Security

Overview of Security

This section describes ways to use system administration tools to minimize the possibility of telecommunications toll fraud on your system. It offers safeguards that make it harder for an unauthorized user to penetrate the Intuity AUDIX Release 5 system.

What Is Toll Fraud?

Toll fraud is the unauthorized use of a company's telecommunications service. It occurs when people misdirect their own telecommunications charges to another person or business.

For Avaya Intuity systems, toll fraud consists of using the system and Intuity AUDIX to complete a toll call through a networked switch.

 

Note: Much of the information in this section is from the BCS Product Security Handbook and the BCS Product Security Handbook Addendum. See these handbooks for complete information on securing your voice mail system from possible toll fraud.

How Toll Fraud Occurs

There are several ways that unauthorized users might attempt to breach your system, including:

• Unauthorized system use

An intruder accesses your system and creates a mailbox or uses AUDIX functionality.

• Unauthorized mailbox use

An intruder discovers how to access a particular mailbox, perhaps by:

• Finding the password on a subscriber's desk or in a wallet
• Trying all the common variations of passwords
• Buying the password from a computer hacker who breached the UNIX interface and logged in as an administrator
• Unauthorized use of outcalling or AMIS analog networking call delivery

An intruder uses your system to send an AMIS message or a fax to a distant number.

• Fraudulent call transfer

An intruder makes use of the transfer to extension (*T) feature by transferring to the first few digits of a trunk access code.

Unauthorized System Use

To minimize the risk of unauthorized system use, follow the guidelines for your voice mail (vm), AUDIX system administration (sa), and trusted server passwords, including the password aging feature. Provide additional protection for your system with Avaya's Access Security Gateway (ASG) option.

Administration Passwords

The following aspects of password management affect the security of your system:

• Default administrator password
• Password standards
• Password aging

Default Administrator Password

When your system is installed, both the sa and vm logins come with a default password. You are required to change this password immediately. Use the procedures in Changing Passwords to make this change.

Password Standards

Passwords must comply with certain minimum standards. These standards are described in Guidelines for Passwords.

Password Aging

Password aging ensures that administration passwords are changed at reasonable intervals by causing passwords to expire after a set period of time. Use password aging for administrative logins to reduce the danger of unauthorized system access.

When password aging is in place, people who would rather only remember one password are likely to change the password when required and then change back to the familiar password immediately. The Minimum Age Before Changes setting prevents a subscriber from immediately changing back to the previous password.

The following settings allow you to define the limits associated with password aging:

• Password Expiration
• Minimum Age Before Changes
• Expiration Warning

You can locate these items by selecting Customer/Services Administration from the Main Menu. The items and their operation are described in Setting Administrator Password Aging.

Access Security Gateway

The Access Security Gateway (ASG) feature is an optional authentication interface you can use to secure the vm and sa logins on the Intuity AUDIX server. Whenever a dial-up port user begins a session on the system for purposes of administration or maintenance, the user must enter a valid login ID. If the ASG interface is activated, the system issues a numerical challenge. In order for the user to access the Intuity AUDIX administration and maintenance features, the user must enter the correct numerical response. By activating the ASG feature, you can reduce the possibility of unauthorized remote access to the system.

You administer ASG parameters to specify whether access to the system requires ASG authentication. You can assign this protection to all system administration maintenance ports or to a subset of those ports. If the port or login being used is not protected by ASG, the user can enter the system with the standard Intuity login and password.

The following procedure describes how the ASG interface works:

1. At the beginning of a login session, the user is prompted to enter a login ID.
2. Upon receipt of the login ID, ASG generates a number based upon the system ASG secret key number and presents this 7-digit number as a challenge.
3. The user must have a hand-held device, called the ASG Key. The ASG Key must be set with an ASG secret key number that matches that of the user's ASG secret key number in the Intuity AUDIX system.
    
   

   Note: For more information on using the ASG Key, see the Access Security Gateway Key User's Guide, 585-212-012.

4. The user enters the PIN and challenge number into the ASG Key.
5. The ASG Key generates and displays a unique, 7-digit numerical response that corresponds to the challenge number.
6. The user enters the response number at the response: prompt.
7. If the response supplied by the user corresponds to the numerical response expected by the Intuity AUDIX system, the authentication is successful and the user is logged in to the system.
8. If the response does not correspond, the user is not authenticated and is denied access to the system. Also, the failed authentication attempt is recorded in the system history log.
    
   

   Note: The system administrator determines how many login attempts are permitted. If the user is not authenticated after that number of attempts, the system displays the message INVALID LOGIN and terminates the session.

To administer ASG on Intuity AUDIX, see Administering the Access Security Gateway (ASG).

Trusted Server Security

A trusted server is a computer or a software application in a domain outside of Intuity AUDIX. A trusted server uses its own login and password to launch a Avaya Intuity Messaging Applications Programming Interface (IMAPI) LAN session and access AUDIX mailboxes. An example of a trusted server is Enhanced List Application (ELA) software running as a server on the Avaya Intuity AUDIX.

