AT&T MERLIN LEGEND Release 3.1 Maintenance And Troubleshooting Manual page 265

Customer Support Information
NOTE:
In most cases these will be loop-start lines/trunks without reliable
disconnect. The local telephone company will need to be involved to
change the facilities used for RCF to ground start lines/trunks. Usually a
charge applies for this change. Also, hardware and software changes
may need to be made in the MERLIN LEGEND system. The MERLIN
MAIL Automated Attendant feature merely accesses the RCF feature in
the MERLIN LEGEND system. Without these changes being made, this
feature is highly susceptible to toll fraud. These same preventive
measures must be taken if the RCF feature is active for MERLIN
LEGEND system extensions whether or not it is accessed by an
Automated Attendant menu.
Security Risks Associated with the Remote
Access Feature
Remote Access allows the MERLIN LEGEND Communications System
owner to access the system from a remote telephone and make an
outgoing call or perform system administration, using the network facilities
(lines/trunks) connected to the MERLIN LEGEND system. Hackers,
scanning the public switched network by randomly dialing numbers with
war dialers (a device that randomly dials telephone numbers, including
800 numbers, until a modem or dial tone is obtained), can find this feature,
which will return a dial tone to them. They can even employ war dialers to
attempt to discover barrier codes.
Preventive Measures
Take the following preventive measures to limit the risk of unauthorized use
of the MERLIN LEGEND Communications System Remote Access feature
by hackers:
n
The Remote Access feature can be abused by criminal toll fraud
hackers, if it is not properly administered. Therefore, this feature
should not be used unless there is a strong business need.
Maintenance and Troubleshooting
A–21