Routing calls through Communication Manager with Call Vectoring can raise some security issues. A VDN has a COR. Calls processed by the vector carry the permissions and restrictions associated with the COR of the VDN.

For example, if a vector in Communication Manager is written to collect digits and then to route to the digits dialed, the restrictions on what calls can be placed are determined by the COR of the latest VDN. Also, checks can be made on the digits that are dialed, using goto if digits vector commands. For example, goto if digits = 123 to disallow routing to undesired destinations. The collect digits step can also be limited to collect only the number of digits required, for example, only collecting five digits for internal dialing.

An incoming caller can access Trunk Access Codes, some FACs, and most other sets of dialed digits. To deny incoming callers access to outgoing facility paths, configure the COR of the VDN to deny outgoing access. The configuration must include the following:

• Lowering the Facility Restriction Level (FRL) in the COR to the lowest acceptable value. FRL=0 provides the most restricted access to network routing preferences.

• Assigning a Calling Party Restriction of Toll or Outward denying Facility Test Call capability.

• Blocking access to specific CORs assigned to outgoing trunk groups using the Calling Permissions section of the Class Of Restriction screen.

Review the CORs assigned to the VDNs. If not restricted, assign restrictions on the VDN or use goto tests on the digits to prevent callers from exiting the system using the vector.