User's Manual
MERLIN LEGENDCommunications System Release 6.1
System Planning 
555-661-112 
Issue 1
August 1998
Customer Support Information 
Page A-12Toll Fraud Prevention 
A
■ Customers should also take advantage of Lucent Technologies monitoring 
services and devices, such as the NetPROTECT
SM
 family of 
fraud-detection services, CAS with HackerTracker
®
, and CAT Terminal with 
Watchdog. Call 1 800 638-7233 to get more information on these Lucent 
Technologies fraud detection services and products.
Security Risks Associated with Transferring 
through Voice Messaging Systems 1
Toll fraud hackers try to dial into a voice mailbox and then execute a transfer by 
dialing
7. The hacker then dials an access code (either  for Automatic Route 
Selection or a pooled facility code) followed by the appropriate digit string to either 
direct dial or access a network operator to complete the call.
NOTE:
In Release 3.1 and later systems, all extensions are initially and by default 
restricted from dial access to pools. In order for an extension to use a pool 
to access an outside line/trunk, this restriction must be removed.
Preventive Measures 1
Take the following preventive measures to limit the risk of unauthorized transfers 
by hackers:
■ Outward restrict all MERLIN LEGEND Communications System voice mail 
port extension numbers. This denies access to facilities (lines/trunks). In 
Release 3.1 and later systems, voice mail ports are by default outward 
restricted.
■ As an additional security step, network dialing for all extensions, including 
voice mail port extensions, should be processed through ARS using dial 
access code
.
!
SECURITYlALERT:
The MERLIN LEGEND Communications System ships with ARS 
activated with all extensions set to FRL 3, allowing all international 
calling. To prevent toll fraud, ARS FRLs should be established 
using: 
■
FRL 0 for restriction to internal dialing only
■
FRL 2 for restriction to local network calling only
■
FRL 3 for restriction to domestic long-distance (excluding 
area code 809 for the Dominican Republic as this is part of 
the North American Numbering Plan, unless 809 is required) 
■
FRL 4 for international calling










