Filter
Top Products
System Administrator’s Responsibilities
Hackers may pose as telephone company employees or employees of AT&T,
Lucent Technologies, or your local authorized dealer. Hackers will go through a
company’s trash to find directories, dialing instructions, and other information
that will enable them to break into the system. The more knowledgeable they
appear to be about employee names, departments, telephone numbers, and
the internal procedures of your company, the more likely it is that they will be
able to trick an employee into helping them.
Hackers concentrate their activities in two areas related to the mail system:
■
They try to dial into a mailbox, then execute a transfer by dialing [
★
] [
T
].
Then they dial an access code, followed by a digit string to either direct
dial or access a network operator to complete the call.
■
They try to locate unused or unprotected mailboxes and use them as
drop-off points for their own messages.
Preventative Measures
The following measures should be taken on the communications system side to
limit the risk of unauthorized activity by hackers:
■
■
■
All lines should be removed from the Remote Maintenance Device using
Line Assignment (#301).
If Outcalling is not permitted, the extensions connected to the mail
system unit and the Remote Maintenance Device should be restricted to
Inside Only using Outgoing Call Restriction (#401). This denies access to
outside lines.
If Outcalling is permitted, Outgoing Call Restriction should be used with
Allowed and Disallowed Lists to meet the needs of the business while
maintaining the security of the system.
Security Alert:
Outcalling introduces the risk of toll fraud abuse. Outgoing Call
Restriction, Allowed Lists, and Disallowed Lists can reduce the risk.
Extensions connected to the mail system ports should be restricted
as much as the needs of the business allow.
For the extensions connected to port 1 on a two-port system, ports 1, 2,
and 3 on a four-port system, or ports 1 through 4 on a six-port system,
Outgoing Call Restriction should be set to Inside Only.
Introduction
1-11