Technical information
Tools that Restrict Unauthorized Outgoing Calls
Issue 7 June 2001
4-19
ARS Dial Tone
For all switches, the dial tone after the ARS feature access code is optional and
can be eliminated to confuse hackers who listen for it. Conversely, however, its
elimination may also confuse authorized users who are accustomed to the second
dial tone.
Station Restrictions
If access to trunks via TACs is necessary for certain users to allow direct dial
access to specific facilities, use the appropriate restrictions. For DEFINITY G2
and System 85, assign Miscellaneous Trunk Restriction Groups (MTRGs) to all
trunk groups that allow dial access, then deny access to the MTRGs on the COS.
For DEFINITY ECS, DEFINITY G1, G3, and System 75, if all trunk groups have
their own unique COR, then restrict the station CORs from accessing the trunk
group CORs. For those stations and all trunk-originated calls, always use
ARS/WCR for outside calling.
Recall Signaling (Switchhook Flash)
Recall signaling allows analog station users to place a call on hold and consult
with another party or activate a feature. After consulting with the third party, the
user can conference the third party with the original party by another recall signal,
or return to the original party by pressing Recall twice or by flashing the
switchhook twice.
However, hackers have been able to activate recall signaling to gain second dial
tone and conference incoming and outgoing paths together. To prevent this,
administer switchhook flash to “n” (administered by means of the Add or Change
Station screen) for FAX machines and modems.
Attendant - Controlled Voice Terminals
When telephones are located in easily-accessible locations (such as lobbies) that
do not provide protection against abuse, you can assign them to an
attendant-controlled voice terminal group. Calls from the group can be connected
to an attendant who screens the calls. As part of the night shut down procedure,
the attendant can activate outgoing call restrictions on the group.