Appendix A: Customer Support Information
Physical Security, Social Engineering, and
General Security Measures
Criminals called hackers may attempt to gain unauthorized access to your system
and voice messaging system in order to use the system features. Hackers often
attempt to trick employees into providing them with access to a network facility
(line/trunk) or a network operator. This is referred to as social engineering.
Hackers may pose as telephone company employees or employees of Avaya Communication
or your authorized dealer. Hackers will go through a company's trash to find
directories, dialing instructions, and other information that will enable them
to break into the system. The more knowledgeable they appear to be about the
employee names, departments, telephone numbers, and the internal procedures
of your company, the more likely it is that they will be able to trick an employee
into helping them.
Preventive Measures
Take the following preventive measures to limit the risk of unauthorized access
by hackers:
- Provide good physical security for the room containing your telecommunications
equipment and the room with administrative tools, records, and System Manager
information. These areas should be locked when not attended.
- Provide a secure trash disposal for all sensitive information, including
telephone directories, call accounting records, or anything that may supply
information about your system. This trash should be shredded.
- Educate employees that hackers may try to trick them into providing them
with dial tone or dialing a number for them. All reports of trouble, requests
for moving extensions, or any other administrative details associated with
the MERLIN MAGIX Integrated System should be handled by one person (the System
Manager) or within a specified department. Anyone claiming to be a telephone
company representative should be referred to this person or department.
- No one outside of Avaya Communication needs to use the MERLIN MAGIX Integrated
System to test facilities (lines/trunks). If a caller claims to be a Avaya
Communication employee, the System Manager should ask for a telephone number
where the caller can be reached. The System Manager should be able to recognize
the number as a Avaya Communication telephone number. Before connecting the
caller to the administrative port of the MERLIN MAGIX Integrated System, the
System Manager should feel comfortable that a good reason to do so exists.
In any event, it is not advisable to give anyone access to network facilities
or operators, or to dial a number at the request of the caller.
- Any time a call appears to be suspicious, call the Avaya Communication
BCS Fraud Intervention Center at 1 800 628-2888 (fraud intervention for System
25, PARTNER, MERLIN, and MERLIN MAGIX systems).
- Customers should also take advantage of Avaya Communication monitoring
services and devices, such as the NetPROTECT family of fraud-detection services,
CAS with HackerTracker, and CAT Terminal with Watchdog. Call 1 800 638-7233
to get more information on these Avaya Communication fraud detection services
and products.
