Security

Overview of Security

This topic describes ways to use system administration tools to minimize the possibility of telecommunications toll fraud on your system. It offers safeguards that make it harder for an unauthorized user to penetrate the INTUITY AUDIX system.

What Is Toll Fraud?

Toll fraud is the unauthorized use of a company's telecommunications service. It occurs when people misdirect their own telecommunications charges to another person or business.

 

For INTUITY AUDIX systems, toll fraud consists of using the system and INTUITY AUDIX to complete a toll call through a networked switch.

 

Note: Much of the information in this section is from the Avaya Products Security Handbook. See this handbook for complete information on securing your voice mail system from possible toll fraud.

How Toll Fraud Occurs

There are several ways that unauthorized users might attempt to breach your system, including:

• Unauthorized system use

An intruder accesses your system and creates a mailbox or uses AUDIX functionality.

• Unauthorized mailbox use

An intruder discovers how to access a particular mailbox, perhaps by:

• Finding the password on a subscriber's desk or in a wallet
• Trying all the common variations of passwords
• Buying the password from a computer hacker who breached the Linux interface and logged in as an administrator
• Unauthorized use of outcalling or AMIS analog networking call delivery

An intruder uses your system to send an AMIS message or a fax to a distant number.

• Fraudulent call transfer

An intruder makes use of the transfer to extension (*T) feature by transferring to the first few digits of a trunk access code.

Unauthorized System Use

To minimize the risk of unauthorized system use, follow the guidelines for your voice mail (vm), AUDIX system administration (sa), and trusted server passwords, including the Password Aging feature. Provide additional protection for your system with Avaya's Access Security Gateway (ASG) option.

Administration Passwords

The following aspects of password management affect the security of your system:

• Default administrator password
• Password standards
• Password aging

Default Administrator Password

When your system is installed, both the sa and vm logins come with a default password. You are required to change this password immediately. Use the procedures in Changing Passwords to make this change.

Password Standards

Passwords must comply with certain minimum standards. These standards are described in Guidelines for Passwords.

Password Aging

Password aging ensures that administration passwords are changed at reasonable intervals by causing passwords to expire after a set period of time. Use password aging for administrative logins to reduce the danger of unauthorized system access.

 

You can change password aging by starting at the S8300 SAT Command Line Interface and entering change password <login_name>. The items and their operation are described in Changing a System Password or Password Aging.

Access Security Gateway

The Access Security Gateway (ASG) feature is an optional authentication interface that you can use to secure the vm and sa logins on the S8300 server. Whenever a dial-up port user begins a session on the system for purposes of administration or maintenance, the user must enter a valid login ID. If the ASG interface is activated, the system issues a numerical challenge. In order for the user to access the S8300 and INTUITY AUDIX administration and maintenance features, the user must enter the correct numerical response. By activating the ASG feature, you can reduce the possibility of unauthorized remote access to the system.

You administer ASG parameters to specify whether access to the system requires ASG authentication. See the S8300 documentation for appropriate administration and login procedures.
 

Note: For more information on using the ASG Key, see the Access Security Gateway Key User's Guide, 585-212-012.

Trusted Server Security

A trusted server is a computer or a software application in a domain outside of INTUITY AUDIX. A trusted server uses its own login and password to launch an Avaya INTUITY Messaging Applications Programming Interface (IMAPI) LAN session and access AUDIX mailboxes.

Trusted servers can access and manipulate an AUDIX message just as the AUDIX application can do. See Overview of Activating Internet Messaging (Email) for in-depth discussions and definitions of trusted servers, domains, and integration of email and other trusted server software with AUDIX.

Passwords for Trusted Servers

The trusted server can do everything to a user mailbox that an AUDIX user can do. You must administer a password that the trusted server application uses to request a connection to the AUDIX server.

The two trusted server screens are Trusted-Server Profile and IMAPI-Password. See Activating Internet Messaging (Email) for trusted server and IMAPI administration information.

