Security Risks Associated With The Remote Access Feature - Lucent Technologies MERLIN LEGEND Release 5.0 System Planning Manual

MERLIN LEGEND Communications System Release 5.0
System Planning 555-650-112
A Customer Support Information
Toll Fraud Prevention
Preventive Measures
Take the following preventive measures to limit the risk of unauthorized use of the
Automated Attendant feature by hackers:
Do not use Automated Attendant prompts for Automatic Route Selection
(ARS) Codes or Pooled Facility Codes.
Assign all unused Automated Attendant Selector Codes to zero, so that
attempts to dial these are routed to the system attendant.
If Remote Call Forwarding (RCF) is required, MERLIN LEGEND
Communications System owners should coordinate with their Lucent
Technologies Account Team or authorized dealer to verify the type of
central office facility used for RCF. If it is a ground-start line/trunk, or if it is
a loop-start line/trunk and central office reliable disconnect can be ensured,
then nothing else needs to be done.
NOTE:
In most cases these are loop-start lines/trunks without reliable disconnect.
The local telephone company must be involved in order to change the
facilities used for RCF to ground start lines/trunks. Usually a charge applies
for this change. Also, hardware and software changes may be necessary in
the MERLIN LEGEND Communications System. The MERLIN MAIL
MERLIN and MERLIN LEGEND MAIL Automated Attendant feature
merely accesses the RCF feature in the MERLIN LEGEND
Communications System. Without these changes being made, this feature
is highly susceptible to toll fraud. These same preventive measures must
be taken if the RCF feature is active for MERLIN LEGEND
Communications System extensions whether or not it is accessed by an
Automated Attendant menu.
Security Risks Associated with the Remote
Access Feature
Remote Access allows the MERLIN LEGEND Communications System owner to
access the system from a remote telephone and make an outgoing call or perform
system administration, using the network facilities (lines/trunks) connected to the
MERLIN LEGEND Communications System. Hackers, scanning the public
switched network by randomly dialing numbers with war dialers (a device that
randomly dials telephone numbers, including 800 numbers, until a modem or dial
tone is obtained), can find this feature, which will return a dial tone to them. They
can even employ war dialers to attempt to discover barrier codes.
1
1
Issue 1
June 1997
Page A-15