Instruction manual

ManualsBrandsBetter Music Builder ManualsMicrophones and systemsVM-82U G3

151

152

153

154

155

156

157

158

159

160

MERLIN LEGEND/MAGIX toll fraud

Issue 9 May 2003

6-21

Security risks associated with transferring

through voice messaging systems

Toll fraud hackers try to dial into a voice mailbox and then execute a transfer by

dialing

*T. The hacker then dials an access code (either 9 for ARS or a pooled

facility code), followed by the appropriate digit string to either direct dial or access

a network operator to complete the call.

All extensions are initially, and by default, restricted from dial access to pools. In

order for an extension to use a pool to access an outside line/trunk, this restriction

must be removed.

Preventive measures

Take the following preventive measures to limit the risk of unauthorized transfers

by hackers:

■ Confirm that all MERLIN MAGIX Integrated System voice mail port

extension numbers are outward-restricted. This denies access to facilities

(lines/trunks). Voice mail ports are, by default, outward restricted.

■ As an additional security step, network dialing for all extensions, including

voice mail port extensions, should be processed through ARS using dial

access code

****SECURITY ALERT****

The MERLIN MAGIX Integrated System ships with ARS activated with all

extensions set to Facility Restriction Level 3, allowing all international calling. To

prevent toll fraud, ARS facility restriction levels (FRLs) should be established

using:

FRL 0 for restriction to internal dialing only.

FRL 2 for restriction to local network calling only.

FRL 3 for restriction to domestic long-distance (excluding area code 809 for

the Dominican Republic as this is part of the North American Numbering Plan,

unless 809 is required).

FRL 4 for international calling.

WARNING:

Default local and default toll tables are factory-assigned an FRL of 2. This

simplifies the task of restricting extensions: the FRL for an extension merely

needs to be changed from the default of 3.

WARNING:

Each extension should be assigned the appropriate FRL to match its calling

requirements. All voice mail port extensions not used for outcalling should

be assigned to FRL 0 (the factory setting).