To prevent unauthorized access through IMAPI into your system from an external source such as a trusted server, you must administer an IMAPI password that the trusted server uses to connect to AUDIX. The IMAPI password is another layer of security. It prevents an unauthorized source from starting an IMAPI session.

It is recommended that you change IMAPI passwords on a regular basis, for example, monthly. If you set your administrator's password to age automatically, the system prompts you to change your password. You can also use this prompt to remind you to change the IMAPI password.

Virus Detection

INTUITY AUDIX allows the transmission between domains of two message components, text (email) and binary (software) file attachments. When used with an AUDIX system, Message Manager also supports these message components. These components introduce the possibility of a computer virus being embedded in a file attachment. While the AUDIX machine cannot be infected with viruses embedded in these software files, client machines may become infected when a subscriber opens or launches an infected binary file.

AUDIX does not perform any virus detection. Your company must carefully evaluate the security risks of file attachments and make provisions for virus detection software on personal computers that run an email application or Message Manager. Your PC/LAN administrator probably has experience in detecting and preventing the transmission of software viruses. Your PC/LAN administrator might also know the minimum requirements that the AUDIX server and email server must meet to be allowed on the company network at all.

At a minimum, you need to advise your subscribers that file attachments are to be detached (not launched) and scanned for viruses before use.

Unauthorized Use of Mailboxes

One type of voice mail fraud occurs when an unauthorized user obtains the mailbox password and changes both it and the greeting. The unauthorized user then uses the mailbox for nonbusiness purposes. This use can be expensive if access is gained to the voice mail system through a 1-800 or 1-888 number.

Mailbox Administration

When you administer the system and subscribers' mailboxes, perform the following tasks to prevent unauthorized use:

• To block break-in attempts, administer your system so that the allowed number of consecutive unsuccessful attempts to log in to a mailbox is low. Administer this number on the System-Parameters Features screen.
• Deactivate unassigned mailboxes. When an employee leaves the company, remove the subscriber profile and, if necessary, reassign the mailbox.
• Do not create mailboxes before they are needed.
• Require passwords to be long. The minimum required length is at least one digit greater than the number of digits in subscribers' extension numbers. Subscribers can have passwords of up to 15 digits for maximum security.
• Force subscribers to change the default password the first time they log in to the AUDIX system. Changing the default password ensures that only the subscriber has access to his or her mailbox, not someone else who enters a subscriber's extension number and then enters #. To ensure that new subscribers change their passwords immediately, administer the default password to be fewer digits than the minimum password length.
• Administer password aging on the System Parameters Features screen. Password aging requires subscribers to change their password at a predefined interval. Password aging enhances overall system security and helps protect against toll fraud by making the INTUITY AUDIX system less vulnerable to break-ins.

Subscriber Password Security

To minimize the risk of unauthorized access to AUDIX mailboxes, ensure that your subscribers follow these guidelines for AUDIX passwords:

• Never have a personal greeting state that the called extension will accept collect calls or third-party billed calls. If people at your company have this kind of greeting, require that they change the greeting immediately.
• Never use obvious or trivial passwords, such as a room number, employee identification number, social security number, or easily guessed numeric combinations.
   

  Note: The current release of INTUITY AUDIX does not allow passwords that consist of sequential numbers such as 12345, repeated numbers such as 33333, and the subscriber's extension number.

• Discourage the practice of writing down passwords, storing them, or sharing them with others. If a subscriber insists on writing down a password, advise the subscriber to keep the password in a secure place and never discard it while it is active.
• Never program passwords onto telephone auto dial buttons.
• If a subscriber receives any suspicious AUDIX messages or tells you that her or his personal greeting was changed, or if for any other reason you suspect that your AUDIX system is being used by someone else, contact Avaya Corporate Computer and Network Security, which is described in Avaya Toll Fraud Crisis Intervention.

Unauthorized Use of Outcalling/AMIS Analog Networking Call Delivery

This section discusses how to minimize the risk that someone who is already in your system will make unauthorized calls. In this case, the unauthorized use could be by an employee or by someone who has breached your system security and gained access to the system.