Trusted servers can access and manipulate an AUDIX message just as the AUDIX application can do. See Overview of Activating Internet Messaging (Email) for in-depth discussions and definitions of trusted servers, domains, and integration of email and other trusted server software with AUDIX.

Passwords for Trusted Servers

The trusted server can do everything to a user mailbox that an AUDIX user can do. You must administer a password that the trusted server application uses to request a connection to the AUDIX server.

The two trusted server screens are Trusted-Server Profile and IMAPI-Password. See Overview of Activating Internet Messaging (Email) or Overview of Enhanced List Application (ELA) for trusted server and IMAPI administration information.

To prevent unauthorized access through IMAPI into your system from an external source such as a trusted server, you must administer an IMAPI password that the trusted server uses to connect to AUDIX. The IMAPI password is another layer of security. It prevents an unauthorized source from starting an IMAPI session.

We recommend that you change IMAPI passwords on a regular basis, for example, monthly. If you set your administrator's password to age automatically, the system prompts you to change your password. You can also use this prompt to remind you to change the IMAPI password.

Virus Detection

Intuity AUDIX Release 5 allows the transmission between domains of two message components, text (email) and binary (software) file attachments. When used with an AUDIX system, Message Manager also supports these message components. These components introduce the possibility of a computer virus being embedded in a file attachment. While the AUDIX machine cannot be infected with viruses embedded in these software files, client machines may become infected when a subscriber opens or launches an infected binary file.

AUDIX does not perform any virus detection. Your company should carefully evaluate the security risks of file attachments and make provisions for virus detection software on personal computers running an email application or Message Manager. Your PC/LAN administrator probably has experience in detecting and preventing the transmission of software viruses. Your PC/LAN administrator may also know the minimum requirements that the AUDIX server and email server must meet to be allowed on the company network at all.

At a minimum, you should advise your subscribers that file attachments should be detached (not launched) and scanned for viruses before use.

Unauthorized Use of Mailboxes

One type of voice mail fraud occurs when an unauthorized user obtains the mailbox password and changes both it and the greeting. The unauthorized user then uses the mailbox for nonbusiness purposes. This can be expensive if access is gained to the voice mail system via a 1-800 or 1-888 number.

Mailbox Administration

When you administer the system and subscribers' mailboxes, do the following things to prevent unauthorized use:

• To block break-in attempts, administer your system so that the allowed number of consecutive unsuccessful attempts to log in to a mailbox is low. Administer this on the System-Parameters Features screen.
• Deactivate unassigned mailboxes. When an employee leaves the company, remove the subscriber profile and, if necessary, reassign the mailbox.
• Do not create mailboxes before they are needed.
• Require passwords to be long. The minimum required length should be at least one digit greater than the number of digits in subscribers' extension numbers. Subscribers can have passwords up to 15 digits for maximum security.
• Force subscribers to change the default password the first time they log in to the AUDIX system. This ensures that only the subscriber has access to his or her mailbox, not someone else who enters a subscriber's extension number, then enters . To ensure that new subscribers change their passwords immediately, administer the default password to be fewer digits than the minimum password length.
• Administer password aging on the System Parameters Features screen. Password aging requires subscribers to change their password at a predefined interval. Password aging enhances overall system security and helps protect against toll fraud by making the Intuity AUDIX system less vulnerable to break-ins.

Subscriber Password Security

To minimize the risk of unauthorized access to AUDIX mailboxes, ensure that your subscribers follow these guidelines for AUDIX passwords:

• Never have a personal greeting state that the called extension will accept collect calls or third-party billed calls. If someone at your company has a greeting like this, require that they change the greeting immediately.
• Never use obvious or trivial passwords, such as a room number, employee identification number, social security number, or easily guessed numeric combinations.
   
  

  Note: AUDIX Release 4 and later does not allow passwords that consist of sequential numbers such as 12345, repeated numbers such as 33333, and the subscriber's extension number.

• Discourage the practice of writing down passwords, storing them, or sharing them with others. If a subscriber insists on writing down a password, advise the subscriber to keep the password in a secure place and never discard it while it is active.
• Never program passwords onto auto dial buttons.
• If a subscriber receives any suspicious AUDIX messages, or tells you that her or his personal greeting was changed, or if for any other reason you suspect that your AUDIX system is being used by someone else, contact Avaya Corporate Computer and Network Security which is described in Avaya Toll Fraud Crisis Intervention.

Unauthorized Use of Outcalling/AMIS Analog Networking Call Delivery

This section discusses how to minimize the risk of someone who is already in your system from making unauthorized calls. In this case, the unauthorized usage could be from an employee, or from someone who has breached your system security and gained access.

