Technical information

ManualsBrandsAT&T ManualsNetwork RouterDEFINITY Remote Port Security Device

191

192

193

194

195

196

197

198

199

200

Protecting Voice Messaging Systems

Issue 7 June 2001

6-3

All security restrictions that prevent transfer to these codes should be

implemented. The only tool a criminal needs to breach an inadequately secured

system is a touch tone telephone. With the advent of cellular phones, hackers

have yet another means of accessing voice mailboxes. If a user calls the voice

mail system from a cellular phone and inputs his or her password, the voice

mailbox becomes vulnerable to toll fraud. Since cellular phones can be monitored,

a hacker can obtain the password and access the voice mailbox. Tell users not to

enter passwords on a cellular phone.

Security Tips

 Restrict transfers back to the host PBX, by not allowing transfers, by using

Enhanced Call Transfer, or by allowing Transfer to Subscriber Only.

 When password protection into voice mailboxes is offered, it is

recommended that you use the maximum length password where feasible.

 Deactivate unassigned voice mailboxes. When an employee leaves the

company, remove the voice mailbox.

 Do not create voice mailboxes before they are needed.

 Establish your password as soon as your voice mail system extension is

assigned. This ensures that only YOU will have access to your mailbox not

anyone who enters your extension number and #. (The use of only the “#”

indicates the lack of a password. This fact is well-known by telephone

hackers.)

 Never have your greeting state that you will accept third party billed calls. A

greeting like this allows unauthorized individuals to charge calls to your

company. If you call someone at your company and get a greeting like this,

point out the vulnerability to the person and recommend that they change

the greeting immediately.

 Never use obvious or trivial passwords, such as your phone extension,

room number, employee identification number, social security number, or

easily guessed numeric combinations (for example, 999999). See

‘‘Administration / Maintenance Access’’ on page 3-4 and ‘‘General Security

Measures’’ on page 3-8 for secure password guidelines.

 Change adjunct default passwords immediately; never skip the password

entry. Hackers find out defaults.

 Lock out consecutive unsuccessful attempts to enter a voice mailbox.

 Discourage the practice of writing down passwords, storing them, or

sharing them with others. If a password needs to be written down, keep it in

a secure place and never discard it while it is active.

 Never program passwords onto auto dial buttons.