Lucent Technologies MERLIN LEGEND Release 6.0 Maintenance And Troubleshooting Manual page 315

MERLIN LEGEND Communications System Release 6.0
Maintenance and Troubleshooting 555-660-140
Customer Support Information
Security of Your System: Preventing Toll Fraud
and distribute access codes only to individuals who have been fully advised of
the sensitive nature of the access information.
Common carriers are required by law to collect their tariffed charges. While
these charges are fraudulent charges made by persons with criminal intent,
applicable tariffs state that the customer of record is responsible for payment of
all long-distance or other network charges. Lucent Technologies cannot be
responsible for such charges and will not make any allowance or give any credit
for charges that result from unauthorized access.
To minimize the risk of unauthorized access to your communications system:
Use a nonpublished Remote Access number.
Assign access codes randomly to users on a need-to-have basis,
keeping a log of all authorized users and assigning one code to one
person.
Use random-sequence access codes, which are less likely to be easily
broken.
Use the longest-length access codes the system will allow.
Deactivate all unassigned codes promptly.
Ensure that Remote Access users are aware of their responsibility to
keep the telephone number and any access codes secure.
When possible, restrict the off-network capability of off-premises callers,
using calling restrictions, Facility Restriction Levels (Hybrid/PBX mode
only), and Disallowed List capabilities. In Release 3.1 and later systems,
a prepared Disallowed List (number 7) is provided and is designed to
prevent the types of calls that toll-fraud abusers often make.
When possible, block out-of-hours calling.
Frequently monitor system call detail reports for quicker detection of any
unauthorized or abnormal calling patterns.
Limit Remote Call Forwarding to persons on a need-to-have basis.
Change access codes every 90 days.
Issue 1
February 1998
Page A-11