Improving Outcalling Security

When the outcalling feature is enabled, the system notifies subscribers of new messages. Subscribers often want the system to contact a long distance or call pager number where they can receive this notification. Four options exist to minimize toll fraud related to outcalling:

• The AUDIX voice ports can be assigned to a toll-restricted Class of Restriction (COR) that allows calling only within a local area.
• The outcalling numbers can be entered into an unrestricted calling list for either Automatic Route Selection (ARS) or Toll Analysis.
• Outcalling numbers can be limited to 7 digits or 10 digits. To limit the number of digits that can be dialed for outcalling, change the System Parameters Outcalling form. Note that if outcalling to a pager is allowed, additional digits can be required.
• Outcalling can be turned on only for selected subscribers by setting up or changing a Class of Service for the selected subscribers and then assigning the Class of Service to individual subscribers on the Subscriber screen.

Restrict Outward Dialing Using S8300 Provisions

The measures that you can take to minimize the security risk of outcalling depend on how outcalling is used. When outcalling is enabled only to alert on-premises subscribers who do not have AUDIX message waiting indicators (MWIs) on their telephones, you can assign an outward-restricted Class of Restrictions (COR) to the AUDIX voice ports:

 

• Use the change cor command to display the Class of Restriction screen and then create an outward-restricted COR by entering outward in the Calling Party Restriction field.
• Assign the outward-restricted COR to the voice ports.

Analog Networking Call Delivery

To minimize the security risk of AMIS analog networking, including the Message Delivery service, restrict the number ranges that can be used to address messages. Be sure to assign all the appropriate PBX outgoing call restrictions on the AUDIX voice ports.

Fraudulent Transfers

Once users transfer to dial tone, they can dial a trunk access code (TAC), feature access code (FAC), or extension number. If the system is not properly secured, thieves can make fraudulent long distance calls or request a company employee to transfer them to a long distance number.

Fraudulent transfers can be minimized by administering features and options in AUDIX and on the S8300.

Administering INTUITY AUDIX to Prevent Fraudulent Transfers

To minimize the risk of fraudulent transfers, you can administer the AUDIX system in any of the following ways:

Enhanced Call Transfer

With Enhanced Call Transfer, the AUDIX system uses a digital control link message to initiate the transfer, and the S8300 verifies that the requested destination is a valid station in the dial plan. With Enhanced Call Transfer, when AUDIX callers press * 8 followed by digits (or * 2 for name addressing) and *, the system does the following:

1. The AUDIX system verifies that the entered digits contain the same number of digits as the number of digits that are administered on the AUDIX system for extension lengths.

If you restrict call transfers so that calls can be transferred only to administered subscribers, the AUDIX system also verifies that the digits entered match the extension number for an administered subscriber.
 

Note: When callers request a name addressing transfer, the name must match the name of an AUDIX subscriber (either local or remote) whose extension number is in the dial plan.

2. If Step 1 is successful, the AUDIX system sends a transfer control message that contains the digits to the S8300.

If Step 1 is unsuccessful, the AUDIX system plays an error message and asks the caller to try again.

3. The S8300 verifies that the entered digits match a valid extension in the dial plan.
4. If Step 3 is successful, the S8300 completes the transfer, disconnects the AUDIX voice port, and sends a "successful transfer" control link message to the AUDIX system.

If Step 3 is unsuccessful, the S8300 leaves the AUDIX voice port connected to the call and sends a "fail" control link message to the AUDIX system. Then the AUDIX system plays an error message and asks the caller to try again.

Controlled Transfer Out of AUDIX

Most unauthorized long distance call attempts occur as a caller tries to transfer out of the AUDIX system.

You can control call transfers out of AUDIX by administering the system to limit the numbers to which a caller can transfer.

Allowed Numbers Menu

To transfer out of the INTUITY AUDIX system, the user presses * T, the digits of the extension to which she or he wants to transfer, and #. If the pattern of the number dialed corresponds to a pattern that you have permitted on the Allowed Numbers menu, the INTUITY AUDIX system initiates the transfer. The S8300 then verifies that it is allowed to transfer to the requested destination.

