System Administrator’s Responsibilities

Hackers may pose as telephone company employees or employees of AT&T, Lucent Technologies, or your local authorized dealer. Hackers will go through a company’s trash to find directories, dialing instructions, and other information that will enable them to break into the system. The more knowledgeable they appear to be about employee names, departments, telephone numbers, and the internal procedures of your company, the more likely it is that they will be able to trick an employee into helping them.

Hackers concentrate their activities in two areas related to the mail system:

They try to dial into a mailbox, then execute a transfer by dialing [ ] [ T ]. Then they dial an access code, followed by a digit string to either direct dial or access a network operator to complete the call.

They try to locate unused or unprotected mailboxes and use them as drop-off points for their own messages.

Preventative Measures

The following measures should be taken on the communications system side to limit the risk of unauthorized activity by hackers:

All lines should be removed from the Remote Maintenance Device using Line Assignment (#301).

If Outcalling is not permitted, the extensions connected to the mail system unit and the Remote Maintenance Device should be restricted to Inside Only using Outgoing Call Restriction (#401). This denies access to outside lines.

If Outcalling is permitted, Outgoing Call Restriction should be used with Allowed and Disallowed Lists to meet the needs of the business while maintaining the security of the system.

Security Alert:

Outcalling introduces the risk of toll fraud abuse. Outgoing Call Restriction, Allowed Lists, and Disallowed Lists can reduce the risk. Extensions connected to the mail system ports should be restricted as much as the needs of the business allow.

For the extensions connected to port 1 on a two-port system, ports 1, 2, and 3 on a four-port system, or ports 1 through 4 on a six-port system, Outgoing Call Restriction should be set to Inside Only.

Introduction 1-11

Page 22
Image 22
AT&T 3 manual Preventative Measures