DEFINITY ECS Release 8.2
Administrator’s Guide
555-233-506 Issue 1
April 2000
Enhancing system security
308Preventing toll fraud
11
9. Monitor traffic and system activity for abnormal patterns
Activate features that “turn off” access in response to unauthorized access
attempts.
Use Traffic and Call Detail reports to monitor call activity levels.
10. Educate system users to recognize toll fraud activity and react
appropriately
From safely using calling cards to securing voice mailbox password, train
your users on how to protect themselves from inadvertent compromises to
the system’s security.
11. Monitor access to the dial-up maintenance port. Change the access
password regularly and issue it only to authorized personnel. Consider
activating Access Security Gateway.
12. Create a switch system management policy concerning employee turnover
and include these actions:
a. Delete any unused voice mailboxes in the voice mail system.
b. Immediately delete any voice mailboxes belong ing to a terminated
employee.
c. Immediately remove the authorization code if a terminated
employee had screen calling privileges and a personal authorization
code.
d. Immediately change barrier codes and/or authorization codes shared
by a terminated employee. Notify the remaining users of the change.
e. Remove a terminated employee’s login ID if they had access to the
system administration interface. Change any associated passwords
immediately.
13. Back up system files regularly to ensure a timely recovery. Schedule
regular, off-site backups.
14. Callers misrepresenting themselves as the “phone company,” “AT&T,”
“RBOCS,” or even known employees within your company may claim to
be testing the lines and ask to be transferred to “900,” “90,” or ask the
attendant to do “start 9 release.” This transfer reaches an outside operator,
allowing the unauthorized caller to place a long distance or international
call. Instruct your users to never transfer these calls. Do not assume that if
“trunk to trunk transfer” is blocked this cannot happen.
15. Hackers run random generator PC programs to detect dial tone. Then they
revisit those lines to break barrier codes and/or autho rizatio n codes t o make
fraudulent calls or resell their services. They do this using your telephone
lines to incur the cost of the call. Frequently these call/sell operations are