Technical information

ManualsBrandsAT&T ManualsNetwork RouterDEFINITY Remote Port Security Device

221

222

223

224

225

226

227

228

229

230

Voice Messaging Systems

6-36 Issue 7 June 2001

To reduce the risk of unauthorized access through your voice messaging system,

observe the following procedures:

 Monitor SMDR reports and/or Call Accounting System reports for outgoing

calls that might be originated by internal and external abusers.

 Create a Disallowed List to disallow dialing 0, 70, 011, 809, 1809, 0809, 10,

9999, 411, 1411, 800, 888, 700, 900, 976, 550, 1800, 1888,1700, 1500,

1900, 1976, 1550, 0800, 0888, 0700, 0500, 0900, 0976, and 0550. Assign

all MERLIN MAIL Voice Messaging System ports to this list. Avaya

recommends using List 7 — the last Disallowed List. This is an added layer

of security, in case other restrictions are inadvertently removed.

 Require employees who have voice mailboxes to use 4-digit passwords to

protect their mailboxes.

 Require the System Administrator and all voice mailbox owners to change

their password from the default.

 Have employees use random sequence passwords.

 Impress upon employees the importance of keeping their passwords a

secret.

 Encourage employees to change their passwords regularly.

 Use a secure password for the General Mailbox.

 Reassign the System Administrator’s mailbox/extension number from the

default of 9997. Be certain to password protect the new mailbox.

 Have the MERLIN MAIL Voice Messaging System Administrator delete

unneeded voice mailboxes from the system immediately.

 Set the maximum number of digits in an extension parameter appropriate

to your dial plan. The MERLIN MAIL Voice Messaging System will not

perform transfers to extensions greater than that number.

 When possible, restrict the off-network capability of callers by using calling

restrictions and Disallowed List features.

 When possible, block out-of-hours calling.

 Toll Restrict all voice mail port extensions.

 Consider requiring network dialing to be allowed through ARS only.

 Deny access to pooled facility codes by removing pool dial-out codes 9,

890-899, or any others on your system.

 Instruct employees to contact their System Administrator immediately if

any of the following occur:

 strange voice mail messages are received

 their personal greeting has been changed

 they suspect their MERLIN MAIL Voice Messaging System mailbox

is being used by someone else