MERLIN LEGENDCommunications System Release 6.1

Issue 1

System Planning 555-661-112

August 1998

 

 

ACustomer Support Information

Other Security Hints

Page A-19

Choosing Passwords

1

 

 

Passwords should be the maximum length allowed by the system.

Passwords should be hard to guess and should not contain:

All the same numbers (for example, 1111, 666666)

Sequential characters (for example 123456)

Numbers that can be associated with you or your business, such as your name, birthday, business name, business address, telephone number, or social security number.

Words or commonly used names.

Passwords should be changed regularly, at least on a quarterly basis. Recycling old passwords is not recommended. Never program passwords (or authorization codes or barrier codes) onto a speed dial button.

Improving Physical Security

1

You should always limit access to the system console (or attendant console) and supporting documentation. The following are some recommendations:

Keep the system console and supporting documentation in an office that is secured with a changeable combination lock. Provide the combination only to those individuals having a real need to enter the office.

Keep telephone wiring closets and equipment rooms locked.

Keep telephone logs and printed reports in locations that only authorized personnel can enter.

Design distributed reports so they do not reveal password or trunk access code information.

Keep the voice messaging system Remote Maintenance Device turned off.

Limiting Outcalling

1

When Outcalling is used to contact subscribers who are off-site, use the MERLIN LEGEND Communications System Allowed Lists and Disallowed Lists or Automatic Route Selection features to minimize toll fraud.

If the Outcalling feature will not be used, outward restrict all voice messaging system ports. If Outcalling will be used, ports not used for Outcalling should be Outward Restricted (for MERLIN MAIL Voice Messaging Systems, port 2 on a

2-port system, port 4 on a 4-port system, ports 5 and 6 on a 6-port system; for MERLIN LEGEND MAIL Voice Messaging Systems, port 7 of the system’s module). Use Outward Restriction, Toll Restrictions, Allowed Lists, Disallowed Lists and Facility Restrictions Levels, as appropriate, to minimize the possibility of toll fraud.

Page 309
Image 309
Lucent Technologies 6.1 manual Choosing Passwords, Improving Physical Security, Limiting Outcalling