Improving Outcalling Security

When the outcalling feature is enabled, the system notifies subscribers of new messages. Subscribers often want the system to contact a long distance or call pager number where they can receive this notification. Four options exist to minimize toll fraud related to outcalling:

• The AUDIX voice ports can be assigned to a tollrestricted Class of Restriction (COR) that allows calling only within a local area.
• The outcalling numbers can be entered into an unrestricted calling list for either Automatic Route Selection (ARS) or Toll Analysis.
• Outcalling numbers can be limited to 7 digits or 10 digits. To limit the number of digits that can be dialed for outcalling, change the System Parameters Outcalling form. Note that if outcalling to a pager is allowed, additional digits may be required.
• Outcallling can be turned on only for selected subscribers. You can do this by setting up or changing a Class of Service for the selected subscribers, and then assigning the Class of Service to individual subscribers on the Subscriber screen.

Restrict Outward Dialing Using Switch Provisions

The measures you can take to minimize the security risk of outcalling depend on how it is used. When outcalling is enabled only to alert onpremises subscribers who do not have AUDIX message waiting indicators (MWIs) on their telephones, you can assign an outwardrestricted Class of Restrictions (COR) to the AUDIX voice ports.

For G1, G3, and System 75:

• Use the change cor command to display the Class of Restriction screen, and then create an outward-restricted COR by entering outward in the Calling Party Restriction field.
• Assign the outward-restricted COR to the voice ports.

For G2 and System 85:

• Use P010 W3 F19 to assign outward restriction to the Class of Service (COS) of the voice mail ports.

For MERLIN LEGEND:

A voice port with outward restriction cannot make any outside calls unless an allowed number list is used for specific area codes and/or exchanges that can be called. Outward restriction prevents or limits outcalling, AMIS networking, and fax call delivery.

Analog Networking Call Delivery

To minimize the security risk of AMIS analog networking, including the Message Delivery service and FAX call delivery, restrict the number ranges that can be used to address messages. Be sure to assign all the appropriate PBX outgoing call restrictions on the AUDIX voice ports. If your switch is a MERLIN LEGEND, also use an allowed number list.

Fax Call Delivery

There are no fax-specific security issues. However, since FAX Messaging requires that AMIS analog networking be turned on, be sure that outgoing AUDIX voice ports have the appropriate PBX calling restrictions. See Administering the Switch to Prevent Fraudulent Transfers and Administering Intuity AUDIX to Prevent Fraudulent Transfers for more information about calling restrictions.

Fraudulent Transfers

Once users transfer to dial tone, they may dial a trunk access code (TAC), feature access code (FAC), or extension number. If the system is not properly secured, thieves can make fraudulent long distance calls or request a company employee to transfer them to a long distance number.

Fraudulent transfers can be minimized by administering features and options in AUDIX and on the switch.

Administering Intuity AUDIX to Prevent Fraudulent Transfers

To minimize the risk of fraudulent transfers, you can administer the AUDIX system in any of the following ways.

Basic Call Transfer

Basic Call Transfer applies to 5ESS, DMS-100, MERLIN LEGEND, DEFINITLY Prologix and Non-Avaya Switches. With Basic Call Transfer, after an AUDIX caller enters * 8, the AUDIX system does the following:

1. The AUDIX system verifies that the digits entered contain the same number of digits as the number of digits that are administered on the AUDIX system for extension lengths.

If you restrict call transfers so that calls can only be transferred to administered subscribers, the AUDIX system also verifies that the digits entered match the extension number for an administered subscriber.

2. If Step 1 is successful, the AUDIX system performs a switch hook flash, putting the caller on hold.

If Step 1 is unsuccessful, the AUDIX system plays an error message and asks the caller to try again.

3. The AUDIX system sends the digits to the switch.
4. The AUDIX system completes the transfer.

With Basic Call Transfer, a caller can dial any number, provided that the number of digits matches the length of a valid extension. So, if an unauthorized caller dials an access code followed by the first digits of a long distance telephone number, such as 9 1 8 0 9 , the AUDIX system passes the numbers on to the switch. (This example shows a 5-digit plan.) The switch interprets the first digit (9) as an access code, and the following digits as the prefix digit and area code. After a brief pause, the caller enters the remaining digits of the telephone number and completes the fraudulent call.

If you restrict call transfers so that calls can only be transferred to administered subscribers, a caller cannot initiate a transfer to an off-premises destination unless the digits entered match an administered subscriber's mailbox identifier (for example, 91809). To ensure the integrity of the "subscriber" restriction, do not administer mailboxes that start with the same digit or digits as a valid switch trunk access code.

Enhanced Call Transfer

Enhanced Call Transfer applies to System 75, System 85, G1, G2, G3. With Enhanced Call Transfer, the AUDIX system uses a digital control link message to initiate the transfer and the switch verifies that the requested destination is a valid station in the dial plan. With Enhanced Call Transfer, when AUDIX callers press * 8 followed by digits (or * 2 for name addressing) and *, the system performs the following:

1. The AUDIX system verifies that the digits entered contain the same number of digits as the number of digits that are administered on the AUDIX system for extension lengths.

