Lucent Technologies MERLIN LEGEND Release 5.0 Maintenance And Troubleshooting Manual page 293

MERLIN LEGEND Communications System Release 5.0
Maintenance and Troubleshooting 555-650-140
Customer Support Information
Toll Fraud Prevention
Security Risks Associated with Transferring
through voice messaging systems
Toll fraud hackers try to dial into a voice mailbox and then execute a transfer by
dialing . The hacker then dials an access code (either
Selection or a pooled facility code) followed by the appropriate digit string to either
direct dial or access a network operator to complete the call.
NOTE:
In Release 3.1 and later systems, all extensions are initially and by default
restricted from dial access to pools. In order for an extension to use a pool
to access an outside line/trunk, this restriction must be removed.
Preventive Measures
Take the following preventive measures to limit the risk of unauthorized transfers
by hackers:
Outward restrict all MERLIN LEGEND voice mail port extensions. This
denies access to facilities (lines/trunks). In Release 3.1 and later
systems, voice mail ports are by default outward restricted.
As an additional security step, network dialing for all extensions,
including voice mail port extensions, should be processed through ARS
using dial access code
vated with all extensions set to Facility Restriction Level 3, allowing all inter-
national calling. To
prevent toll fraud, ARS Facility Restriction Levels (FRLs) should be estab-
lished using:
Security Alert:
!
The MERLIN LEGEND system ships with ARS acti-
FRL 0 for restriction to internal dialing only
FRL 2 for restriction to local network calling only
.
Issue 1
June 1997
Page A-17
for Automatic Route