Technical information

ManualsBrandsAT&T ManualsNetwork RouterDEFINITY Remote Port Security Device

231

232

233

234

235

236

237

238

239

240

Voice Messaging Systems

6-44 Issue 7 June 2001

Protecting the MERLIN MAIL, MERLIN

MAIL-ML, MERLIN MAIL R3, and MERLIN

LEGEND Mail Voice Messaging Systems

The MERLIN MAIL, MERLIN MAIL-ML, MERLIN MAIL R3, and MERLIN LEGEND

Mail Voice Messaging Systems provide automated attendant, call answer, and

voice mail functionality. The automated attendant feature answers incoming calls

and routes them to the appropriate department, person, or mailbox. The call

answer feature provides call coverage to voice mailboxes. The voice mail feature

provides a variety of voice messaging features.

Beginning with Release 3.1, ports assigned for use by voice messaging systems

(including generic or integrated VMI ports) are now assigned outward restrictions

by default. Also, FRL 0 and Disallowed List #7 are used. Prior to Release 3.1,

FRL 3 is used. If a voice messaging system should be allowed to call out (for

example, to send calls to a user’s home office), the system manager must remove

these restrictions. Provide outcalling only to mailboxes that have a business need

for the feature.

NOTE:

Unauthorized persons concentrate their activities in two areas: they try to

transfer out of the voice messaging system to gain access to an outgoing

trunk and make long distance calls; or they try to locate unused or

unprotected mailboxes and use them as dropoff points for their own

messages.

Protecting Automated Attendant

Two areas of toll fraud risk are associated with the automated attendant feature.

These are listed below.

 Pooled facility (line/trunk) access codes are translated to a selector code to

allow Remote Access. If a hacker chooses this selector code, the hacker

has immediate access.

 If the automated attendant prompts callers to use the host switch’s Remote

Call Forwarding (RCF) to reach an outside telephone number, the system

may be susceptible to toll fraud. An example of this application is a menu or

submenu that says, “To reach our answering service, press 5,” then

transfers the caller to an external telephone number.

Remote Call Forwarding can only be used securely when the central office

provides “reliable disconnect.” This is sometimes referred to as a forward

disconnect or disconnect supervision. This guarantees that the central

office will not return a dial tone after the called party hangs up. In many

cases, the central office facility is a loop-start line/trunk which does not

provide reliable disconnect. When loop-start lines/trunks are used, if the

calling party stays on the line, the central office will return a dial tone at the

conclusion of the call, enabling the caller to place another call as if it were

being placed from your company.