Make sure secure passwords exist for all logins using which System Administration or Maintenance can access the system. Change the passwords frequently.
Set logoff notification and forced password aging when administering logins. You must assign passwords for these logins at setup time.
Establish well-controlled procedures for resetting passwords.
Prevent voice mail system transfer to dial tone
Activate secure transfer features in voice mail systems.
Place appropriate restrictions on voice mail access/egress ports.
Limit the number of invalid attempts to access a voice mail to five or less.
Deny unauthorized users direct inward system access (screen)
If you are not using the Remote Access features, deactivate or disable them.
If you are using Remote Access, require the use of barrier codes and/or authorization codes set for maximum length. Change the codes frequently.
It is your responsibility to keep your own records regarding who is allowed to use which authorization code.
Place protection on systems that prompt callers to input digits
Prevent callers from dialing unintended digit combinations at prompts.
Restrict auto attendants and call vectors from allowing access to dial tone.
Use system software to intelligently control call routing
Create Automatic Route Selection or World Class Routing patterns to control how each call is to be handled.
Use Time of Day routing capabilities to limit facilities available on nights and weekends.
Deny all end-points the ability to directly access outgoing trunks.
Block access to international calling capability
When international access is required, establish permission groups.
Limit access to only the specific destinations required for business.
Protect access to information stored as voice
Password restrict access to voice mail mailboxes.
Use non-trivial passwords and change passwords regularly.
Provide physical security for telecommunications assets
Restrict unauthorized access to equipment rooms and wire connection closets.
Protect system documentation and reports data from being compromised.
Monitor traffic and system activity for abnormal patterns
Activate features that turn off access in response to unauthorized access attempts.
Use Traffic and Call Detail reports to monitor call activity levels.
Educate system users to recognize toll fraud activity and react appropriately
From safely using calling cards to securing voice mailbox password, train your users on how to protect themselves from inadvertent compromises to the system’s security.
Monitor access to the dialup maintenance port.
Change the access password regularly and issue it only to authorized personnel. Consider activating Enhanced Access Security Gateway. For more information, see Enhanced Access Security Gateway in Avaya Aura® Communication Manager Feature Description and Implementation.
Create a system-management policy concerning employee turnover and include these actions:
Delete any unused voice mailboxes in the voice mail system.
Immediately delete any voice mailboxes belonging to a terminated employee.
Immediately remove the authorization code if a terminated employee had screen calling privileges and a personal authorization code.
Immediately change barrier codes and/or authorization codes shared by a terminated employee.
Notify the remaining users of the change.
Remove a terminated employee’s login ID if they had access to the system administration interface.
Change any associated passwords immediately.
Back up system files regularly to ensure a timely recovery.
Schedule regular, off-site backups.
Callers misrepresenting themselves as the telephone company,AT&T,RBOCS, or even known employees within your company might claim to be testing the lines and ask to be transferred to 900,90, or ask the attendant to do start 9 release. This transfer reaches an outside operator, using which the unauthorized caller can place a long distance or international call.
Instruct your users to never transfer these calls. Do not assume, that if trunk to trunk transfer is blocked, this cannot happen.
Hackers run random generator Personal Computer programs to detect dial tone. Then they revisit those lines to break barrier codes and/or authorization codes to make fraudulent calls or resell their services. They do this using your telephone lines to incur the cost of the call. Frequently these call or sell operations are conducted at public pay telephones located in subways, shopping malls, or airport locations. See Security Violations Notification setup to prevent this happening to your company.
