Technical information

ManualsBrandsAT&T ManualsNetwork RouterDEFINITY Remote Port Security Device

141

142

143

144

145

146

147

148

149

150

MERLIN LEGEND Communications System

Issue 7 June 2001

5-13

 Program the Remote Access feature to require the caller to enter a barrier

code before the system will allow the caller access. Up to 16 different

barrier codes can be programmed, and different restriction levels can be

set for each barrier code.

 For MERLIN LEGEND R3.0, program the Remote Access feature to enter

an authorization code of up to 11 digits. For greater security, always use

the maximum available digits when assigning authorization codes.

 It is strongly recommended that customers invest in security adjuncts,

which typically use one-time passcode algorithms. These security adjuncts

discourage hackers. Since a secure use of the Remote Access feature

generally offers savings over credit card calling, the break-even period can

make the investment in security adjuncts worthwhile.

 If a customer chooses to use the Remote Access feature without a security

adjunct, multiple barrier codes should be employed, with one per user if the

system permits. The MERLIN LEGEND system permits a maximum of 16

barrier codes. The barrier code for each user should not be recorded in a

place or manner that may be accessible for an unauthorized user. The

code should also not indicate facts about or traits of the user that are easily

researched (for example, the user’s birthdate) or discernible (for example,

the user’s hobbies, interests, political inclinations, etc.).

 Use the system’s toll restriction capabilities, to restrict the long distance

calling ability of Remote Access users as much as possible, consistent with

the needs of your business.

 Block out-of-hours calling by manually turning off Remote Access features

at an administration telephone whenever appropriate (if Remote Access is

dedicated on a port).

 Protect your Remote Access telephone number and password. Only give

them to people who need them, and impress upon those people the need

to keep the telephone number and password secret.

 Monitor your SMDR records and/or your Call Accounting System reports

regularly for signs of irregular calls. Review these records and reports for

the following symptoms of abuse:

— Short holding times on one trunk group

— Patterns of authorization code usage (same code used

simultaneously or high activity)

— Calls to international locations not normal for your business

— Calls to suspicious destinations

— High numbers of “ineffective call attempts” indicating attempts at

entering invalid barrier codes or authorization codes

— Numerous calls to the same number

— Undefined account codes