Filter
Top Products
Issue 2.0 December 1995 A-3
Voice Messaging System Security
Voice messaging systems have two areas of weakness:
■ codes that transfer to inside or outside dial tone
■ mailboxes that can be used as message drops
Once thieves transfer to inside dial tone, they have access to any unprotected
switch features. Preventing this type of abuse requires security at both the switch
and at the voice messaging system.
Once thieves break into a mailbox, they can use it as a message drop for
untraceable calls or for illegal activities. If you have 800 lines that can connect to
your voice messaging system, they can pass stolen information around at your
expense using your 800 lines. If you have user administrable outcalling, they can
pass stolen information around at your expense automatically. Preventing this
type of abuse requires security at the voice messaging system and on the part of
your subscribers.
■ Cellular phones can be monitored. If a subscriber enters a mailbox
number and a password on a cellular phone, the mailbox number and the
password will be known to anyone listening.
■ To break a password, every word in a computerized 100,000
word-processor spelling checker or dictionary can be tried in just a few
minutes. In a slightly longer time, every digit combination from 1 to
100,000 can be tried.
Security Tips
To help prevent toll fraud at the voice messaging system, follow these guidelines:
■ Do not create voice mailboxes before they are needed.
■ Deactivate unassigned mailboxes. When an employee leaves the
company, close or reassign the mailbox.
■ Do not have permanent “guest” mailboxes (mailboxes without a physical
extension that are loaned to outsiders for the duration of a project). If you
need a guest mailbox, assign it when it is needed and deactivate or
change its password immediately after it is no longer needed. Do not
reassign a guest mailbox without changing the password.
■ Lock out multiple unsuccessful attempts to enter a voice mailbox on a
single call. (Allow no more than two or three attempts on the same call.)
■ Do not use default initial passwords that follow any scheme. Have a list of
random passwords and select one when you create the mailbox. Require
that the mailbox owner personally appear at the corporate security office
or telecommunications office to obtain the initial password. Go over the
subscriber password guidelines with the subscriber when you give out the
initial password.