If you restrict call transfers so that calls can only be transferred to administered subscribers, the AUDIX system also verifies that the digits entered match the extension number for an administered subscriber.
 


Note: When callers request a name addressing transfer, the name must match the name of an AUDIX subscriber (either local or remote) whose extension number is in the dial plan.

2. If Step 1 is successful, the AUDIX system sends a transfer control link message containing the digits to the switch.

If Step 1 is unsuccessful, the AUDIX system plays an error message and asks the caller to try again.

3. The switch verifies that the digits entered match a valid extension in the dial plan.
4. If Step 3 is successful, the switch completes the transfer, disconnects the AUDIX voice port, and sends a "successful transfer" control link message to the AUDIX system.

If Step 3 is unsuccessful, the switch leaves the AUDIX voice port connected to the call, sends a "fail" control link message to the AUDIX system, and then the AUDIX system plays an error message and asks the caller to try again.

Controlled Transfer Out of AUDIX

Most unauthorized long distance call attempts occur as a caller attempts to transfer out of the AUDIX system.

You can control call transfers out of AUDIX by administering the system to limit the numbers to which a caller can transfer.

Allowed Numbers Menu

To transfer out of the Intuity AUDIX system, the user presses * T, the digits of the extension to which she or he wants to transfer, and #. If the pattern of the number dialed corresponds to a pattern you have permitted on the Allowed Numbers menu, the Intuity AUDIX system initiates the transfer. The switch then verifies that it is allowed to transfer to the requested destination.

Before you enable transfer out of the AUDIX system, you should restrict such transfers as described under Controlling Call Transfers. Within this menu system, you can specify extensions to which a caller can transfer.

Denied Numbers Menu

Callers cannot transfer to extensions that are expressly denied on the Denied Numbers menu. You can, for example, prohibit call transfer to extensions beginning with "9" if this number causes access to an outside line.

If a caller enters an extension that is an allowed transfer, the switch completes the transfer, disconnects the Intuity AUDIX system, and sends a "disconnect — successful transfer" message to the system. If the number is not an allowed transfer, the switch leaves the system connected to the caller and sends a "fail" message to the Intuity AUDIX system. Then the system plays an error message requesting further activity.

Transfer Restrictions

If Call Transfer is activated on the System-Parameters Features screen, you have administered your system to allow * T transfers. You can minimize the risk of toll fraud attempts using * T transfers by taking one or both of the following precautions:

• Setting the Transfer Restriction field on the System-Parameters Features screen to subscribers
• Administering allowed and denied numbers as described under Controlling Call Transfers. In this case, if the pattern of the number dialed corresponds to a pattern you have permitted on the Transfer Security menu system, and if that number is a valid extension number for an administered subscriber (either local or remote), transfer is permitted.

The Transfer Restriction field also can be set to digits. In this case, the destination telephone number must correspond to a pattern you have permitted and administered in the Transfer Security menu system. It must also have the same number of digits as extension numbers (that is, mailbox identifiers) within the Intuity AUDIX system. Since this option does not minimize toll fraud, it is administered only by Avaya and only as a special service to customers who want the digits option.

Setting the Transfer Restriction field to subscribers is the more secure of the two options. It virtually eliminates the fraudulent use of call transfer since the Intuity AUDIX system can verify that the specified destination is an administered number. If digits are specified, on the other hand, the caller might find a way to access the switch and to use switch features and functions to complete fraudulent long distance calls.

 

If you want to assign nonresident subscribers (that is, users with a mailbox but no telephone on the switch) to extension numbers that start with the same digit or digits as switch trunk access codes (such as 9), you should carefully administer the restrictions using the Transfer Restrictions menu.

Automated Attendant Security

Automated attendants are used by many companies to augment or replace a switchboard operator. When an automated attendant answers, the caller is generally given several options. A typical greeting is: "Hello, you've reached XYZ Bank. Please press1 for Auto Loans, 2 for Home Mortgages. If you know the number of the person you are calling, please enter that number now."

If the system is not properly configured, the automated attendant passes the call back to the PBX. The PBX reacts to the digit 9 as a request for a dial tone. The digits 180 become the first numbers of a 1809 call to the Dominican Republic. The 011 string is treated as the first digits of an international call. The hacker then enters the remaining digits of the telephone number and the call is completed. This scenario works the same way with a voice mail system.

Before you set up an automated attendant, restrict transfer out of the AUDIX system as described under Controlling Call Transfers.

Administering the Switch to Prevent Fraudulent Transfers

To minimize the risk of unauthorized persons using the voice messaging or automated attendant systems to make toll calls, administer the voice ports on your switch in any of the following ways.

