Technical information
Security Risks
3-20 Issue 7 June 2001
Prevent theft of
information via
Voice Messaging
System
Assign secure
passwords
Passwords
(PARTNER Plus
Communications
System R3.1 and
later, and
PARTNER II
Communications
System R3 and
later)
Encourage users
to select
non-trivial,
maximum-length
passwords
Administer
minimum
password length
Passwords
(MERLIN MAIL
R3 Voice
Messaging
System only)
Administer a
minimum
password length
of at least 6 digits
Restrict who can
use outcalling
COS Select a COS
that does not
permit outcalling
Set number of
consecutive
unsuccessful
login attempts
before mailbox is
locked
Security Violation
Notification
(MERLIN MAIL
R3 Voice
Messaging
System only)
Use the Mailbox
Lock or Warning
Message option,
set to a low
threshold
Prevent
unauthorized use
of facilities
Restrict who can
dial out
Switch Dial
Restrictions
Use line access
restrictions,
outgoing call
restrictions,
allowed lists, and
disallowed lists;
assign to VMS
hunt group
extensions
1. The risk of toll fraud applies only if the Remote Administration Unit (RAU) is installed
with the PARTNER II or PARTNER Plus Communications System.
Table 3-3. Security Goals: PARTNER II and PARTNER Plus Communications
Systems (Continued)
Security Goal Method Security Tool Steps
Continued on next page