Manualshelf

Technical information

ManualsBrandsAT&T ManualsNetwork RouterDEFINITY Remote Port Security Device
51525354555657585960
Large Business Communications Systems
4-2 Issue 7 June 2001
Keeping Unauthorized Third Parties
from Entering the System
How Third Parties Enter the System
The major ways in which unauthorized third parties gain entry into the system are
as follows:
Remote Access
Remote Maintenance Port
Vectors
Transfers from adjunct systems, including voice mail systems, call
prompters, and voice response systems.
Protecting the Remote Access Feature
Remote Access, or Direct Inward System Access (DISA), allows callers to call into
the PBX from a remote location (for example, a satellite office or while traveling)
and use the system facilities to make calls. When properly secured, the Remote
Access feature is both cost-efficient and convenient. However, every security
measure has an offsetting level of inconvenience for the user. These
inconveniences must be weighed against the possible risk of toll fraud.
Security Tips
Evaluate the necessity for Remote Access. If this feature is not vital to your
organization, consider deactivating the feature. If you need the feature, use
as many of the security measures presented in this chapter as you can.
Use a unpublished telephone number for this feature. Professional hackers
scan telephone directories for local numbers and 800 numbers used for
Remote Access. Keeping your Remote Access number out of the phone
book helps prevent it from getting into the wrong hands. Avoid
administering a night service destination to Remote Access on any
published number.
Keep an authorized user list and reevaluate it on a need-to-have basis.
If possible, administer Remote Access (DEFINITY ECS, DEFINITY G1,
G3, and System 75) so no dial-tone prompt is supplied for entry of the
Authorization Code. No dial tone after a Remote Access call is connected
discourages most hackers who listen for dial tone or use modems to detect
dial tone.
Restrict the bands or area code sets when you offer Remote Access on an
800 number. If all your authorized users are on the east coast, for example,
do not provide trunks that allow calling in from San Francisco.