Assign a Low Facilities Restriction Level (FRL)

The switch treats all the PBX ports used by voice mail systems as stations. Therefore, each voice mail port can be assigned a COR or COS with a facilities restriction level (FRL) associated with the COR or COS. FRLs provide eight different levels of restrictions for automatic alternate routing (AAR), automatic route selection (ARS), or world class routing (WCR) calls. They are used in combination with calling permissions and routing patterns and/or preferences to determine where calls can be made. FRLs range from 0 to 7, with each number representing a different level of restriction (or no restrictions at all).

The FRL is used for the AAR, ARS, or WCR feature to determine call access to an outgoing trunk group. Outgoing call routing is determined by a comparison of the FRLs in the AAR, ARS, or WCR routing pattern to the FRL associated with the COR or COS of the call originator.

The higher the FRL number, the greater the calling privileges. For example, when voice mail ports are assigned to a COR with an FRL of 0, outside calls are disallowed. If that is too restrictive, the voice mail ports can be assigned to a COR with an FRL that is higher, yet low enough to limit calls to the calling area needed.

 

Note: Voice messaging ports that are outward restricted via COR cannot use AAR, ARS, or WCR trunks. Therefore, the FRL level does not matter since FRLs are not checked.

FRLs can be assigned to offer a range of calling areas. Choose the one that provides the most restricted calling area that is required. The following table provides suggested FRL values.
 

Table: Suggested Values for FRLs

FRL1	Suggested Value
0	Permit no outgoing (offswitch) calls.
1	Allow local calls only; deny 0+ and 1800 calls.
2	Allow local calls, 0+, and 1800 calls.
3	Allow local calls plus calls on FX and WATS trunks.
4	Allow calls within the home NPA.
5	Allow calls to certain destinations within the continental United States of America.
6	Allow calls throughout the continental United States of America.
7	Allow international calling. Assign attendant console FRL 7. Note, however, that if Extension Number Portability is used, the originating endpoint is assigned FRL 7.

1 FRLs 1 through 7 include the capabilities of the lower FRLs. For example, FRL 3 allows private network trunk calls and local calls in addition to FX and WATS trunk calls.

To set FRLs on G1, G3, and System 75:

1. Use change cor for the voice mail ports (vs. subscribers) to display the Class of Restriction screen.
2. Enter the FRL number (0 through 7) in the FRL field. Assign the lowest FRL that meets the outcalling requirements. The route patterns for restricted calling areas should have a higher FRL assigned to the trunk groups.
3. Use change routepattern to display the Route Pattern screen.
4. Use a separate partition group for ARS on the outcalling ports and limit the numbers that can be called.
    
   

   Note: For G3, the Restricted Call List on the Toll Analysis Table can also be used to restrict calls to specified areas.

To set FRLs on G2 and System 85:

1. Use P010 W3 F23 to assign FRLs for use with AAR, ARS, or WCR trunks. Assign higher FRLs to restricted patterns in P309 than the FRL in the COS for the voice mail ports.
2. For G2.2, do not use P314 to mark disallowed destinations with a higher FRL value. P314 W1 assigns a virtual nodepoint identifier (VNI) to the restricted dial string. P317 W2 maps the VNI to the pattern, and P317 W2 shows the pattern preference, with the FRL in field 4.

For earlier releases, use P313 to enter disallowed destinations in the Unauthorized Call Control table.

Restrict Toll Areas

A reverse strategy to preventing calls is to allow outbound calls only to certain numbers. For G1 and System 75, you must specify both the area code and the office code of the allowable numbers. For G3, you can specify the area code or telephone number of calls you allow.

For G1 and System 75:

1. Use change ars fnpa xxx to display the ARS foreign numbering plan area (FNPA) table, where xxx is the NPA that will have some unrestricted exchanges.
2. Route the NPA to a remote home numbering plan area (RHNPA) Table, for example, r1.
3. Use change rhnpa r1:xxx to route unrestricted exchanges to a pattern choice with an FRL equal to or lower than the originating FRL of the voice mail ports.
4. If the unrestricted exchanges are in the Home NPA, and the Home NPA routes to h on the FNPA Table, use change hnpa xxx to route unrestricted exchanges to a pattern with a low FRL.
    
   

   Note: If assigning a low FRL to a pattern preference conflicts with requirements for other callers, use ARS partitioning to establish separate FNPA, HNPA, and RHNPA tables for the voice mail ports.

For G2 and System 85:

1. Use P311 W2 to establish 6digit translation tables for foreign NPAs, and assign up to 10 different routing designators to each foreign NPA (area code).
2. Use P311 W3 to map restricted and unrestricted exchanges to different routing designators.
3. If the unrestricted toll exchanges are in the Home NPA, use P311 W1 to map them to a routing designator.
4. If the Tenant Services feature is used, use P314 W1 to map routing designators to patterns. If Tenant Services is not used, the pattern number is the same as the routing designator number.
5. Use P309 W3 to define the restricted patterns and unrestricted patterns.

