Instruction manual

ManualsBrandsBetter Music Builder ManualsMicrophones and systemsVM-82U G3

201

202

203

204

205

206

207

208

209

210

Protecting voice messaging systems

Issue 9 May 2003

7-3

All security restrictions that prevent transfer to these codes should be

implemented. The only tool a criminal needs to breach an inadequately secured

system is a touch-tone telephone. With the advent of cellular phones, hackers

have yet another means of accessing voice mailboxes. If a user calls the voice

mail system from a cell phone and inputs his or her password, the voice mailbox

becomes vulnerable to toll fraud. Since cell phones can be monitored, a hacker

can obtain the password and access the voice mailbox. Tell users not to enter

passwords on a cell phone.

Security tips

■ Restrict transfers back to the host PBX by not allowing transfers, by using

enhanced call transfer, or by allowing transfer to subscriber only.

■ When password protection into voice mailboxes is offered, it is

recommended that you use the maximum length password where feasible.

■ Deactivate unassigned voice mailboxes. When an employee leaves the

company, remove the voice mailbox.

■ Do not create voice mailboxes before they are needed.

■ Establish your password as soon as your voice mail system extension is

assigned. This ensures that only you will have access to your mailbox - not

anyone who enters your extension number and #. (The use of only the “#”

indicates the lack of a password. This fact is well-known by telephone

hackers.)

■ Never have your greeting state that you will accept third party billed calls. A

greeting like this allows unauthorized individuals to charge calls to your

company. If you call someone at your company and get a greeting like this,

point out the vulnerability to the person and recommend that they change

the greeting immediately.

■ Never use obvious or trivial passwords, such as your phone extension,

room number, employee identification number, social security number, or

easily guessed numeric combinations (for example, 999999). See

‘‘Administration / maintenance access’’ on page 4-4

and ‘‘General security

measures’’ on page 4-8 for secure password guidelines.

■ Change adjunct default passwords immediately; never skip the password

entry. Hackers find out defaults.

■ Lock out consecutive unsuccessful attempts to enter a voice mailbox.

■ Discourage the practice of writing down passwords, storing them, or

sharing them with others. If a password needs to be written down, keep it in

a secure place and never discard it while it is active.

■ Never program passwords onto auto dial buttons.