Technical information
Voice Messaging Systems
6-34 Issue 7 June 2001
Security Tips
Toll fraud is possible when the application allows the incoming caller to make a
network connection with another person. Thus, bridging to an outbound call, call
transfer, and 3-way-conferencing should be protected.
Require callers to use passwords.
Have the application verify that long distance numbers are not being
requested, or verify that only permitted numbers are requested.
Use appropriate switch translation restrictions.
Restrict the COR and have distinctive audible alert set to no for all analog
ports assigned in the switch. If no calls are routed out of the system, assign
outward restriction and an FRL of 0, and enter
no for all trunk group CORs.
MERLIN II Communications System
The MERLIN II Communications System may be used with the MERLIN MAIL
Voice Messaging System. For security measures to protect the voice messaging
system, see ‘‘Protecting the MERLIN MAIL Voice Messaging System’’ on page
6-34.
Also see ‘‘Related Documentation’’ in the ‘‘About This Document’’ section for a list
of manuals on this product.
The MERLIN II Communications System R3 offers the following features:
It does not allow trunk-to-trunk transfer, thus reducing toll fraud exposure.
To reduce the system’s vulnerability to toll fraud, do the following:
Program the MERLIN II Communications System to assign Toll Restriction
level to the MERLIN MAIL Voice Messaging System ports.
Monitor SMDR reports and/or Call Accounting System reports for outgoing
calls that might be originated by internal and external abusers.
Protecting the MERLIN MAIL Voice Messaging
System
Unauthorized persons concentrate their activities in two areas with the MERLIN
MAIL Voice Messaging System:
They try to use the MERLIN MAIL Voice Messaging System to gain access
to an outgoing trunk in order to make long distance calls.
They try to locate unused or unprotected mailboxes and use them as
dropoff points for their own messages.