThresholds.
  2. In the Domain Thresholds dialog, do the following.
  3. Click Save.

Call Type Classifications

Certain incoming calls might represent low-value, no-value, or other unwanted calls to your business and you might want to get a more accurate understanding of such traffic so that you can mitigate the subsequent unwanted effects on your call center. For Premium Oracle® Communications Security Shield (OCSS) subscribers, the Settings tab includes a link to the Call Type Classification page. The page displays a set of call type classifications and definitions for low-value or no-value calls, along with configurable enforcement actions. You can monitor the success of your enforcement actions on the Threats by Count tile on the Dashboard and return to the Call Type Classifications page any time to change actions as needed.

The following screen capture shows the Call Type Classification page with descriptions of the classifications and the Enforcement Action drop-down menu.

This screen capture shows the Call Type Classification page, which describes the classifications and displays the controls that you use to define the enforcement action per call type.

Call Classifications and Descriptions

OCSS determines the probability of the call to be a fraud risk, a spam risk, or a call center call based on the behavior of the caller by way of the phone number. The behavioral determination is separate from the call scoring that yields the reputation score. Occasionally the probability curve can label a call with a Good or Acceptable reputation score label, but with a call classification such as Fraud Risk or Spam Risk. Consider such instances as anomalies. Oracle works continuously to fine-tune the algorithms to avoid such anomalies. The OCSS defines the call classifications, as follows.
  • Fraud Risk— Higher risk calls. OCSS determines the probability of the fraud risk of a call based on past behavior of the caller by way of the phone number. This type of call is not a call from a Fraud Risk department, but likely from a fraudster. Administrators may want to set the enforcement action to Redirect Call for advanced authentication.
  • Spam Risk—Medium to high risk calls. High probability that the call is a robocall or a spam call. Oracle recommends extra vigilance and readiness to terminate the call quickly. Only if you are confident in the risk assessment and do not have business objectives for answering such calls, administrators may consider blocking these calls.
  • Call Center Call—Low to medium risk calls. This category includes school announcements, public safety announcements, and Telemarketing calls. Call Center Calls might also include calls that are illegal. Administrators typically set the enforcement action to Continue.

    Note:

    Telemarketing calls can be a nuisance, but legal and useful. Although this category includes companies trying to sell services and goods, it also includes schools calling parents about a snow day or healthcare providers calling to make appointments for vaccinations. Use caution about selecting the Block enforcement action.
  • Spoofed Call—High Risk call. The phone number is invalid for some reason. For example the number is not assigned or is not allocated. Administrators typically set the enforcement action to Block, but only when corporate policies or prevailing regulations allow your company to block the call.

Enforcement Actions

The OCSS defines the enforcement actions, as follows:
  • Block—Denies the call.
  • Redirect—Redirects the call to the phone number that you specify.
  • Continue—
    • If the Access Control List enforcement is set to Allow, OCSS allows the call regardless of the enforcement action set for the reputation score.
    • If the response code from the call lookup is anything but Continue, OCSS performs the specified action.
    • If the response code from the call lookup is Continue, the call type is reported and no call enforcement is associated with this detection. Call enforcement depends on other threats detected or the reputation score enforcement and associated settings.

Note:

When there is a conflict between the Call Classification Type action and the Reputation Score Classification action, the Call Classification Type setting takes precedence.

Reputation Score Classification

From the Oracle® Communications Security Shield (OCSS) Settings tab, you can learn about reputation score classifications and set the enforcement action that you want the system to apply to each type of call classification.

When you click the Reputation Score Classification link, the Web GUI displays the reputation score call classifications that your subscription (Standard or Premium) supports along with the reputation score ranges, the possible enforcement actions, and descriptions of the classifications.

The following screen capture shows an example of the Reputation Score Classification page, which differs in detail between the Standard (shown here) and Premium subscriptions, but otherwise uses the same layout and design.. The colored rectangles in the banner at the top of the page provide a graphical representation of the classifications listed in the table below the banner. The colors and classifications correspond to those displayed in the Call Classifications tile on the Dashboard, which reports the number of calls per classification.

