The system is designed to be very secure. The following is a list of some of the security features:
Passwords protect all messaging mailboxes. The system offers password aging and password timeout mechanisms that can help restrict unauthorized subscribers.
Subscriber passwords must comply with the following guidelines:
Passwords can be from 5 to 15 digits in length, although the system administrator can specify a minimum required length.
A password cannot:
The system administrator can administer the system to age subscriber passwords, at which time subscribers must select a new password.
Callers are given three attempts per call to enter their mailbox correctly before they are automatically disconnected. An administrator can also specify how many consecutive invalid attempts are allowed before a voice mailbox is locked.
You can create role based user logins. Each login has its own unique password and provides varying levels of access to the features and capabilities of the system. This layered approach limits access to particularly powerful features and is convenient when delegating system administrator responsibilities.
All the subscriber password compliance guidelines apply, including password aging, for both the system administrator (sa) and voice mail (vm) logins.
For example, a PIN of 4567 or 7654 is not allowed for a mailbox with number 123-4567. The smaller (fewer digits) of the mailbox number and the PIN cannot be a subset of the larger of the mailbox number and the PIN number. This applies to both the PIN number and to the sequence of digits obtained by reversing the order of the PIN digits.
Once a PIN has exceeded its maximum allowable age, it is no longer valid. If a PIN becomes invalid due to aging while a validated session is in progress the session is not affected.
You can enable or disable aging of voice mail PINs from the Administrative web pages. By default, the aging of voice mail PIN is enabled. This applies to all the voice mails.
You can configure the maximum age of a voice mail PIN. The maximum administrable range is from 1 to 999 days. However, the default maximum age of a voice mail PIN is 90 days.
A subscriber's voice mail account is locked after the number of failed PIN attempts exceed the number set for failed attempts. An user with administrator privileges can enable the voice mail. You can also configure the number of failed attempts from the administrative web pages.
Only 3 invalid PIN attempts are allowed in a single TUI session.
For instance, if the limit is 3 and 2 failed attempts are made while using TUI and one while using IMAP4, the mail is locked
With Enhanced Call Transfer, the system verifies that the requested destination is a valid extension in the dial plan. The system verifies that the entered digits contain the same number of digits as are administered on the messaging software for extension lengths. When callers request a name addressing transfer, the name must match the name of a messaging subscriber (either local or remote) whose extension number is in the dial plan.
Call transfers are subject to control by the customer system administrator. This administrative control is designed to encompass all of the numbers to which a caller can transfer.
To transfer to another extension, the subscriber presses * T, the digits of the extension to which he or she wants to transfer, and #. The system administrator can administer the messaging software to permit transfers to only certain allowed numbers or ranges of numbers. For example, the system administrator can administer the system to forbid call transfer to extensions that begin with 9, if dialing this number results in access to an outside line. See Creating Restricted Number Lists for additional information on establishing dialing restrictions.
If a caller enters an extension that is an allowed transfer, the switch completes the transfer, disconnects the messaging software, and sends a "disconnect - successful transfer" message to the system. If the number is not valid, the switch leaves the system connected to the caller and sends a "fail" message to the messaging software. Then the system plays an error message to the caller and prompts for further activity.
Allowing * T transfers increases the risk of toll fraud. If the customer decides to allow * T transfers, the system can be set to allow transfers by either subscribersor digits.
Transfer by subscriber.In a system administered to allow transfer by subscriber, callers can transfer only to an administered messaging subscriber.
Transfer by digits. In a system administered to allow transfer by digits, the destination telephone number must correspond to a pattern administered in the Allowed and Denied Numbers menus. It must also have the same number of digits as extension numbers within the messaging software.
Restricting call transfers to administered subscribers is the more secure of the two options. Fraudulent use of call transfer is virtually eliminated when the messaging software verifies that the specified destination is an administered number and denied numbers are administered carefully to include such things as a phantom mailbox that begins with 9. However, you must also consider that if digits arespecified, the caller might find a way to access the switch and to use switch features and functions to complete fraudulent long distance calls.
The current messaging documentation set includes detailed instructions on how to administer switches to prevent toll fraud. For more information, see Switch Administration Tasks Checklist and the switch integration book for the specific switch at the customer's site.
Toll fraud can be minimized when outcalling to messaging subscribers who are off-site and often have their message notification forwarded to a call pager. To do so, the outcalling:
Ports can be assigned to a toll restricted Class of Restriction (COR) that allows calling only within a local area.
Numbers can be entered into an unrestricted calling list for either ARS or Toll Analysis.
Numbers can be limited to 7 or 10 digits to restrict outcalling to, for example, international extensions.