Manualshelf

Instruction manual

ManualsBrandsBetter Music Builder ManualsMicrophones and systemsVM-82U G3
51525354555657585960
Security risks
4-4 Issue 9 May 2003
Voice messaging systems
Voice messaging systems provide a variety of voice messaging applications;
operating similarly to an electronic answering machine. Callers can leave
messages for employees (subscribers) who have voice mailboxes assigned to
them. Subscribers can play, forward, save, repeat, and delete the messages in
their mailboxes. Many voice messaging systems allow callers to transfer out of
voice mailboxes and back into the PBX system.
When hackers connect to the voice messaging system, they try to enter digits that
connect them to an outside facility. For example, hackers enter a transfer
command (the AUDIX Voice Mail System uses ), followed by an outgoing
trunk access number for an outside trunk. Most hackers do not realize how they
gained access to an outside facility; they only need to know the right combination
of digits. See Chapter 7
for information on securing your voice messaging system.
Sometimes hackers are not even looking for an outside facility. They enter a voice
messaging system to find unassigned voice mailboxes. When they are
successful, they assign the mailboxes to themselves, relatives, and friends, and
use them to exchange toll-free messages. Hackers can even use cellular phones
to break into voice mailboxes. (See ‘‘Protecting voice messaging systems’’ on
page 7-2.) In addition, unauthorized access to voice messaging systems can
allow hackers to access the switch and change administration data. See
‘‘Increasing product access (port) security’’ on page 4-6
.
Administration / maintenance access
Expert toll hackers target the administration and maintenance capabilities of
customer premises equipment-based systems. Once criminals gain access to the
administration port, they are able to change system features and parameters so
that fraudulent calls can be made. The following measures can be taken to
prevent high level access to system administration.
Changing default passwords
To simplify initial setup and allow for immediate operation, either the switch and
adjuncts are assigned default administration passwords, or passwords are
disabled, depending on the date of installation. Hackers who have obtained
copies of customer premises equipment-based and adjunct system
documentation circulate the known default passwords to try to gain entry into
systems. To date, the vast majority of hacker access to maintenance ports has
been through default customer passwords. Be sure to change or void all default
passwords to end this opportunity for hackers.
The following is a list of customer logins for systems in this handbook that provide
login capabilities. For information on password parameters, see the applicable
system chapter. For information on how to change passwords, see Chapter 14
.
*
T