MERLIN LEGEND Communications System Release 6.1
Network Reference
555-661-150
Issue 1
August 1998
Customer Support Information
Page A-18Other Security Hints
A
Establishing a Policy 1
As a safeguard against toll fraud, follow these guidelines for your MERLIN
LEGEND Communications System and voice messaging system:
■ Change passwords frequently (at least quarterly). Changing passwords
routinely on a specific date (such as the first of the month) helps users to
remember to do so.
■ Always use the longest-length password allowed.
■ Establish well-controlled procedures for resetting passwords.
■ Limit the number of invalid attempts to access a voice mailbox to five or
less.
■ Monitor access to the MERLIN LEGEND Communications System dial-up
maintenance port. Change the access password regularly and issue it only
to authorized personnel. Disconnect the maintenance port when not in use.
(However, this eliminates Lucent Technologies’ 24-hour maintenance
surveillance capability and may result in additional maintenance costs.)
■ Create a communications system management policy concerning
employee turnover and include these suggestions:
— Delete all unused voice mailboxes in the voice mail system.
— If a terminated employee had Remote Access calling privileges and a
personal authorization code, remove the authorization code
immediately.
— If barrier codes and/or authorization codes were shared by the
terminated employee, these should be changed immediately.
■ Regularly back up your MERLIN LEGEND Communications System files to
ensure a timely recovery should it be required. Schedule regular, off-site
backups.
■ Keep the Remote Maintenance Device turned off when not in use by
Lucent Technologies or your authorized dealer.
■ Limit transfers to registered subscribers only.
■ Use the Security Violations Notification options (Mailbox Lock or Warning
Message) to alert you of any mailbox break-in attempts. Investigate all
incidents.
■ Review security policies and procedures and keep them up to date.