AT&T Network Adapter 25 Installation And Maintenance Manual page 9

normally dialed from a telephone associated with the system. Such an off-
premises network call is originated at, and will be billed from, the system location.
The Remote Access feature, as designed, helps the customer, through proper
administration, to minimize the ability of unauthorized persons to gain access to
the network. Most commonly, phone numbers and codes are compromised
when overheard in a public location, through theft of a wallet or purse containing
access information, or through carelessness (writing codes on a piece of paper
and improperly discarding it). Additionally, hackers may use a computer to "dial"
an access code and then publish the information to other hackers. Enormous
charges can be run up quickly. It is the customer's responsibility to take the
appropriate steps to properly implement the features, evaluate and administer the
various restriction levels, protect access codes, and distribute access codes only
to individuals who have been fully advised of the sensitive nature of the access
information.
Common carriers are required by law to collect their tariffed charges. While
these charges are fraudulent charges made by persons with criminal intent,
applicable tariffs state that the customer of record is responsible for payment of
all long-distance or other network charges. AT&T cannot be responsible for such
charges and will not make any allowance or give any credit for charges that result
from unauthorized access.
To minimize the risk of unauthorized access to your communications system:
Use a nonpublished Remote Access number.
Assign authorization codes randomly to users on a "need-to-have"
basis, keeping a log of ALL authorized users and assigning one code
per person.
Use random sequence authorization codes, which are less likely to be
broken.
Deactivate all unassigned codes promptly.
Ensure that Remote Access users are aware of their responsibility to
keep the telephone numbers and any authorization codes secure.
When possible, restrict the off-network capability of off-premises callers,
via use of Call Restrictions and Disallowed List capabilities.