AT&T MERLIN LEGEND Release 4.0 Feature Reference page 446

Feature Reference
the appropriate steps to properly implement the features, evaluate and
administer the various restriction levels, protect access codes, and
distribute access codes only to individuals who have been fully advised of
the sensitive nature of the access information.
Common carriers are required by law to collect their tariffed charges.
While these charges are fraudulent charges made by persons with
criminal intent, applicable tariffs state that the customer of record is
responsible for payment of all long-distance or other network charges.
AT&T cannot be responsible for such charges and will not make any
allowance or give any credit for charges that result from unauthorized
access.
To minimize the risk of unauthorized access to your communications
system:
Use a nonpublished Remote Access number.
Assign barrier codes randomly to users on a need-to-have basis,
keeping a log of ALL authorized users and assigning one code to one
person.
Use random sequence barrier codes, which are less likely to be easily
broken.
Deactivate all unassigned codes promptly.
Ensure that remote access users are aware of their responsibility to
keep the telephone number and any barrier codes secure.
When possible, restrict the off-network capability of off-premises
callers, through use of Call Restrictions and Disallowed List
capabilities.
When possible, block out-of-hours calling.
Frequently monitor system call detail reports for quicker detection of
any unauthorized or abnormal calling patterns.
Limit Remote Call Forward to persons on a need-to-have basis.
446
Programming