Before you enable a transfer out of the AUDIX system, you need to restrict such transfers as described under Controlling Call Transfers. Within this menu system, you can specify extensions to which a caller can transfer.

Denied Numbers Menu

Callers cannot transfer to extensions that are expressly denied on the Denied Numbers menu. You can, for example, prohibit call transfer to extensions beginning with "9" if dialing this number results in access to an outside line.

If a caller enters an extension that is an allowed transfer, the S8300 completes the transfer, disconnects the INTUITY AUDIX system, and sends a "disconnect — successful transfer" message to the system. If the number is not an allowed transfer, the S8300 leaves the system connected to the caller and sends a "fail" message to the INTUITY AUDIX system. Then the system plays an error message requesting further activity.

Transfer Restrictions

If Call Transfer is activated on the System-Parameters Features screen, you have administered your system to allow * T transfers. You can minimize the risk of toll fraud attempts that use * T transfers by taking one or both of the following precautions:

• Setting the Transfer Restriction field on the System-Parameters Features screen to subscribers.
• Administering allowed and denied numbers as described under Controlling Call Transfers. In this case, if the pattern of the number dialed corresponds to a pattern that you have permitted on the Transfer Security menu system, and if that number is a valid extension number for an administered subscriber (either local or remote), transfer is permitted.

The Transfer Restriction field also can be set to digits. In this case, the destination telephone number must correspond to a pattern you have permitted and administered in the Transfer Security menu system. It must also have the same number of digits as extension numbers (that is, mailbox identifiers) within the INTUITY AUDIX system. Since this option does not minimize toll fraud, it is administered only by Avaya and only as a special service to customers who want the digits option.

Setting the Transfer Restriction field to subscribers is the more secure of the two options. It virtually eliminates the fraudulent use of call transfer since the INTUITY AUDIX system can verify that the specified destination is an administered number. If digits are specified, on the other hand, the caller might find a way to access the S8300 and to use S8300 features and functions to complete fraudulent long distance calls.

If you want to assign nonresident subscribers (that is, users with a mailbox but no telephone on the S8300) to extension numbers that start with the same digit or digits as S8300 trunk access codes (such as 9), you must carefully administer the restrictions by using the Transfer Restrictions menu.

Automated Attendant Security

Automated attendants are used by many companies to augment or replace a switchboard operator. When an automated attendant answers, the caller is generally given several options. A typical greeting is: "Hello, you've reached XYZ Bank. Please press 1 for Auto Loans, 2 for Home Mortgages. If you know the number of the person you are calling, please enter that number now."

If the system is not properly configured, the automated attendant passes the call back to the PBX. The PBX reacts to the digit 9 as a request for a dial tone. The digits 180 become the first numbers of a 1809 call to the Dominican Republic. The 011 string is treated as the first digits of an international call. The hacker then enters the remaining digits of the telephone number and the call is completed. This scenario works the same way with a voice mail system.

Before you set up an automated attendant, restrict transfer out of the AUDIX system as described in Controlling Call Transfers.

Administering the S8300 to Prevent Fraudulent Transfers

To minimize the risk of unauthorized persons using the voice messaging or automated attendant systems to make toll calls, administer the voice ports on your S8300 in any of the following ways.

Assign a Low Facilities Restriction Level (FRL)

The S8300 treats all the PBX ports used by voice mail systems as stations. Therefore, each voice mail port can be assigned a COR or COS with a facilities restriction level (FRL) associated with the COR or COS. FRLs provide eight different levels of restrictions for automatic alternate routing (AAR), automatic route selection (ARS), or world class routing (WCR) calls. They are used in combination with calling permissions and routing patterns and/or preferences to determine where calls can be made. FRLs range from 0 to 7, with each number representing a different level of restriction (or no restrictions at all).

The FRL is used for the AAR, ARS, or WCR feature to determine call access to an outgoing trunk group. Outgoing call routing is determined by a comparison of the FRLs in the AAR or ARS routing pattern to the FRL associated with the COR or COS of the call originator.

