Checking Voice Services Security

CAUTION: See Knowledge Base articles, 09-5127-00021, 13-1263-00095, 09-5191-00132, and 13-5191-00310 for information on how to protect against toll fraud.

To maintain a secure system

1. If someone leaves the company, delete the user's name from the User Authorization Profile ( ) and the Telephone Directory ( ) forms.

Also, disable any personal accounts and change the user names and passwords at ALL levels that they may have had access to.

2. Change all account codes that are known by any user who leaves the company. Change account codes in the Independent Account Codes form.

3. Ensure that you record user names, passwords, and account codes, and that you store them in a secure place.

4. Check the SMDR logs for billing irregularities.

5. In the Trunk Attributes form ( ), assign all trunks with a Class of Restriction (COR) that prohibits external calls.

6. In the Station Attributes form ( ), assign all voice mail ports, auto attendants, and RADs with a COR that prohibits external calls.

7. If the system requires DISA trunks ensure that you use forced account codes. Change all account codes that are known by any user who leaves the company. See the Independent Account Codes form ( ). If the system does not require DISA trunks, ensure that DISA trunks are not programmed in the System Access Points form. 

8. If DISA is required, set the "DISA failed attempts before lock-out" parameter and the "DISA number lock-out" parameter in the System Options form.

9. To ensure that users cannot forward an incoming call to a route that provides central office dial tone, set Call Forward External to NO in the Class of Service Options form ( ) for the set.

 

• Maintaining Security

• Media Signaling Security

• Voice Streaming Security