Manualshelf

Technical information

ManualsBrandsAT&T ManualsNetwork RouterDEFINITY Remote Port Security Device
61626364656667686970
Large Business Communications Systems
4-10 Issue 7 June 2001
Protecting Vectors That Contain Call Prompting
Hackers try to enter unanticipated digit strings and deceive the switch into
transferring the call to a dial tone source. The Call Prompting feature can collect
digits from the user and route calls to a destination specified by those digits and/or
do conditional processing according to the digits dialed. Examples of destinations
include:
on-premises or off-premises destinations
a hunt group or split
a specific call treatment such as an announcement, forced disconnect or
delay treatment
Calls access call vectors, or the different destinations, by means of VDNs, soft
switch extensions not assigned to a physical equipment location but having many
of the properties of a normal extension number, including a COR. The VDN, when
dialed (or inferred), routes calls to the vector.
Calls processed by the vector
carry the permissions and restrictions associated with the COR of the VDN
.
In order to deny incoming callers access to outgoing facilities, including tie lines,
configure the COR of the VDN to prohibit outgoing access. To do this, follow the
steps listed below. Also see ‘‘Trunk-to-Trunk Transfer’’ on page 4-21.
Assign a Calling Party Restriction of Outward and deny Facility Test Call
capability.
Lower the FRL in the COR to the lowest acceptable value and use
COR-to-COR restrictions to deny access to specific outgoing trunk groups.
(FRL=0 would deny access to network routing preferences.)
Block access to specific CORs assigned to outgoing trunk groups by using
the Calling Permissions section of the Class of Restriction screen.
For DEFINITY ECS and DEFINITY G3, use of Call Vectoring with Prompting for
Remote Access allows the PBX to require a touch-tone response before the caller
hears a Remote Access dial tone. If no response is given, the call can be routed to
an attendant, announcement, or intercept tone. This makes it more difficult for
hackers to detect a Remote Access port.
NOTE:
Avaya strongly recommends, for both security and performance reasons,
that the Ethernet connectivity between the MFB and the set of hosts with
which it will communicate be a separate LAN segment. Otherwise, an
unscrupulous person could gain unauthorized access to the DEFINITY LAN
Gateway application in order to commit toll fraud and/or tamper with the
real-time aspects of CTI applications.
For additional information, refer to CallVisor ASAI Over the DEFINITY LAN
Gateway, 555-230-223.