The higher the FRL number, the greater the calling privileges. For example, when voice mail ports are assigned to a COR with an FRL of 0, outside calls are disallowed. If that is too restrictive, the voice mail ports can be assigned to a COR with an FRL that is higher, yet low enough to limit calls to the calling area needed.

Note: Voice messaging ports that are outward restricted through COR cannot use AAR or ARS trunks. Therefore, the FRL level does not matter since FRLs are not checked.

FRLs can be assigned to offer a range of calling areas. Choose the one that provides the most restricted calling area that is required. The following table provides suggested FRL values.
 

Table: Suggested Values for FRLs

FRL1	Suggested Value
0	Permit no outgoing (offswitch) calls.
1	Allow local calls only. Deny 0+ and 1800 calls.
2	Allow local calls, 0+, and 1800 calls.
3	Allow local calls plus calls on FX and WATS trunks.
4	Allow calls within the home NPA.
5	Allow calls to certain destinations within the continental United States of America.
6	Allow calls throughout the continental United States of America.
7	Allow international calling. Assign attendant console FRL 7. Note, however, that if Extension Number Portability is used, the originating endpoint is assigned FRL 7.

1 FRLs 1 through 7 include the capabilities of the lower FRLs. For example, FRL 3 allows private network trunk calls and local calls in addition to FX and WATS trunk calls.

To set FRLs:

1. Use change cor for the voice mail ports (versus subscribers) to display the Class of Restriction screen.
2. Enter the FRL number (0 through 7) in the FRL field. Assign the lowest FRL that meets the outcalling requirements. The route patterns for restricted calling areas must have a higher FRL assigned to the trunk groups.
3. Use change routepattern to display the Route Pattern screen.
4. Use a separate partition group for ARS on the outcalling ports and limit the numbers that can be called.
    

   Note: The Restricted Call List on the Toll Analysis Table can also be used to restrict calls to specified areas.

Restrict Toll Areas

A reverse strategy to preventing calls is to allow outbound calls only to certain numbers. You can specify the area code or telephone number of calls you allow.

1. Use change ars analysis to display the ARS Analysis screen.
2. Enter the area codes or telephone numbers that you want to allow and assign an available routing pattern to each of them.
3. Use change routing pattern to give the pattern preference an FRL that is equal to or lower than the FRL of the voice mail ports.
    

   Note: The Unrestricted Call List (UCL) on the Toll Analysis Table can be used to allow calls to specified numbers through ARS and AAR. The COR for the voice mail ports must show "alltoll" restriction and access to at least one UCL.

Create Restricted Number Lists

The Toll Analysis screen allows you to specify the toll calls that you want to assign to a restricted call list (for example, 900 numbers) or to an unrestricted call list (for example, an outcalling number to a call pager). Call lists can be specified for CO, FX, WATS, TAC, and ARS calls, but not for tie TAC or AAR calls.

Detecting Voice Mail Fraud

The following table shows the monitoring techniques you can use to help determine if your voice mail system is being used for fraudulent purposes.
 

Table: Monitoring Techniques �

Monitoring Technique
Call Detail Recording (or SMDR)
Traffic Measurements and Performance
Automatic Circuit Assurance
Busy Verification
Call Traffic Report
Trunk Group Report
AUDIX Traffic Reports

Call Detail Recording

With Call Detail Recording (CDR) activated for the incoming trunk groups, you can find out details about the calls made into your voice mail ports.

Review CDR reports for the following indications of possible voice messaging abuse:

• Short holding times on any trunk group where voice messaging is the originating endpoint or terminating endpoint
• Calls to international locations not normally used by your business
• Calls to suspicious destinations
• Numerous calls to the same number
• Undefined account codes

1. Use change system-parameters features to display the Features-Related System Parameters screen.
2. Administer the appropriate format to collect the most information. The format depends on the capabilities of your CDR analyzing and recording device.
3. Use change trunkgroup to display the Trunk Group screen.
4. Enter y in the SMDR/CDR Reports field.