For G2.2:

1. Use P314 W1 to assign a VNI to the unrestricted dial string.
2. Map the VNI to a routing pattern in P317 W2, and assign a low FRL to the pattern in P318 W1. If you permit only certain numbers, consider using Network 3, which contains only those numbers.

For G3:

1. Use change ars analysis to display the ARS Analysis screen.
2. Enter the area codes or telephone numbers that you want to allow and assign an available routing pattern to each of them.
3. Use change routing pattern to give the pattern preference an FRL that is equal to or lower than the FRL of the voice mail ports.
    
   

   Note: For G3, the Unrestricted Call List (UCL) on the Toll Analysis Table can be used to allow calls to specified numbers through ARS and WCR. The COR for the voice mail ports should show "alltoll" restriction and access to at least one UCL.

For MERLIN LEGEND:

A voice port with toll restriction cannot be used to make toll calls, but it can still be used to make local calls. Toll restriction may prevent or limit outcalling, AMIS analog networking, and FAX call delivery. An allowed number list can be used for specific area codes and/or exchanges that can be called.

Block Subscriber Use of Trunk Access Codes

This section applies to G2, System 85 only. Stationtotrunk restrictions can be assigned to disallow stations from dialing specific outside trunks. By implementing these restrictions, callers cannot transfer out of voice mail to an outside facility using trunk access codes (TACs).

For G2 and System 85, if TACs are necessary to allow certain users direct dial access to specific facilities such as tie trunks, use the Miscellaneous Trunk Restriction feature to deny access to others. For those stations and all trunkoriginated calls, always use ARS, AAR, or WCR for outside calling.

 

Note: Allowing TAC access to tie trunks on your switch may give the caller access to the Trunk Verification feature on the next switch.

Create Restricted Number Lists

This section applies to G1, G3, and System 75 only. The Toll Analysis screen allows you to specify the toll calls you want to assign to a restricted call list (for example, 900 numbers) or to an unrestricted call list (for example, an outcalling number to a call pager). Call lists can be specified for CO, FX, WATS, TAC, and ARS calls, but not for tie TAC or AAR calls.

Create Disallowed Number Lists

This section applies to MERLIN LEGEND only. When a voice port is unrestricted or has no toll restriction, a disallowed number list can be used to prevent calls to specific numbers, specific exchanges within all area codes, or specific numbers. There can be a maximum of eight disallowed lists in the MERLIN LEGEND system with a maximum of 10 numbers on each list. Each voice port can be assigned any or all of the disallowed number lists.

See Avaya INTUITY Integration with MERLIN LEGEND Communications System, for complete MERLIN LEGEND security information.

Create Allowed Number Lists

This section applies to MERLIN LEGEND only. When a voice port is outward restricted or toll restricted, an allowed number list can be used to allow calls to specific area codes and/or exchanges. When outcalling or AMIS analog networking is required, using outward restriction or toll restriction in combination with an allowed number list limits the risk of unauthorized persons using the voice messaging or automated attendant systems to make toll calls. This is because calls can only be made to the specified area codes and/or exchanges.There can be a maximum of eight allowed lists in the MERLIN LEGEND system with a maximum of 10 numbers on each list. Each voice port can be assigned any or all of the allowed number lists.

See Avaya INTUITY Integration with MERLIN LEGEND Communications System, for complete MERLIN LEGEND security information.

Detecting Voice Mail Fraud

The following table shows the monitoring techniques you can use to help determine if your voice mail system is being used for fraudulent purposes.
 

Table: Monitoring Techniques �

Monitoring Technique	Switch
Call Detail Recording (or SMDR)	All, including MERLIN Legend
Traffic Measurements and Performance	All, except MERLIN Legend
Automatic Circuit Assurance	All, except MERLIN Legend
Busy Verification	All, except MERLIN Legend
Call Traffic Report	All, except MERLIN Legend
Trunk Group Report	G1, G3, System 75
AUDIX Traffic Reports	All, including MERLIN Legend

Call Detail Recording (or SMDR)

With Call Detail Recording (CDR) activated for the incoming trunk groups, you can find out details about the calls made into your voice mail ports. This feature is known as Station Message Detail Recording (SMDR) on some switches, including MERLIN LEGEND.

 

Note: Avaya's optional Call Accounting System (CAS) can be installed on the Avaya Intuity system. CAS allows you to create customized reports with your G1, G3, or MERLIN LEGEND CDR or SMDR data. The optional Avaya HackerTracker program works in conjunction with CAS Plus Version 3 to alert you to abnormal calling activities. Call 800 521-7872 or your Center of Excellence for more information. Most other call accounting packages discard valuable security information. If you are using a call accounting package, check to see if this information can be stored by making adjustments in the software. If it cannot be stored, be sure to check the raw data supplied by the CDR.

