MERLIN LEGENDCommunications System Release 6.1 | Issue 1 |
System Planning | August 1998 |
|
|
ACustomer Support Information
Toll Fraud Prevention | Page |
the MERLIN LEGEND Communications System. The MERLIN MAIL MERLIN and MERLIN LEGEND MAIL Automated Attendant feature merely accesses the RCF feature in the MERLIN LEGEND Communications System. Without these changes being made, this feature is highly susceptible to toll fraud. These same preventive measures must be taken if the RCF feature is active for MERLIN LEGEND Communications System extensions whether or not it is accessed by an Automated Attendant menu.
Security Risks Associated with the Remote |
|
Access Feature | 1 |
Remote Access allows the MERLIN LEGEND Communications System owner to access the system from a remote telephone and make an outgoing call or perform system administration, using the network facilities (lines/trunks) connected to the MERLIN LEGEND Communications System. Hackers, scanning the public switched network by randomly dialing numbers with war dialers (a device that randomly dials telephone numbers, including 800 numbers, until a modem or dial tone is obtained), can find this feature, which will return a dial tone to them. They can even employ war dialers to attempt to discover barrier codes.
Preventive Measures | 1 |
Take the following preventive measures to limit the risk of unauthorized use of the MERLIN LEGEND Communications System Remote Access feature by hackers:
■The Remote Access feature can be abused by criminal toll fraud hackers, if it is not properly administered. Therefore, this feature should not be used unless there is a strong business need.
■It is strongly recommended that customers invest in security adjuncts, which typically use
■If a customer chooses to use the Remote Access feature without a security adjunct, then multiple barrier codes should be employed, with one per user if the system permits. The MERLIN LEGEND Communications System permits a maximum of 16 barrier codes.
■The maximum length should be used for each barrier code, and should be changed periodically. Barrier codes, like passwords, should consist of a random,
If Remote Access is used, an upgrade to MERLIN LEGEND Communications
System Release 3.0 is encouraged to take advantage of the longer barrier code.