Technical information

ManualsBrandsAT&T ManualsNetwork RouterDEFINITY Remote Port Security Device

161

162

163

164

165

166

167

168

169

170

Small Business Communications Systems

5-40 Issue 7 June 2001

access code and then publish the information to other hackers. Enormous

charges can be run up quickly. It is the customer’s responsibility to take the

appropriate steps to properly implement the features, evaluate and program the

various restriction levels, protect access codes, and distribute access codes only

to individuals who have been fully advised of the sensitive nature of the access

information.

Common carriers are required by law to collect their tariffed charges. If these

charges are fraudulent charges made by persons with criminal intent, applicable

tariffs state that the customer of record is responsible for payment of all

long-distance or other network charges. Avaya cannot be responsible for such

charges and will not make any allowance or give any credit for charges that result

from unauthorized access.

To minimize the risk of unauthorized access to your communications system:



Program the maximum length (11) for systemwide barrier code length

(Release 3.0 and later).

 Use an unpublished remote access number.

 Assign barrier codes randomly to users on a need-to-have basis, keeping a

log of all authorized users and assigning one code to one person.

 Use random-sequence barrier codes, which are less likely to be easily

broken.

 Deactivate all unassigned codes promptly.

 Ensure that remote access users are aware of their responsibility to keep

the telephone number and any barrier codes secure.

 When possible, restrict the off-network capability of off-premises callers,

through use of calling restrictions and Disallowed List features.

 When possible, block out-of-hours calling.

 Frequently monitor system call detail reports for quicker detection of any

unauthorized or abnormal calling patterns.

 Limit Remote Call Forwarding to persons on a need-to-have basis.

 Change barrier codes periodically.

 Beginning with Release 3.0, additional security to prevent telephone toll

fraud is included:

 The remote access default requires a barrier code.

 The barrier code is a flexible-length code ranging from 4 to 11 digits (with a

default of 7) and includes the * character. The length is set systemwide.

 The user is given three attempts to enter the correct barrier code.