Technical information
Voice Messaging Systems
6-48 Issue 7 June 2001
Additional MERLIN MAIL R3 and
MERLIN LEGEND
Mail Voice Messaging System Security Features
The MERLIN MAIL R3 and MERLIN LEGEND Mail Voice Messaging System
includes the following additional security features:
The Transfer to Registered Subscribers Only setting of the Transfer
Restrictions feature allows callers to be transferred only to users who have
mailboxes in the system. Avaya strongly recommends using this feature to
guard against toll fraud.
Transfer-Only mailboxes allow callers to reach extensions that need to be
transfer destinations but do not need to receive messages. A maximum of
255 Transfer-Only mailboxes are available.
The System Administrator can set the Minimum Password Length to any
value from 0-15 digits. The default value is six digits. Every subscriber’s
mailbox password and the System Administration Password must be at
least six digits.
NOTE:
A Minimum Password Length of at least six digits is strongly
recommended. The shorter the Minimum Password Length, the more
vulnerable your system is to abuse by unauthorized persons. Choose
the largest acceptable minimum length in order to maximize the
security of your system.
The Security Violation Notification feature enables the System
Administrator to choose to be warned about possible mailbox break-in
attempts. The System Administrator can choose from the following options:
Mailbox Lock — Locks the subscriber’s mailbox and sends a
warning message to the mailbox owner’s mailbox and the System
Administrator’s mailbox.
Warning Message — Sends a warning message to the mailbox
owner’s mailbox and the System Administrator’s mailbox (factory
setting).
No Security Notification (strongly discouraged).
When a caller reaches the maximum number of unsuccessful login
attempts, and Security Violation Notification is set to either Mailbox Lock or
Warning Message, the system plays the message, “Login incorrect. Too
many unsuccessful login attempts. The System Administrator has been
notified. Good-bye.” The system sends a warning message to the mailbox
owner and to the System Administrator.
NOTE:
The System Administrator should use the most restrictive form of the
feature that the business allows. Use the Mailbox Lock option unless
this is too restrictive for your business. Use the Warning Message
option otherwise. It is strongly discouraged to administer a system
without Security Violation Notification. The System Administrator
should investigate all warning messages received.