Lucent Technologies 5 User Manual
MERLIN LEGEND Communications System Release 5.0
System Manager’s Guide
System Manager’s Guide
555-650-118
Issue 1
June 1997
Customer Support Information
Page A-13
Toll Fraud Prevention
A
■
Pooled facility (line/trunk) access codes are translated to a menu prompt to
allow Remote Access. If a hacker finds this prompt, the hacker has
immediate access. (In Release 3.1 and later systems, dial access to pools
is initially factory-set to restrict all extensions: to allow pool access, this
restriction must be removed by the system manager.)
allow Remote Access. If a hacker finds this prompt, the hacker has
immediate access. (In Release 3.1 and later systems, dial access to pools
is initially factory-set to restrict all extensions: to allow pool access, this
restriction must be removed by the system manager.)
■
If the Automated Attendant prompts callers to use Remote Call Forwarding
(RCF) to reach an outside telephone number, the system may be
susceptible to toll fraud. An example of this application is a menu or
Submenu that says, “To reach our answering service, select prompt
number 5,” and transfers a caller to an external telephone number.
(RCF) to reach an outside telephone number, the system may be
susceptible to toll fraud. An example of this application is a menu or
Submenu that says, “To reach our answering service, select prompt
number 5,” and transfers a caller to an external telephone number.
Remote Call Forwarding can be used securely only when the central office
provides “reliable disconnect” (sometimes referred to as forward
disconnect or disconnect supervision), which guarantees that the central
office does not return a dial tone after the called party hangs up. In most
cases, the central office facility is a loop-start line/trunk which does not
provide reliable disconnect. When loop-start lines/trunks are used, if the
calling party stays on the line, the central office does return a dial tone at
the conclusion of the call, enabling the caller to place another call as if it
were being placed from your company. Ground-start trunks provide reliable
disconnect and should be used whenever possible.
provides “reliable disconnect” (sometimes referred to as forward
disconnect or disconnect supervision), which guarantees that the central
office does not return a dial tone after the called party hangs up. In most
cases, the central office facility is a loop-start line/trunk which does not
provide reliable disconnect. When loop-start lines/trunks are used, if the
calling party stays on the line, the central office does return a dial tone at
the conclusion of the call, enabling the caller to place another call as if it
were being placed from your company. Ground-start trunks provide reliable
disconnect and should be used whenever possible.
Preventive Measures
1
Take the following preventive measures to limit the risk of unauthorized use of the
Automated Attendant feature by hackers:
Automated Attendant feature by hackers:
■
Do not
use Automated Attendant prompts for Automatic Route Selection
(ARS) Codes or Pooled Facility Codes.
■
Assign all unused Automated Attendant Selector Codes to zero, so that
attempts to dial these are routed to the system attendant.
attempts to dial these are routed to the system attendant.
■
If Remote Call Forwarding (RCF) is required, MERLIN LEGEND
Communications System owners should coordinate with their Lucent
Technologies Account Team or authorized dealer to verify the type of
central office facility used for RCF. If it is a ground-start line/trunk, or if it is
a loop-start line/trunk and central office reliable disconnect can be ensured,
then nothing else needs to be done.
Communications System owners should coordinate with their Lucent
Technologies Account Team or authorized dealer to verify the type of
central office facility used for RCF. If it is a ground-start line/trunk, or if it is
a loop-start line/trunk and central office reliable disconnect can be ensured,
then nothing else needs to be done.
NOTE:
In most cases these are loop-start lines/trunks without reliable disconnect.
The local telephone company must be involved in order to change the
facilities used for RCF to ground start lines/trunks. Usually a charge applies
for this change. Also, hardware and software changes may be necessary in
the MERLIN LEGEND Communications System. The
The local telephone company must be involved in order to change the
facilities used for RCF to ground start lines/trunks. Usually a charge applies
for this change. Also, hardware and software changes may be necessary in
the MERLIN LEGEND Communications System. The
MERLIN MAIL
MERLIN and
MERLIN LEGEND
MAIL Automated Attendant feature
merely accesses the RCF feature in the MERLIN LEGEND
Communications System. Without these changes being made, this feature
is highly susceptible to toll fraud. These same preventive measures must
Communications System. Without these changes being made, this feature
is highly susceptible to toll fraud. These same preventive measures must