Filter
Top Products
Issue 2.0 December 1995 A-5
Security Tips
To help prevent toll fraud at the automated attendant, follow these guidelines:
■ Do not allow transfers to inside or outside dial tone.
■ Restrict transfers to subscribers only.
■ Inform all system operators that they are not to dial outside calls. Request
that operators report all attempts to bypass switch restrictions to the
telecommunications department for repairs or to the corporate security
office for investigation.
■ Inform employees on how to report suspected toll fraud to the System
Administrator.
■ Monitor call detail recording (SMDR) reports, call traffic reports, AUDIX
traffic reports, and other available reports regularly.
Subscriber Password Guidelines
To minimize the risk of unauthorized persons accessing subscriber mailboxes
and using them for toll fraud, inform all subscribers of these guidelines and
request that they follow these guidelines for voice messaging system
passwords.
■ Mailbox passwords are required.
■ Require that passwords be as long as feasible, with a minimum of five
digits, and a length that is at least one digit longer than the maximum
extension length.
■ Subscribers must change the initial password the first time they log in to
the voice messaging system. To ensure this, the initial password should
have fewer digits than the minimum password length.
■ Never have greetings that state you will accept third party billed calls. A
greeting like this allows unauthorized individuals to charge calls to your
company. If a subscriber calls somebody within the company and
receives a greeting like this, they should point out the vulnerability to the
person and recommend that they change the greeting immediately.
■ Never use obvious or trivial passwords such as your phone extension,
room number, employee identification number, social security number, or
the birthday of any family member. Also avoid easily guessed numeric
combinations such as , , , and , , , (geometric pattern
on the dial), , , , , , (repeated digits), and , , , , ,
, , (“password” spelled out on the dial).
■ Passwords should not be written down, stored, or shared with others.
1 3 9 7 2 4 8 6
9 9 9 9 9 9 7 2 7 7 9
6 7 3