Lucent Technologies MERLIN LEGEND Release 5.0 System Planning Manual page 272

MERLIN LEGEND Communications System Release 5.0
System Planning 555-650-112
A Customer Support Information
Security of Your System: Preventing Toll Fraud
To minimize the risk of unauthorized access to your communications system:
Use an unpublished Remote Access number.
Assign access codes randomly to users on a need-to-have basis, keeping
a log of all authorized users and assigning one code to one person.
Use random-sequence access codes, which are less likely to be easily
broken.
Use the longest-length access codes the system will allow.
Deactivate all unassigned codes promptly.
Ensure that Remote Access users are aware of their responsibility to keep
the telephone number and any access codes secure.
When possible, restrict the off-network capability of off-premises callers,
using calling restrictions, Facility Restriction Levels (Hybrid/PBX mode
only), and Disallowed List capabilities. In Release 3.1 and later systems, a
prepared Disallowed List (number 7) is provided and is designed to prevent
the types of calls that toll-fraud abusers often make.
When possible, block out-of-hours calling.
Frequently monitor system call detail reports for quicker detection of any
unauthorized or abnormal calling patterns.
Limit Remote Call Forwarding to persons on a need-to-have basis.
Change access codes every 90 days.
Use the longest-length barrier codes possible, following the guidelines for
passwords. (See ''Choosing Passwords''.)
Issue 1
June 1997
Page A-10