Avaya 8400B Plus User Manual
Security Issues
Issue 2 November 1996
xiii
PBX Security Measures
Everyone in your company who uses the telephone system is responsible for
system security. Users and attendants need to be aware of how to recognize
and react to potential hacker activity. Informed people are more likely to
cooperate with security measures that often make the system less flexible and
more difficult to use.
system security. Users and attendants need to be aware of how to recognize
and react to potential hacker activity. Informed people are more likely to
cooperate with security measures that often make the system less flexible and
more difficult to use.
Implement the following general security measures to protect your PBX, and
discourage the unauthorized use of your communications system.
discourage the unauthorized use of your communications system.
■
Never program passwords or authorization codes onto auto-dial buttons.
Display phones reveal the programmed numbers, and internal abusers
can use the auto-dial buttons to originate unauthorized calls.
Display phones reveal the programmed numbers, and internal abusers
can use the auto-dial buttons to originate unauthorized calls.
■
Discourage the practice of writing down passwords. If a password needs
to be written down, keep it in a secure place and never discard it while it
is active.
to be written down, keep it in a secure place and never discard it while it
is active.
■
Attendants should tell their system manager if they answer a series of
calls where there is silence on the other end or the caller hangs up.
calls where there is silence on the other end or the caller hangs up.
■
Users who are assigned voice mailboxes should frequently change
personal passwords and should not choose obvious passwords.
personal passwords and should not choose obvious passwords.
■
Advise users with special telephone privileges (such as Remote Access,
voice mail outcalling, and call forwarding off-switch) of the potential risks
and responsibilities.
voice mail outcalling, and call forwarding off-switch) of the potential risks
and responsibilities.
■
Be suspicious of any caller who claims to be with the telephone company
and wants to check an outside line. Ask for a callback number, hang up,
and confirm the caller’s identity.
and wants to check an outside line. Ask for a callback number, hang up,
and confirm the caller’s identity.
■
Never distribute the office telephone directory to anyone outside the
company; be careful when discarding it.
company; be careful when discarding it.
■
Never accept collect phone calls.
■
Never discuss your telephone system’s numbering plan with anyone
outside the company.
outside the company.