AT&T MERLIN LEGEND Release 3.1 System Manager's Manual page 360

Customer Support Information
Choosing Passwords
Passwords should be the maximum length allowed by the system.
Passwords should be hard to guess and should not contain:
n
All the same numbers (for example, 1111, 666666)
n
Sequential characters (for example 123456)
n
Numbers that can be associated with you or your business, such as your
name, birthday, business name, business address, telephone number, or
social security number.
n
Words and commonly used names.
Passwords should be changed regularly, at least on a quarterly basis.
Recycling old passwords is not recommended. Never program passwords (or
authorization codes or barrier codes) onto a speed dial button.
Physical Security
You should always limit access to the system console (or attendant console)
and supporting documentation. The following are some recommendations:
n
Keep the system console and supporting documentation in an office that
is secured with a changeable combination lock. Provide the combination
only to those individuals having a real need to enter the office.
n
Keep telephone wiring closets and equipment rooms locked.
n
Keep telephone logs and printed reports in locations that only authorized
personnel can enter.
n
Design distributed reports so they do not reveal password or trunk
access code information.
n
Keep the voice messaging system Remote Maintenance Device turned
off.
Limiting Outcalling
When Outcalling is used to contact subscribers who are off-site, use the
MERLIN LEGEND Communications System Allowed Lists and Disallowed Lists
or Automatic Route Selection features to minimize toll fraud.
System Manager's Guide
A–19