MERLIN LEGEND Communications System Release 6.1

Issue 1

Network Reference 555-661-150

August 1998

A Customer Support Information

 

 

Toll Fraud Prevention

Page A-11

 

 

 

 

Physical Security, Social Engineering, and

 

 

General Security Measures

1

 

 

 

Criminals called hackers may attempt to gain unauthorized access to your communications system and voice messaging system in order to use the system features. Hackers often attempt to trick employees into providing them with access to a network facility (line/trunk) or a network operator. This is referred to as social engineering. Hackers may pose as telephone company employees and employees of Lucent Technologies or your authorized dealer. Hackers will go through a company’s trash to find directories, dialing instructions, and other information that will enable them to break into the system. The more knowledgeable they appear to be about the employee names, departments, telephone numbers, and the internal procedures of your company, the more likely it is that they will be able to trick an employee into helping them.

Preventive Measures

1

Take the following preventive measures to limit the risk of unauthorized access by hackers:

Provide good physical security for the room containing your telecommunications equipment and the room with administrative tools, records, and system manager information. These areas should be locked when not attended.

Provide a secure trash disposal for all sensitive information, including telephone directories, call accounting records, or anything that may supply information about your communications system. This trash should be shredded.

Educate employees that hackers may try to trick them into providing them with dial tone or dialing a number for them. All reports of trouble, requests for moving extensions, or any other administrative details associated with the MERLIN LEGEND Communications System should be handled by one person (the system manager) or within a specified department. Anyone claiming to be a telephone company representative should be referred to this person or department.

No one outside of Lucent Technologies needs to use the MERLIN LEGEND Communications System to test facilities (lines/trunks). If a caller identifies him- or herself as a Lucent Technologies employee, the system manager should ask for a telephone number where the caller can be reached. The system manager should be able to recognize the number as a Lucent Technologies telephone number. Before connecting the caller to the administrative port of the MERLIN LEGEND Communications System, the system manager should feel comfortable that a good reason to do so exists. In any event, it is not advisable to give anyone access to network facilities or operators, or to dial a number at the request of the caller.

Any time a call appears to be suspicious, call the Lucent Technologies BCS

Fraud Intervention Center at 1 800 628-2888 (fraud intervention for System 25, PARTNER®and MERLIN systems).

Page 271
Image 271
Lucent Technologies 555-661-150 manual Preventive Measures