Avaya Communication Manager Administrator's Manual page 387

8. Provide physical security for telecommunications assets
Restrict unauthorized access to equipment rooms and wire connection closets.
Protect system documentation and reports data from being compromised.
9. Monitor traffic and system activity for abnormal patterns
Activate features that "turn off" access in response to unauthorized access attempts.
Use Traffic and Call Detail reports to monitor call activity levels.
10. Educate system users to recognize toll fraud activity and react appropriately
From safely using calling cards to securing voice mailbox password, train your users on
how to protect themselves from inadvertent compromises to the system's security.
11. Monitor access to the dial-up maintenance port. Change the access password regularly and
issue it only to authorized personnel. Consider activating Access Security Gateway. See
"Access Security Gateway" in Feature Description and Implementation for Avaya
Communication Manager, 555-245-205, for more information.
12. Create a system-management policy concerning employee turnover and include these
actions:
a. Delete any unused voice mailboxes in the voice mail system.
b. Immediately delete any voice mailboxes belonging to a terminated employee.
c. Immediately remove the authorization code if a terminated employee had screen calling
privileges and a personal authorization code.
d. Immediately change barrier codes and/or authorization codes shared by a terminated
employee. Notify the remaining users of the change.
e. Remove a terminated employee's login ID if they had access to the system
administration interface. Change any associated passwords immediately.
13. Back up system files regularly to ensure a timely recovery. Schedule regular, off-site
backups.
14. Callers misrepresenting themselves as the "telephone company," "AT&T," "RBOCS," or
even known employees within your company may claim to be testing the lines and ask to be
transferred to "900," "90," or ask the attendant to do "start 9 release." This transfer reaches
an outside operator, allowing the unauthorized caller to place a long distance or
international call. Instruct your users to never transfer these calls. Do not assume that if
"trunk to trunk transfer" is blocked this cannot happen.
Hackers run random generator PC programs to detect dial tone. Then they revisit those lines to
break barrier codes and/or authorization codes to make fraudulent calls or resell their services.
They do this using your telephone lines to incur the cost of the call. Frequently these call/sell
operations are conducted at public payphones located in subways, shopping malls, or airport
locations. See QSIG to DCS TSC Gateway
company.
on page 1337 to prevent this happening to your
Preventing Toll Fraud
Issue 1 June 2005 387