Instruction manual
MERLIN LEGEND Communications System Release 5.0
System Planning
555-650-112
Issue 1
June 1997
Customer Support Information
Page A-10Security of Your System: Preventing Toll Fraud
A
To minimize the risk of unauthorized access to your communications system:
■ Use an unpublished Remote Access number.
■ Assign access codes randomly to users on a need-to-have basis, keeping
a log of
all
authorized users and assigning one code to one person.
■ Use random-sequence access codes, which are less likely to be easily
broken.
■ Use the longest-length access codes the system will allow.
■ Deactivate all unassigned codes promptly.
■ Ensure that Remote Access users are aware of their responsibility to keep
the telephone number and any access codes secure.
■ When possible, restrict the off-network capability of off-premises callers,
using calling restrictions, Facility Restriction Levels (Hybrid/PBX mode
only), and Disallowed List capabilities. In Release 3.1 and later systems, a
prepared Disallowed List (number 7) is provided and is designed to prevent
the types of calls that toll-fraud abusers often make.
■ When possible, block out-of-hours calling.
■ Frequently monitor system call detail reports for quicker detection of any
unauthorized or abnormal calling patterns.
■ Limit Remote Call Forwarding to persons on a need-to-have basis.
■ Change access codes every 90 days.
■ Use the longest-length barrier codes possible, following the guidelines for
passwords. (See ‘‘
Choosing Passwords’’.)