Review CDR reports for the following indications of possible voice messaging abuse:

• Short holding times on any trunk group where voice messaging is the originating endpoint or terminating endpoint
• Calls to international locations not normally used by your business
• Calls to suspicious destinations
• Numerous calls to the same number
• Undefined account codes


 


Note: For G2 and System 85, CDR only records the last extension on the call. Therefore, internal toll abusers transfer unauthorized calls to another extension before they disconnect. This ensures that the CDR does not track the originating station. If the transfer is to your voice messaging system, it could give a false indication that your voice messaging system is the source of the toll fraud.

For G1, G3, and System 75:

1. Use change systemparameters features to display the FeaturesRelated System Parameters screen.
2. Administer the appropriate format to collect the most information. The format depends on the capabilities of your CDR analyzing and recording device.
3. Use change trunkgroup to display the Trunk Group screen.
4. Enter y in the SMDR/CDR Reports field.

For G2:

1. Use P275 W1 F14 to turn on the CDR for incoming calls.
2. Use P101 W1 F8 to specify the trunk groups.

Call Traffic Report

This report provides hourly port usage data and counts the number of calls originated by each port. By tracking normal traffic patterns, you can respond quickly if an unusually high volume of calls appears. Such a high volume might indicate unauthorized use, especially if it occurs after business hours or during weekends.

For G1, G3, and System 75, traffic data reports are maintained for the last hour and the peak hour. For G2 and System 85, traffic data is available via Monitor I which can store the data and analyze it over specified periods.

Trunk Group Report

This report tracks call traffic on trunk groups at hourly intervals. Since trunk traffic is fairly predictable, you can easily establish over time what is normal usage for each trunk group. Use this report to watch for abnormal traffic patterns, such as unusually high offhour loading.

SAT, Manager I, and G3MT Reporting

Traffic reporting capabilities are built in to and are obtained through the System Administrator Tool (SAT), Manager I, and G3MT terminals. These programs track and record the usage of hardware and software features. The measurements include peg counts (that is, the number of times ports are accessed) and call duration. Traffic measurements are maintained constantly and are available on demand. However, reports are not archived and should therefore be printed if you want to monitor a history of traffic patterns.

For G1, G3, and System 75:

1. To record traffic measurements:
1. Enter change trunkgroup to display the Trunk Group screen.
2. In the Measured field, enter both if you have a Basic Call Management System (BCMS) and a Call Management System (CMS), internal if you have only BCMS, or external if you have only CMS.
2. To review the traffic measurements:
1. Enter list measurements followed by a measurement type (trunkgroups, callrate, callsummary, or outagetrunk) and timeframe (yesterdaypeak, todaypeak, or arrestor).
3. To review performance:
1. Enter list performance followed by a performance type (summary or trunkgroup) and timeframe (yesterday or today).

ARS Measurement Selection

The ARS Measurement Selection can monitor up to 20 routing patterns (25 for G3) for traffic flow and usage.

For G1, G3, and System 75:

1. Use change ars measselection to choose the routing patterns you want to track.
2. Use list measurements routepattern followed by the timeframe (yesterday, today, or lasthour) to review the measurements.

For G2, use Monitor I to perform the same function.

Automatic Circuit Assurance

This monitoring technique detects a number of calls with short holding times or a single call with a long holding time. Such calls may indicate hacker activity. Long holding times on trunktotrunk calls can be a warning sign. The Automatic Circuit Assurance (ACA) feature allows you to set time limit thresholds defining what is considered a short holding time and a long holding time. When a violation occurs, a designated station is visually notified.

When an alarm occurs, determine if the call is still active. If toll fraud is suspected (for example, if a long holding time alarm occurs on a trunktotrunk call), you may want to use the busy verification feature (see Busy Verification for more information) to monitor the call in progress.

For G1, G3, and System 75:

1. Use change systemparameters features to display the FeaturesRelated System Parameters screen.
2. Enter y in the Automatic Circuit Assurance (ACA) Enabled field.
3. Enter local, primary, or remote in the ACA Referral Calls field. If primary is selected, calls can be received from other switches. Remote applies if the PBX being administered is a DCS node, perhaps unattended, where ACA referral calls go to an extension or console at another DCS node.
4. Use change trunk group to display the Trunk Group screen.
5. Enter y in the ACA Assignment field.
6. Establish short and long holding times. The defaults are 10 seconds (short holding time) and one hour (long holding time).
7. To review, use list measurements aca

For G2 and System 85:

1. Use P285 W1 F5 and P286 W1 F1 to enable ACA system wide.
2. Use P120 W1 to set ACA call limits and number of calls thresholds.
3. Choose the appropriate option:
• To send the alarms and/or reports to a designated maintenance facility, use P497 W3
• To send the alarms and/or reports to an attendant, use P286 W1 F3

Busy Verification

When toll fraud is suspected, you can interrupt the call on a specified trunk group and monitor the call in progress. Callers will hear a long tone to indicate the call is being monitored.

For G1, G3, and System 75:

1. Use change station to display the Station screen for the station that will be assigned the Busy Verification button.
2. In the Feature Button Assignment field, enter verify
3. To activate the feature, press the Verify button and then enter the trunk access code and member number to be monitored.

