AT&T MERLIN LEGEND Release 3.1 System Planning Manual page 268
Communications system
Hide thumbs
Also See for MERLIN LEGEND Release 3.1:
- System programming manual (887 pages) ,
- Maintenance and troubleshooting manual (426 pages) ,
- System manager's manual (423 pages)
Table of Contents
Advertisement
Customer Support Information
Additional general security for voice messaging systems:
n
Use a secure password for the General Mailboxes.
n
The default administration mailbox, 9997, must be reassigned to the
system manager's mailbox/extension number and securely password
protected.
n
All voice messaging system users must use secure passwords known
only to the user.
Security Risks Associated with the Automated
Attendant Feature of voice messaging systems
Two areas of toll fraud risk associated with the Automated Attendant feature of
voice messaging systems are the following:
n
Pooled facility (line/trunk) access codes are translated to a menu prompt
to allow Remote Access. If a hacker finds this prompt, the hacker has
immediate access. (In Release 3.1 and later systems, dial access to
pools is initially factory-set to restrict all extensions: to allow pool access,
this restriction must be removed by the system manager.
n
If the Automated Attendant prompts callers to use Remote Call
Forwarding (RCF) to reach an outside telephone number, the system may
be susceptible to toll fraud. An example of this application is a menu or
Submenu that says, "To reach our answering service, select prompt
number 5," and transfers a caller to an external telephone number.
Remote Call Forwarding can only be used securely when the central
office provides "reliable disconnect" (sometimes referred to as forward
disconnect or disconnect supervision), which guarantees that the central
office will not return a dial tone after the called party hangs up. In most
cases, the central office facility is a loop-start line/trunk which does not
provide reliable disconnect. When loop-start lines/trunks are used, if the
calling party stays on the line, the central office will return a dial tone at
the conclusion of the call, enabling the caller to place another call as if it
were being placed from your company. Ground-start trunks provide
reliable disconnect and should be used whenever possible.
Preventive Measures
Take the following preventive measures to limit the risk of unauthorized use of
the Automated Attendant feature by hackers:
n
Do not use Automated Attendant prompts for Automatic Route Selection
(ARS) Codes or Pooled Facility Codes.
n
Assign all unused Automated Attendant Selector Codes to zero, so that
attempts to dial these will be routed to the system attendant.
A–14
System Planning
Advertisement
Chapters
Table of Contents
