
MERLIN LEGENDCommunications System Release 6.1 | Issue 1 |
System Planning | August 1998 |
|
|
ACustomer Support Information
Toll Fraud Prevention | Page |
■Customers should also take advantage of Lucent Technologies monitoring services and devices, such as the NetPROTECTSM family of
Security Risks Associated with Transferring | 1 |
through Voice Messaging Systems |
Toll fraud hackers try to dial into a voice mailbox and then execute a transfer by dialing7. The hacker then dials an access code (either for Automatic Route Selection or a pooled facility code) followed by the appropriate digit string to either direct dial or access a network operator to complete the call.
NOTE:
In Release 3.1 and later systems, all extensions are initially and by default restricted from dial access to pools. In order for an extension to use a pool to access an outside line/trunk, this restriction must be removed.
Preventive Measures | 1 |
Take the following preventive measures to limit the risk of unauthorized transfers by hackers:
■Outward restrict all MERLIN LEGEND Communications System voice mail port extension numbers. This denies access to facilities (lines/trunks). In Release 3.1 and later systems, voice mail ports are by default outward restricted.
■As an additional security step, network dialing for all extensions, including voice mail port extensions, should be processed through ARS using dial access code.
!SECURITYlALERT:
The MERLIN LEGEND Communications System ships with ARS activated with all extensions set to FRL 3, allowing all international calling. To prevent toll fraud, ARS FRLs should be established using:
■FRL 0 for restriction to internal dialing only
■FRL 2 for restriction to local network calling only
■FRL 3 for restriction to domestic
■FRL 4 for international calling