For G2 and System 85:

1. Administer a Busy Verification button on the attendant console.
2. To activate the feature, press the button and enter the trunk access code and the member number.

AUDIX Traffic Reports

The Intuity AUDIX system tracks traffic data over various time periods. Reviewing these reports on a regular basis helps to establish traffic trends. If increased activity or unusual usage patterns occur, such as heavy call volume on ports assigned to outcalling, they can be investigated immediately. In addition, the AUDIX Administration and Data Acquisition Package (ADAP) uses a personal computer to provide extended storage and analysis capabilities for the traffic data. You can also use the AUDIX Administrator's Log and Activity Log to monitor usage and investigate possible breakin attempts. For more information on running and using reports, see Overview of Reports.

Avaya's Statement of Direction

The telecommunications industry is faced with a significant and growing problem of theft of customer services. To aid in combating these crimes, Avaya intends to strengthen relationships with its customers and its support of law enforcement officials in apprehending and successfully prosecuting those responsible.

No telecommunications system can be entirely free from risk of unauthorized use. However, diligent attention to system management and to security can reduce that risk considerably. Often, a trade-off is required between reduced risk and ease of use and flexibility. Customers who use and administer their systems make this trade-off decision. They know best how to tailor the system to meet their unique needs and are therefore in the best position to protect the system from unauthorized use. Because the customer has ultimate control over the configuration and use of Avaya services and products it purchases, the customer properly bears responsibility for fraudulent uses of those services and products.

To help customers use and manage their systems in light of the trade-off decisions they make and to ensure the greatest security possible, Avaya commits to the following:

• Avaya products and services will offer the widest range of options available in the industry to help customers secure their communications systems in ways consistent with their telecommunications needs.
• Avaya is committed to develop and offer services that, for a fee, reduce or eliminate customer liability for PBX toll fraud, provided the customer implements prescribed security requirements in its telecommunications systems.
• Avaya's product and service literature, marketing information and contractual documents will address, wherever practical, the security features of our offerings and their limitations, and the responsibility our customers have for preventing fraudulent use of their Avaya products and services.
• Avaya sales and service people will be the best informed in the industry on how to help customers manage their systems securely. In their continuing contacts with customers, they will provide the latest information on how to do that most effectively.
• Avaya will train its sales, installation and maintenance, and technical support people to focus customers on known toll fraud risks; to describe mechanisms that reduce those risks; to discuss the trade-offs between enhanced security and diminished ease of use and flexibility; and to ensure that customers understand their role in the decisionmaking process and their corresponding financial responsibility for fraudulent use of their telecommunications system.
• Avaya will provide education programs for customers and Avaya employees to keep them apprised of emerging technologies, trends, and options in the area of telecommunications fraud.
• As new fraudulent schemes develop, we will promptly initiate ways to impede those schemes, share our learning with our customers, and work with law enforcement officials to identify and prosecute fraudulent users whenever possible.

We are committed to meeting and exceeding our customers' expectations, and to providing services and products that are easy to use and are of high value. This fundamental principle drives our renewed assault on the fraudulent use by third parties of our customers' communications services and products.

Avaya Security Offerings

Avaya has developed a variety of offerings to assist in maximizing the security of your system. These offerings include:

• Access Security Gateway (ASG) for Intuity AUDIX and DEFINITY
• Security Audit Service of your installed systems
• Fraud Intervention Service
• Individualized Learning Program, a selfpaced text that uses diagrams of system administration screens to help customers design security into their systems. The program also includes a videotape and the BCS Product Security Handbook.
• A call accounting package that calls you when preset types and thresholds of calls are established
• A remote port security device that makes it difficult for computer hackers to access the remote maintenance ports
• Software that can identify the exact digits passed through the voice mail system

For more information about these services, see the BCS Product Security Handbook and the BCS Product Security Handbook Addendum.

Avaya Toll Fraud Crisis Intervention

If you suspect you are being victimized by toll fraud or theft of service and need technical support or assistance, call one of the following numbers immediately.
 

DEFINITY/System 75/System 85 — Avaya GBCS Technical Service Center (TSC)	800-2422121
MERLIN LEGEND — Avaya GBCS National Service Assistance Center (NSAC)	800-628-2888
Avaya Corporate Computer & Network Security	800-582-2267 908-559-6644
AUDIX Help Line	800-5628349
BCS Technical Service Center Toll Fraud Intervention Hotline	800-643-2353

 

Note: These services are available 24 hours a day, 365 days a year. Consultation charges may apply.

Avaya Corporate Security

Whether or not immediate support is required, please report all toll fraud incidents perpetrated on Avaya services to Avaya Corporate Security. In addition to recording the incident, Avaya Corporate Security is available for consultation on product issues, investigation support, law enforcement, and education programs.

http://www.avaya.com Avaya UCS Information Development