Technical information

Security Risks

3-8 Issue 7 June 2001

General Security Measures

General security measures can be taken systemwide to discourage unauthorized

use.

Educating Users

Everyone in your company who uses the telephone system is responsible for

system security. Users and attendants need to be aware of how to recognize and

react to potential hacker activity. Informed people are more likely to cooperate

with security measures that often make the system less flexible and more difficult

to use.

 Never program passwords or authorization codes onto auto dial buttons.

Display phones reveal the programmed numbers and internal abusers can

use the auto dial buttons to originate unauthorized calls.

 Discourage the practice of writing down passwords. If a password needs to

be written down, keep it in a secure place and never discard it while it is

active.

 Attendants should tell their system manager if they answer a series of calls

where there is silence on the other end or the caller hangs up.

 Users who are assigned voice mailboxes should frequently change

personal passwords and should not choose obvious passwords (see

‘‘Choosing Passwords’’ on page 3-5).

 Advise users with special telephone privileges (such as Remote Access,

voice mail outcalling, and call forwarding off-switch) of the potential risks

and responsibilities.

 Be suspicious of any caller who claims to be with the telephone company

and wants to check an outside line. Ask for a callback number, hang up,

and confirm the caller’s identity.

 Never distribute the office telephone directory to anyone outside the

company; be careful when discarding it.

 Never accept collect phone calls.

 Never discuss your telephone system’s numbering plan with anyone

outside the company.