This screen capture shows an example of the Reputation Score Classification page, as described in the preceding text, which differs in detail between the Standard (shown here) and Premium subscriptions, but otherwise uses the same layout and design..

See the following topics for information about Reputation Score Classifications.

Reputation Score Classification Descriptions

Premium Subscription Reputation Score Classifications

Standard Subscription Reputation Score Classifications

Reputation Score Classification Descriptions

The Oracle® Communications Security Shield (OCSS ) reports risky call activity to you by way of the tiles on the Dashboard. To help make the data displayed on the tiles more easily understood, the OCSS service uses a set of color-coded reputation score classifications to display groups of calls according to their risk level. The classifications that you see depend upon the subscription level you purchased.

To see descriptions of the OCSS reputation score call classifications for your subscription level, go to the Settings tab and click Reputation Score Classification. The Reputation Score Classification page displays a general description for each call classification. Premium subscribers can click the information icons in the Description column for additional information.

The Reputation Score Classification page also shows the Reputation Score Range for each classification and the Enforcement Actions that you can set. The OCSS uses the enforcement actions when determining how to classify a call.

For detailed information about call classifications for each subscription level. See Premium Subscription Reputation Score Classifications and Standard Subscription Reputation Score Classifications.

Premium Subscription Reputation Score Classifications

You can obtain either the Standard subscription or the Premium subscription to the Oracle® Communications Security Shield (OCSS) service. Classifications for reputation scoring differ between the two, which affects what the Web GUI displays on the Dashboard and on the Reputation Score Classifications page. The following information describes the Premium call classifications.

The following screen capture shows the Premium Call Classifications, Reputation Score Ranges, Enforcement Actions, Descriptions, and the color coding that OCSS uses for the classifications throughout the Web GUI. This screen capture shows the list of call classifications for Premium subscribers. The multi-colored banner across the top lists the classification names. From left to right, they are Unclassified, Critical Risk, Severe Risk, Significant Risk, Suspicious, and Regular. The table header displays the following column headers from left to right: Call Classification, Reputation Score Range, Enforcement Action, and Description. The Call Classification column displays the following classifications from top to bottom: Unclassified, Critical Risk, Severe Risk, Significant Risk, Suspicious, and Regular. The reputation Score Range column displays the reputation score range that applies to each classification. The ranges are as follows: Unclassified is 0-10. Critical Risk is 11-30. Severe Risk is 31-50. Significant Risk is 51-60. Suspicious is 61-65. Regular is 66-100. The Enforcement Action column shows the drop list of the enforcement actions that you can select. In this screen capture, the list is static, showing only one of the selections. The Description column shows both the embedded description and the i Help icon that you can click for more information.

You cannot change the names of the Call Classifications, the Reputation Score Ranges, or the names of Enforcement Actions, but you can change the Enforcement Action that you want from the drop-down list.

This screen capture shows the Enforcement Actions drop-down list, which displays the only possible actions. The actions are Allow Call, Block Call, and Redirect Call.

Note:

When you change an Enforcement Action, the Save button in the upper right corner of the page becomes active. After you click Save, please allow several minutes for your changes to take effect.

When you choose Redirect Call, the Web GUI displays the required Redirect Calls To field where you enter the destination number for all calls of the classification type. You must enter the redirect number with 1-15 digits or in E.164 format.

This screen capture shows the field where you enter the E.164 or 15 digit number that you want to redirect all calls to for the particular classification type.

The Descriptions column contains icons that you can click to see detailed information about the criteria used to define a call for the particular classification. See Premium Reputation Score Call Classification Criteria.

Premium Reputation Score Call Classification Criteria

On the Oracle® Communications Security Shield (OCSS) Web GUI, the Reputation Score Classification page displays high-level descriptions of the classifications. You can see more detailed information about the criteria used to define each classification by clicking the information icons in the Description column.

Acceptable

OCSS successfully validated the caller's identity and classified the call as Acceptable, due to insufficient risk indicators either positive or negative.

Note:

The Acceptable description contains no information icon.

