Technical information
Small Business Communications Systems
5-8 Issue 7 June 2001
Unlike the MERLIN II Communications System R3, the MERLIN LEGEND
Communications System does not allocate touch-tone receivers for incoming
calls, and thus will not interpret touch tones from a caller as an attempt to
circumvent toll restriction, and will not disconnect the call. This could leave the
MERLIN LEGEND Communications System vulnerable to toll fraud if the ports are
not outward restricted.
Preventative Measures
Provide good physical security for the room containing your
telecommunications equipment and the room with administrative tools,
records, and system programming information. These areas should be
locked when not attended.
Provide a secure trash disposal for all sensitive information, including
telephone directories, call accounting records, or anything that may supply
information about your communications system. This trash should be
shredded.
Educate employees that hackers may try to trick them into providing them
with dial tone or dialing a number for them. All reports of trouble, requests
for moving extensions, or any other administrative details associated with
the MERLIN LEGEND Communications System should be handled by one
person (the system manager) or within a specified department. Anyone
claiming to be a telephone company representative should be referred to
this person or department.
No one outside of Avaya needs to use the MERLIN LEGEND
Communications System to test facilities (lines/trunks). If a caller identifies
himself or herself as an Avaya employee, the system manager should ask
for a telephone number where the caller can be reached. The system
manager should be able to recognize the number as an Avaya telephone
number. Before connecting the caller to the administrative port of the
MERLIN LEGEND Communications system, the system manager should
feel comfortable that a good reason to do so exists. In any event, it is not
advisable to give anyone access to network facilities or operators, or to dial
a number at the request of the caller.
Any time a call appears to be suspicious, call the Avaya Fraud Intervention
Center at 1 800 628-2888 (fraud intervention for System 25, PARTNER
and MERLIN systems).
Customers should also take advantage of Avaya monitoring services and
devices, such as the NetPROTECT
SM
family of fraud-detection services,
CAS with HackerTracker
®
and CAT Terminal with Watchdog. Call 1 800
638-7233 to get more information on these Avaya fraud detection services
and products.