Security Toll fraud is the theft of long distance service. When toll fraud occurs, your company is responsible for charges. See Overview of Security for information on how to prevent toll fraud, or call the Avaya Technologies National Customer Care Center at 1-800-643-2353.
Using Internet Messaging and the Internet presents certain security issues. Your company is responsible for any damages that could arise as a result of the use of Internet Messaging. However, you can administer your system to minimize these risks. You need to be concerned with:
Disabling POP3 or IMAP4 Access
On the General Options and Settings page, if the POP3 client access enabled? or IMAP4 client access enabled? fields are set to Yes, hackers could determine a subscriber's login name and password, and then commit toll fraud through the subscriber's mailbox. Use Internet Messaging only behind a corporate firewall and restrict external Internet access to the appropriate email client ports.
If your company is concerned with subscriber login security, consider the following alternatives:
Disable the POP3 or IMAP4 interface by selecting No on the General Options and Settings page.
Exclusively use email clients such as Qualcomm's Eudora client that support password encryption.
Deploy secure socket layer (SSL) for POP3 or IMAP4 using an external SSL accelerator. Current products on the market include SSL100 Accelerator by Avaya.
Viruses
The ease with which messages can be broadcast and transmitted over the Internet simplifies the distribution of computer viruses. Enact a policy to ensure that subscribers check incoming messages and files for viruses.
Another precaution, especially important if this is your company's first email deployment, is a system-wide virus scanning application. The applications scan all incoming mail for viruses and intercept infected mail and files before they get to the subscriber. Current examples include:
Spoofing or Sending Email Under a False Name
Internet email addresses are not validated for identity. As a result, the identity of the message sender is not guaranteed. Warn your subscribers not to respond to messages from unverified sources, especially if the message contains requests for private information or any form of payment. The name of the machine that delivered a message to the Internet Messaging server can be checked by reading the message's header information.
Internet Messaging for Communication Manager Messaging builds on the multimedia capabilities of messaging to provide exchange of voice, fax, text, and binary components over the Internet.