■Make sure subscribers change the initial password the first time they log in to the AUDIX system by making the initial password shorter than the minimum password length.
■Use the password aging feature so that users must change their passwords monthly.
■Discourage the practice of writing down passwords, storing them, or sharing them with others.
■Restrict the use of outcalling to personnel who actually need it.
■Restrict the number of digits that can be used for outcalling to seven or ten if possible. (Outcalling to pagers may require more.)
■Inform all system operators that they are not to dial outside calls. Request that operators report all attempts to bypass switch restrictions to the telecommunications department for repairs or to the corporate security office for investigation.
■Inform subscribers that programming passwords onto
■Inform employees on how to report suspected toll fraud to the corporate security office.
■Monitor call detail recording (SMDR) reports, call traffic reports, AUDIX traffic reports, and other available reports regularly.
Automated Attendant System Security
Automated attendants are used by many companies to augment or replace a switchboard operator. When an automated attendant answers, the caller is generally given several options that are appropriate to the company’s business.
■there may be other unstated options such as a code for dial tone or a code for transfers that allow criminals to access unanticipated parts of the telecommunications system
■* , 7 ( * , T ) will cause a transfer from the automated attendant to the voice messaging service
■even anticipated transfers may cause problems if they are not well thought out
■naive operators may dial an outside call for someone who has dialed 0 and complains of trouble making a call.
In some automated attendant systems, option
9
is to access dial tone.
