MERLIN LEGEND Communications System Release 6.0
System Programming
555-660-111 Issue 1
February 1998
Customer Support Information
PageA-18Other Security Hints
A
Establishing a Policy 1
As a safeguard against toll fraud, follow these guidelines for your MERLIN
LEGEND Communications System and voice messaging system:
Change passwords frequently (at least quarterly). Changing passwords
routinely on a specific date (such as the first of the month) helps users to
remember to do so.
Always use the longest-length password allowed.
Establish well-controlled procedures for resetting passwords.
Limit the number of invalid attempts to access a voice mailbox to five or
less.
Monitor access to the MERLIN LEGEND dial-up maintenance port.
Change the access password regularly and issue it only to authorized
personnel. Disconnect the maintenance port when not in use. (However,
this eliminates Lucent Technologies 24-hour maintenance surveillance
capability and may result in additional maintenance costs.)
Create a communications system management policy concerning
employee turnover and include these suggestions:
—Delete all unused voice mailboxes in the voice mail system.
—If a terminated employee had Remote Access calling privileges and a
personal authorization code, remove the authorization code
immediately.
—If barrier codes and/or authorization codes were shared by the
terminated employee, these should be changed immediately.
Regularly back up your MERLIN LEGEND system files to ensure a timely
recovery should it be required. Schedule regular, off-site backups.
Keep the Remote Maintenance Device turned off when not in use by
Lucent Technologies or your authorized dealer.
Limit transfers to registered subscribers only.
Use the Security Violations Notification options (Mailbox Lock or Warning
Message) to alert you of any mailbox break-in attempts. Investigate all
incidents.
Review security policies and procedures and keep them up to date.