Call Traffic Report

This report provides hourly port usage data and counts the number of calls originated by each port. By tracking normal traffic patterns, you can respond quickly if an unusually high volume of calls appears. Such a high volume might indicate unauthorized use, especially if it occurs after business hours or during weekends.

Traffic data reports are maintained for the last hour and the peak hour.

Trunk Group Report

This report tracks call traffic on trunk groups at hourly intervals. Since trunk traffic is fairly predictable, you can easily establish over time what is normal usage for each trunk group. Use this report to watch for abnormal traffic patterns, such as unusually high offhour loading.

SAT Reporting

Traffic reporting capabilities are built in to and are obtained through the System Administrator Tool (SAT). These programs track and record the usage of hardware and software features. The measurements include peg counts (that is, the number of times that ports are accessed) and call duration. Traffic measurements are maintained constantly and are available on demand. However, reports are not archived and should therefore be printed if you want to monitor a history of traffic patterns.

 

1. To record traffic measurements:
   1. Enter change trunkgroup to display the Trunk Group screen.
   2. In the Measured field, enter both if you have a Basic Call Management System (BCMS) and a Call Management System (CMS), internal if you have only BCMS, or external if you have only CMS.
2. To review the traffic measurements:
   1. Enter list measurements followed by a measurement type (trunkgroups, callrate, callsummary, or outagetrunk) and timeframe (yesterdaypeak, todaypeak, or arrestor).
3. To review performance:
   1. Enter list performance followed by a performance type (summary or trunkgroup) and timeframe (yesterday or today).

ARS Measurement Selection

The ARS Measurement Selection can monitor up to 20 routing patterns (25 for G3) for traffic flow and usage.

 

1. Use change ars measselection to choose the routing patterns you want to track.
2. Use list measurements routepattern followed by the timeframe (yesterday, today, or lasthour) to review the measurements.

Automatic Circuit Assurance

This monitoring technique detects a number of calls with short holding times or a single call with a long holding time. Such calls could indicate hacker activity. Long holding times on trunk-to-trunk calls can be a warning sign. The Automatic Circuit Assurance (ACA) feature allows you to set time limit thresholds that define what is considered a short holding time and a long holding time. When a violation occurs, a designated station is visually notified.

When an alarm occurs, determine if the call is still active. If toll fraud is suspected (for example, if a long holding time alarm occurs on a trunk-to-trunk call), you might want to use the busy verification feature (see Busy Verification for more information) to monitor the call in progress.

 

1. Use change systemparameters features to display the Features-Related System Parameters screen.
2. Enter y in the Automatic Circuit Assurance (ACA) Enabled field.
3. Enter local, primary, or remote in the ACA Referral Calls field. If primary is selected, calls can be received from other switches. Remote applies if the PBX being administered is a DCS node, perhaps unattended, where ACA referral calls go to an extension or console at another DCS node.
4. Use change trunk group to display the Trunk Group screen.
5. Enter y in the ACA Assignment field.
6. Establish short and long holding times. The defaults are 10 seconds (short holding time) and one hour (long holding time).
7. To review, use list measurements aca.

Busy Verification

When toll fraud is suspected, you can interrupt the call on a specified trunk group and monitor the call in progress. Callers will hear a long tone to indicate the call is being monitored.

1. Use change station to display the Station screen for the station that will be assigned the Busy Verification button.
2. In the Feature Button Assignment field, enter verify.
3. To activate the feature, press the Verify button and then enter the trunk access code and member number to be monitored.

AUDIX Traffic Reports

The INTUITY AUDIX system tracks traffic data over various time periods. Reviewing these reports on a regular basis helps to establish traffic trends. If increased activity or unusual usage patterns occur, such as heavy call volume on ports assigned to outcalling, they can be investigated immediately. In addition, the AUDIX Administration and Data Acquisition Package (ADAP) uses a personal computer to provide extended storage and analysis capabilities for the traffic data. You can also use the AUDIX Administrator's Log and Activity Log to monitor usage and investigate possible break-in attempts. For more information on running and using reports, see Reports.

