Customer Support Information
System Programming
A–11
The following is a discussion of how toll fraud is often perpetrated and ways to
prevent unauthorized access that can lead to toll fraud.
Physical Security, Social Engineering, and
General Security Measures
Criminals called
hackers
may attempt to gain unauthorized access to your
communications system and voice messaging system in order to use the system
features. Hackers often attempt to trick employees into providing them with
access to a network facility (line/trunk) or a network operator. This is referred to
as social engineering. Hackers may pose as telephone company employees
and employees of AT&T or your authorized dealer. Hackers will go through a
company’s trash to find directories, dialing instructions, and other information
that will enable them to break into the system. The more knowledgeable they
appear to be about the employee names, departments, telephone numbers,
and the internal procedures of your company, the more likely it is that they will be
able to trick an employee into helping them.
Preventive Measures
Take the following preventive measures to limit the risk of unauthorized access
by hackers:
n
Provide good physical security for the room containing your
telecommunications equipment and the room with administrative tools,
records, and system manager information. These areas should be locked
when not attended.
n
Provide a secure trash disposal for all sensitive information, including
telephone directories, call accounting records, or anything that may
supply information about your communications system. This trash should
be shredded.
n
Educate employees that hackers may try to trick them into providing them
with dial tone or dialing a number for them. All reports of trouble, requests
for moving extensions, or any other administrative details associated with
the MERLIN LEGEND Communications System should be handled by one
person (the system manager) or within a specified department. Anyone
claiming to be a telephone company representative should be referred to
this person or department.
n
No one outside of AT&T needs to use the MERLIN LEGEND
Communications System to test facilities (lines/trunks). If a caller identifies
him or herself as an AT&T employee, the system manager should ask for
a telephone number where the caller can be reached. The system
manager should be able to recognize the number as an AT&T telephone
number.
Before connecting the caller to the administrative port of the
MERLIN LEGEND Communications System, the system manager should
feel comfortable that a good reason to do so exists
. In any event, it is not
advisable to give anyone access to network facilities or operators, or to
dial a number at the request of the caller.
Содержание MERLIN LEGEND Release 3.1
Страница 372: ...Memory Card 3 236 Common Administrative Procedures...
Страница 572: ...Telephones 4 200 Programming Procedures...
Страница 715: ...Memory Card Programming Procedures 4 343...
Страница 749: ...Feature Quick Reference 5 34 Centralized Telephone Programming...
Страница 773: ...Customer Support Information B 2 System Programming...
Страница 798: ...Button Diagrams E 6 System Programming...
Страница 800: ...Sample Reports F 2 System Programming Continued on next page...