MERLIN LEGEND Communications System Release 6.0
System Programming
555-660-111 Issue 1
February 1998
Customer Support Information
PageA-16Other Security Hints
A
The maximum length should be used for each barrier code, and should be
changed periodically. Barrier codes, like passwords, should consist of a
random, hard-to-guess sequence of digits. While MERLIN LEGEND
Release 3.0 permits a barrier code of up to 11 digits, systems prior to
Release 3.0 permit barrier codes of up to only four digits.
If Remote Access is used, an upgrade to MERLIN LEGEND Communications
System Release 3.0 is encouraged to take advantage of the longer barrier code.
Other Security Hints 1
Make sure that the Automated Attendant Selector Codes do not permit outside
line selection.
Following are a number of measures and guidelines that can help you ensure the
security of your communications system and voice messaging system.
Multiple layers of security are always recommended to keep your system secure.

Educating Users 1

Everyone in your company who uses the telephone system is responsible for
system security. Users and attendants/operators need to be aware of how to
recognize and react to potential hacker activity. Informed people are more likely to
cooperate with security measures that often make the system less flexibl e and
more difficult t o use.
Never program passwords or authorization codes onto Auto Dial buttons.
Display telephones reveal the programmed numbers and internal abusers
can use the Auto Dial buttons to originate unauthorized calls.
Discourage the practice of writing down barrier codes or passwords. If a
barrier code or password needs to be written down, keep it in a secure
place and never discard it while it is active.
Operators or attendants should tell their system manager if they answer a
series of calls where there is silence on the other end or the caller hangs
up.
Users who are assigned voice mailboxes should frequently change
personal passwords and should not choose obvious passwords.
The system manager should advise users with special telephone privileges
(such as Remote Access, Outcalling, and Remote Call Forwarding) of the
potential risks and responsibilities.
Be suspicious of any caller who claims to be with the telephone company
and wants to check an outside line. Ask for a callback number, hang up and
confirm the caller’s identity.