Avaya's Statement of Direction

The telecommunications industry is faced with a significant and growing problem of theft of customer services. To aid in combating these crimes, Avaya intends to strengthen relationships with its customers and its support of law enforcement officials in apprehending and successfully prosecuting those responsible.

No telecommunications system can be entirely free from risk of unauthorized use. However, diligent attention to system management and to security can reduce that risk considerably. Often, a trade-off is required between reduced risk and ease of use and flexibility. Customers who use and administer their systems make this trade-off decision. They know best how to tailor the system to meet their unique needs and are therefore in the best position to protect the system from unauthorized use. Because the customer has ultimate control over the configuration and use of Avaya services and products it purchases, the customer properly bears responsibility for fraudulent uses of those services and products.

To help customers use and manage their systems in light of the trade-off decisions they make and to ensure the greatest security possible, Avaya commits to the following:

• Avaya products and services will offer the widest range of options available in the industry to help customers secure their communications systems in ways consistent with their telecommunications needs.
• Avaya is committed to develop and offer services that, for a fee, reduce or eliminate customer liability for PBX toll fraud, provided that the customer implements prescribed security requirements in its telecommunications systems.
• Avaya's product and service literature, marketing information and contractual documents will address, wherever practical, the security features of our offerings and their limitations, and the responsibility our customers have for preventing fraudulent use of their Avaya products and services.
• Avaya sales and service people will be the best informed in the industry on how to help customers manage their systems securely. In their continuing contacts with customers, they will provide the latest information on how to do that most effectively.
• Avaya will train its sales, installation and maintenance, and technical support people to focus customers on known toll fraud risks; to describe mechanisms that reduce those risks; to discuss the trade-offs between enhanced security and diminished ease of use and flexibility; and to ensure that customers understand their role in the decision-making process and their corresponding financial responsibility for fraudulent use of their telecommunications system.
• Avaya will provide education programs for customers and Avaya employees to keep them apprised of emerging technologies, trends, and options in the area of telecommunications fraud.
• As new fraudulent schemes develop, Avaya will promptly initiate ways to impede those schemes, share our learning with our customers, and work with law enforcement officials to identify and prosecute fraudulent users whenever possible.

Avaya is committed to meeting and exceeding our customers' expectations, and to providing services and products that are easy to use and are of high value. This fundamental principle drives our renewed assault on the fraudulent use by third parties of our customers' communications services and products.

Avaya Security Offerings

Avaya has developed a variety of offerings to assist in maximizing the security of your system. These offerings include:

• Access Security Gateway (ASG) for S8300 Media Server.
• Security Audit Service of your installed systems.
• Fraud Intervention Service.
• Individualized Learning Program, a self-paced text that uses diagrams of system administration screens to help customers design security into their systems. The program also includes a videotape and the Avaya Products Security Handbook.
• A call accounting package that calls you when preset types and thresholds of calls are established (not available on S8300 Media Server).
• A remote port security device that makes it difficult for computer hackers to access the remote maintenance ports.
• Software that can identify the exact digits that have passed through the voice mail system.

For more information about these services, see the Avaya Products Security Handbook.

Avaya Toll Fraud Crisis Intervention

If you suspect that you are being victimized by toll fraud or theft of service and need technical support or assistance, call one of the following numbers immediately.
 

DEFINITY/S8300—Avaya GBCS Technical Service Center (TSC)	800-242-2121
Avaya Corporate Computer & Network Security	800-582-2267 908-559-6644
AUDIX Help Line	800-562-8349
BCS Technical Service Center Toll Fraud Intervention Hotline	800-643-2353

Note: These services are available 24 hours a day, 365 days a year. Consultation charges might apply.

Avaya Corporate Security

Whether or not immediate support is required, please report all toll fraud incidents perpetrated on Avaya services to Avaya Corporate Security. In addition to recording the incident, Avaya Corporate Security is available for consultation on product issues, investigation support, law enforcement, and education programs.

Top of page