Manualshelf

Technical information

ManualsBrandsAT&T ManualsNetwork RouterDEFINITY Remote Port Security Device
151152153154155156157158159160
Small Business Communications Systems
5-24 Issue 7 June 2001
Security Risks Associated with the Remote
Access Feature
Remote Access allows the MERLIN MAGIX Integrated System owner to access
the system from a remote telephone and make an outgoing call or perform system
administration using the network facilities (lines/trunks) connected to the MERLIN
MAGIX Integrated System. Hackers, scanning the public switched network by
randomly dialing numbers with war dialers (a device that randomly dials telephone
numbers, including 800 numbers, until a modem or dial tone is obtained), can find
this feature, which will return a dial tone to them. They can even employ war
dialers to attempt to discover barrier codes.
Preventive Measures
Take the following preventive measures to limit the risk of unauthorized use of the
MERLIN MAGIX Integrated System Remote Access feature:
The Remote Access feature can be abused by criminal toll fraud hackers if
it is not properly administered. Therefore, this feature should not be used
unless there is a strong business need.
It is strongly recommended that customers invest in security adjuncts,
which typically use one-time passcode algorithms. These security adjuncts
discourage hackers. Since a secure use of the Remote Access feature
generally offers savings over credit-card calling, the break-even period can
make the investment in security adjuncts worthwhile.
If a customer chooses to use the Remote Access feature without a security
adjunct, then multiple barrier codes should be employed, with one per user,
if the system permits. The MERLIN MAGIX Integrated System permits a
maximum of 16 barrier codes.
The maximum length should be used for each barrier code, and should be
changed periodically. Barrier codes, like passwords, should consist of a
random, hard-to-guess sequence of digits. The MERLIN MAGIX Integrated
System permits a barrier code of up to 11 digits.
Other Security Hints
Make sure that the Automated Attendant selector codes do not permit outside line
selection.
Multiple layers of security are always recommended to keep your system secure.
A number of measures and guidelines that can help you ensure the security of
your system and voice messaging system follows: