Instruction manual
MERLIN LEGEND Communications System Release 5.0
Maintenance and Troubleshooting
555-650-140
Issue 1
June 1997
Customer Support Information
Page A-17
Toll Fraud Prevention
Security Risks Associated with Transferring
through voice messaging systems
Toll fraud hackers try to dial into a voice mailbox and then execute a transfer by
dialing
. The hacker then dials an access code (either for Automatic Route
Selection or a pooled facility code) followed by the appropriate digit string to either
direct dial or access a network operator to complete the call.
NOTE:
In Release 3.1 and later systems, all extensions are initially and by default
restricted from dial access to pools. In order for an extension to use a pool
to access an outside line/trunk, this restriction must be removed.
Preventive Measures
Take the following preventive measures to limit the risk of unauthorized transfers
by hackers:
■ Outward restrict all MERLIN LEGEND voice mail port extensions. This
denies access to facilities (lines/trunks). In Release 3.1 and later
systems, voice mail ports are by default outward restricted.
■ As an additional security step, network dialing for all extensions,
including voice mail port extensions, should be processed through ARS
using dial access code
.
Security Alert:
The MERLIN LEGEND system ships with ARS acti-
vated with all extensions set to Facility Restriction Level 3, allowing all inter-
national calling. To
prevent toll fraud, ARS Facility Restriction Levels (FRLs) should be estab-
lished using:
■
FRL 0 for restriction to internal dialing only
■
FRL 2 for restriction to local network calling only
!