Filter
Top Products
A-4 Issue 2.0 December 1995
■ Make sure subscribers change the initial password the first time they log
in to the AUDIX system by making the initial password shorter than the
minimum password length.
■ Use the password aging feature so that users must change their
passwords monthly.
■ Discourage the practice of writing down passwords, storing them, or
sharing them with others.
■ Restrict the use of outcalling to personnel who actually need it.
■ Restrict the number of digits that can be used for outcalling to seven or ten
if possible. (Outcalling to pagers may require more.)
■ Inform all system operators that they are not to dial outside calls. Request
that operators report all attempts to bypass switch restrictions to the
telecommunications department for repairs or to the corporate security
office for investigation.
■ Inform subscribers that programming passwords onto auto-dial buttons is
a breach of corporate security that will be recorded in their permanent
employee records.
■ Inform employees on how to report suspected toll fraud to the corporate
security office.
■ Monitor call detail recording (SMDR) reports, call traffic reports, AUDIX
traffic reports, and other available reports regularly.
Automated Attendant System Security
Automated attendants are used by many companies to augment or replace a
switchboard operator. When an automated attendant answers, the caller is
generally given several options that are appropriate to the company’s business.
■ there may be other unstated options such as a code for dial tone or a
code for transfers that allow criminals to access unanticipated parts of the
telecommunications system
■ , ( , ) will cause a transfer from the automated attendant to the
voice messaging service
■ even anticipated transfers may cause problems if they are not well thought
out
■ naive operators may dial an outside call for someone who has dialed 0
and complains of trouble making a call.
In some automated attendant systems, option is to access dial tone.
* 7 * T
9