Technical information
MERLIN LEGEND/MAGIX Toll Fraud
Issue 7 June 2001
5-27
Regularly back up your MERLIN MAGIX Integrated System files to ensure
a timely recovery should it be required. Schedule regular, off-site backups.
Keep the Remote Maintenance Device turned off when not in use by Avaya
or your authorized dealer.
Limit transfers to registered subscribers only.
Use the Security Violations Notification options (Mailbox Lock or Warning
Message) to alert you of any mailbox break-in attempts. Investigate all
incidents.
Review security policies and procedures and keep them up to date.
Choosing Passwords
Passwords should be the maximum length allowed by the system.
Passwords should be hard to guess and should not contain:
All the same numbers (for example, 1111, 666666)
Sequential characters (for example, 123456)
Numbers that can be associated with you or your business, such as your
name, birthday, business name, business address, telephone number, or
social security number
Words and commonly used names
Passwords should be changed regularly—at least on a quarterly basis. Recycling
old passwords is not recommended. Never program passwords (or authorization
codes or barrier codes) onto a speed dial button.
Physical Security
You should always limit access to the system console (or attendant console) and
supporting documentation. The following are some recommendations:
Keep the system console and supporting documentation in an office that is
secured with a changeable combination lock. Provide the combination only
to those individuals having a real need to enter the office.
Keep telephone wiring closets and equipment rooms locked.
Keep telephone logs and printed reports in locations that only authorized
personnel can enter.
Design distributed reports so they do not reveal password or trunk access
code information.
Keep the voice messaging system Remote Maintenance Device turned off.