MERLIN LEGEND Communications System Release 6.1
Network Reference
555-661-150
Issue 1
August 1998
Customer Support Information
Page A-19Other Security Hints
A
Choosing Passwords 1
Passwords should be the maximum length allowed by the system.
Passwords should be hard to guess and should
not
contain:
■ All the same numbers (for example, 1111, 666666)
■ Sequential characters (for example 123456)
■ Numbers that can be associated with you or your business, such as your
name, birthday, business name, business address, telephone number, or
social security number
■ Words and commonly used names
Passwords should be changed regularly, at least on a quarterly basis. Recycling
old passwords is not recommended. Never program passwords (or authorization
codes or barrier codes) onto a speed dial button.
Physical Security 1
You should always limit access to the system console (or attendant console) and
supporting documentation. The following are some recommendations:
■ Keep the system console and supporting documentation in an office that is
secured with a changeable combination lock. Provide the combination only
to those individuals having a real need to enter the office.
■ Keep telephone wiring closets and equipment rooms locked.
■ Keep telephone logs and printed reports in locations that only authorized
personnel can enter.
■ Design distributed reports so they do not reveal password or trunk access
code information.
■ Keep the voice messaging system Remote Maintenance Device turned off.
Limiting Outcalling 1
When Outcalling is used to contact subscribers who are off-site, use the MERLIN
LEGEND Communications System Allowed Lists and Disallowed Lists or ARS
features to minimize toll fraud.
If the Outcalling feature will not be used, outward restrict all voice messaging
system ports. If Outcalling will be used, ports not used for Outcalling should be
Outward Restricted (for MERLIN MAIL Voice Messaging Systems, port 2 on a 2-
port system, port 4 on a 4-port system, ports 5 and 6 on a 6-port system; for
MERLIN LEGEND MAIL Voice Messaging Systems, port 7 of the system’s
module). Use Outward Restriction, Toll Restrictions, Allowed Lists, Disallowed
Lists and Facility Restrictions Levels, as appropriate, to minimize the possibility of
toll fraud.