AT&T MERLIN LEGEND Release 3.1 System Manager's Manual page 352
Communications system
Hide thumbs
Also See for MERLIN LEGEND Release 3.1:
- System programming manual (887 pages) ,
- Maintenance and troubleshooting manual (426 pages) ,
- System planning manual (384 pages)
Table of Contents
Advertisement
Customer Support Information
Physical Security, Social Engineering, and
General Security Measures
Criminals called hackers may attempt to gain unauthorized access to your
communications system and voice messaging system in order to use the
system features. Hackers often attempt to trick employees into providing them
with access to a network facility (line/trunk) or a network operator. This is
referred to as social engineering. Hackers may pose as telephone company
employees and employees of AT&T or your authorized dealer. Hackers will go
through a company's trash to find directories, dialing instructions, and other
information that will enable them to break into the system. The more
knowledgeable they appear to be about the employee names, departments,
telephone numbers, and the internal procedures of your company, the more
likely it is that they will be able to trick an employee into helping them.
Preventive Measures
Take the following preventive measures to limit the risk of unauthorized access
by hackers:
n
Provide good physical security for the room containing your
telecommunications equipment and the room with administrative tools,
records, and system manager information. These areas should be locked
when not attended.
n
Provide a secure trash disposal for all sensitive information, including
telephone directories, call accounting records, or anything that may
supply information about your communications system. This trash should
be shredded.
n
Educate employees that hackers may try to trick them into providing
them with dial tone or dialing a number for them. All reports of trouble,
requests for moving extensions, or any other administrative details
associated with the MERLIN LEGEND Communications System should be
handled by one person (the system manager) or within a specified
department. Anyone claiming to be a telephone company representative
should be referred to this person or department.
n
No one outside of AT&T needs to use the MERLIN LEGEND
Communications System to test facilities (lines/trunks). If a caller
identifies him or herself as an AT&T employee, the system manager
should ask for a telephone number where the caller can be reached. The
system manager should be able to recognize the number as an AT&T
telephone number. Before connecting the caller to the administrative port
of the MERLIN LEGEND Communications System, the system manager
should feel comfortable that a good reason to do so exists . In any event,
it is not advisable to give anyone access to network facilities or
operators, or to dial a number at the request of the caller.
System Manager's Guide
A–11
Advertisement
Chapters
Table of Contents
