Technical information

MERLIN LEGEND Communications System

Issue 7 June 2001

6-41

Security Tips

 At the switch, assign toll restrictions to voice message system and

automated attendant ports.

 If you do not use the outcalling features of the voice messaging system,

restrict the outward calling capability of all voice ports.

 Use a dial plan that does not allow extensions beginning with the same

digits as ARS, TAC, or verification and test codes.

 Inform all system operators that they are not to dial outside calls. Request

that operators report all attempts to bypass switch restrictions to the

telecommunications department for repairs or to the corporate security

office for investigation.

 Restrict the numbers for outcalling with a disallowed list.

 Do not use default initial passwords that follow any scheme. Have a list of

random passwords and select one when you create the mailbox. Require

that the mailbox owner personally appear at the corporate security office or

telecommunications office to obtain the initial password. Go over the

subscriber password guidelines with the subscriber when you give out the

initial password.

 Make sure subscribers change the initial password the first time they log in

to the AUDIX system by making the initial password shorter than the

minimum password length.

 Use the password aging feature so that users must change their

passwords monthly.

 Discourage the practice of writing down passwords, storing them, or

sharing them with others.

 Inform employees on how to report suspected toll fraud to the corporate

security office.

Security Measures

The following are suggested security measures to be used with the INTUITY AUDIX

Voice Messaging System.