Security

The system is designed to be very secure. The following is a list of some of the security features:

Subscriber Passwords

Passwords protect all messaging mailboxes. The system offers password aging and password timeout mechanisms that can help restrict unauthorized subscribers.

Subscriber passwords must comply with the following guidelines:

The system administrator can administer the system to age subscriber passwords, at which time subscribers must select a new password.

Callers are given three attempts per call to enter their mailbox correctly before they are automatically disconnected. An administrator can also specify how many consecutive invalid attempts are allowed before a voice mailbox is locked.

Administrative Logins and Passwords

You can create role based user logins. Each login has its own unique password and provides varying levels of access to the features and capabilities of the system. This layered approach limits access to particularly powerful features and is convenient when delegating system administrator responsibilities.

All the subscriber password compliance guidelines apply, including password aging, for both the system administrator (sa) and voice mail (vm) logins.

Disallows Voice Mail PINS Related to Mailbox Number

For example, a PIN of 4567 or 7654 is not allowed for a mailbox with number 123-4567. The smaller (fewer digits) of the mailbox number and the PIN cannot be a subset of the larger of the mailbox number and the PIN number. This applies to both the PIN number and to the sequence of digits obtained by reversing the order of the PIN digits.

Aging of Voice Mail PINs

Once a PIN has exceeded its maximum allowable age, it is no longer valid. If a PIN becomes invalid due to aging while a validated session is in progress the session is not affected.

Enabling Aging of Voice Mail PINs and Configuring Voice Mail PINs

You can enable or disable aging of voice mail PINs from the Administrative web pages. By default, the aging of voice mail PIN is enabled. This applies to all the voice mails.

You can configure the maximum age of a voice mail PIN. The maximum administrable range is from 1 to 999 days. However, the default maximum age of a voice mail PIN is 90 days.

Locking of Voice Mail After Invalid PIN Attempts

A subscriber's voice mail account is locked after the number of failed PIN attempts exceed the number set for failed attempts. An user with administrator privileges can enable the voice mail. You can also configure the number of failed attempts from the administrative web pages.

Allowed Invalid PIN Attempts in a Single TUI session

Only 3 invalid PIN attempts are allowed in a single TUI session.

Aggregation of Invalid PIN Attempts Across Interfaces

For instance, if the limit is 3 and 2 failed attempts are made while using TUI and one while using IMAP4, the mail is locked

Enhanced Call Transfer

With Enhanced Call Transfer, the system verifies that the requested destination is a valid extension in the dial plan. The system verifies that the entered digits contain the same number of digits as are administered on the messaging software for extension lengths. When callers request a name addressing transfer, the name must match the name of a messaging subscriber (either local or remote) whose extension number is in the dial plan.

Call transfers are subject to control by the customer system administrator. This administrative control is designed to encompass all of the numbers to which a caller can transfer.

Controlling Call Transfers by Using Allowed and Denied Numbers

To transfer to another extension, the subscriber presses * T, the digits of the extension to which he or she wants to transfer, and #. The system administrator can administer the messaging software to permit transfers to only certain allowed numbers or ranges of numbers. For example, the system administrator can administer the system to forbid call transfer to extensions that begin with 9, if dialing this number results in access to an outside line. See Creating Restricted Number Lists for additional information on establishing dialing restrictions.

If a caller enters an extension that is an allowed transfer, the switch completes the transfer, disconnects the messaging software, and sends a "disconnect - successful transfer" message to the system. If the number is not valid, the switch leaves the system connected to the caller and sends a "fail" message to the messaging software. Then the system plays an error message to the caller and prompts for further activity.

Controlling Call Transfers Using "Subscribers versus Digits"

Allowing * T transfers increases the risk of toll fraud. If the customer decides to allow * T transfers, the system can be set to allow transfers by either subscribersor digits.

Restricting call transfers to administered subscribers is the more secure of the two options. Fraudulent use of call transfer is virtually eliminated when the messaging software verifies that the specified destination is an administered number and denied numbers are administered carefully to include such things as a phantom mailbox that begins with 9. However, you must also consider that if digits arespecified, the caller might find a way to access the switch and to use switch features and functions to complete fraudulent long distance calls.

Switch Administration

The current messaging documentation set includes detailed instructions on how to administer switches to prevent toll fraud. For more information, see Switch Administration Tasks Checklist and the switch integration book for the specific switch at the customer's site.

Outcalling

Toll fraud can be minimized when outcalling to messaging subscribers who are off-site and often have their message notification forwarded to a call pager. To do so, the outcalling: