Technical information

ManualsBrandsAT&T ManualsNetwork RouterDEFINITY Remote Port Security Device

181

182

183

184

185

186

187

188

189

190

Small Business Communications Systems

5-58 Issue 7 June 2001

All voice mail ports, extensions 563, 564, 565, 566, 567, 568, are accessing this list.

 Change SPM (system programming and maintenance) password from default to

“june6.”

 Change T1 toll type from Tie-PBX to Toll.

 Remove remote call forwarding capabilities from extensions 7100, 7116.

 Remove dial out codes from voice mail port extensions 563 – 568.

Recommendations:

 Update Legend/Magix’s back-up.

 Transfer calls to known extension numbers only.

 Never transfer anyone to 90, 900, 500, 700, or to an outside operator.

 Outward restrict any unused extensions, including MFM’s (7300) A copy of the

extension directory is attached.

 Change all passwords frequently (including 9997 and 9999 and 9991, etc.)

 Delete all unused mailboxes.

 Have only the System Administrator transfer call to *10.

 CAUTION: Hackers may abuse your system through Voice Mail, Remote Line

Access, Remote Call Forwarding, Table 19 (Dial 0 for local operator), TIE Lines, T1,

access to 500 service and social engineering. To keep your system as secure as

possible, it is advised not to unrestrict any Toll Fraud security put into place!

 You may contact your Long Distance carrier and restrict 011 and 809 access, if

applicable.

 You may contact your 800 carrier and restrict access to your 800#’s from locations

you do not wish to receive 800 calls from, if applicable.

 You may call your local carrier and restrict 3

party billing.

 It is recommended to restrict access to 500 service through Disallowed List 3 and

Table 13.

 Using marked System Speed Dial numbers may leave an opening for Toll Fraud.

 Using Remote Line Access may leave an opening for Toll Fraud.

 Using Remote Call Forwarding may leave an opening for Toll Fraud.

 It is necessary to restrict the voice ports.

 It is recommended to create Disallowed List 7, and include the most commonly

dialed numbers used by hackers and assign the list to the voice ports.

 It is recommended in Legend R3.0 and less, to restrict all extensions from dialing

“0” for the local operator. You may dial 9-1010288 or 800-CALL-ATT instead. Not

restricting may leave an opening for Toll Fraud. Legend R3.1 and greater, and all

Magix automatically have Disallow List 7.

 Merlin Legend Mail R1. Restrict transfer to registered subscribers only.

 It is recommended to outward restrict the ports for any Auto Attendant.