Critical Risk

OCSS successfully validated the caller's identity and classified the call as Critical Risk, due to very high risk activity.

This screen capture shows the criteria used to classify a call as critical risk.

Severe Risk

OCSS successfully validated the caller's identity and classified the call as Severe Risk, due to high risk activity.

This screen capture shows the criteria used to define a call as Severe Risk.

Significant Risk

OCSS successfully validated the caller's identity and classified the call as Significant Risk, due to medium risk activity.

This screen capture shows the criteria used to define a call as Significant Risk.

Suspicious

OCSS successfully validated the caller's identity and classified the call as Suspicious, due to medium-low risk activity.

This screen capture shows the criteria used to define a call as Suspicious.

Good

OCSS successfully validated the caller's identity and classified the call as Good, due to significant confidence-building activity.

This screen capture shows the criteria used to define a call as regular.

Standard Subscription Reputation Score Classifications

You can obtain either the Standard subscription or the Premium subscription to the Oracle® Communications Security Shield (OCSS ) service. Classifications for reputation scoring differ between the two, which affects what the Web GUI displays on the Dashboard and on the Reputation Score Classifications page.

The following screen capture shows the Standard Call Classifications, Reputation Score Ranges, Enforcement Actions, Descriptions, and the color coding that OCSS uses for the classifications throughout the Web GUI.

This screen capture shows the list of call classifications that OCSSC displays for standard subscribers. The multi-colored banner across the top lists the classification names. From left to right, they are Unclassified, High Risk, Suspicious, and Regular. The table header displays the following column headers from left to right: Call Classification, Reputation Score Range, Enforcement Action, and Description. The Call Classification column displays the following classifications from top to bottom: Unclassified, High Risk, Suspicious, and Regular. The reputation Score Range column displays the reputation score range that applies to each classification. The ranges are as follows: Unclassified is 0-10. High Risk is 11-50. Suspicious is 51-75. Regular is 76-100. The Enforcement Action column shows the drop list of the enforcement actions that you can select. In this screen capture, the list is static, showing only one of the selections. The Description column explains the criteria for each classification.

You cannot change the names of the Call Classifications, the Reputation Score Ranges, or the names of Enforcement Actions, but you can change the Enforcement Action from the drop-down list.

This screen capture shows the Enforcement Actions drop-down list, which displays the only possible actions. The actions are Allow Call, Block Call, and Redirect Call.

Note:

When you change an Enforcement Action, the Save button in the upper right corner of the page becomes active. After you click Save, please allow several minutes for your changes to take effect.

When you choose Redirect Call, the Web GUI displays the required Redirect Calls To field where you enter the destination number for all calls of the classification type. You must enter the redirect number with 1-15 digits or in E.164 format.

This screen capture shows the field where you enter the E.164 or 15 digit number that you want to redirect all calls to for the particular classification type.

See Standard Reputation Score Call Classification Criteria.

Standard Reputation Score Call Classification Criteria

On the Web GUI, the Reputation Score Classification page displays high-level descriptions of the classifications. The following descriptions provide more information about the criteria the Oracle® Communications Security Shield (OCSS ) service uses to determine call classifications.

High Risk Call Classification

This screen capture describes the activity, successful calls, call duration, tenure, number types, time bucket, and associated threats factors that go into classifying a call as high risk.

Suspicious Call Classification

This screen capture describes the activity, successful calls, call duration, and tenure factors that go into classifying a call as suspicious.

Good Call Classification

This screen capture describes the activity, successful calls, call duration, and tenure factors that go into classifying a call as regular.

Configuration Wizard

To help you set the configuration with minimal effort, the Oracle® Communications Security Shield ( OCSS ) service provides a configuration Wizard. The Wizard asks you questions and uses your answers to set various parameters for managing and securing call traffic. You can use the Wizard for the initial set up as well as for subsequent changes that you want to make.

The following screen capture shows the Configuration Wizard landing page.

This screen capture shows the Configuration Wizard landing page. See the Configuration Wizard chapter for more information.

The Configuration Wizard requires a separate chapter in this guide.

See The OCSS Configuration Wizard.