Tweet

Business telephone system have become extremely flexible and powerful, able to adapt to your business requirements for ease of use, productivity and cost savings. However, along with this flexibility comes a responsibility to ensure that it is programmed with security in mind. Security in this case is defined as protection against abuse and unauthorized access.

For the purposes of this article, we will be focusing on the North American Dialing Plan (NPA), and the Mitel 3300 along with its ARS. The concepts discussed here should translate to other systems such as the Nortel and Avaya products.

What is Toll Fraud?

In a PBX environment, fraud can be defined as any unauthorized use of a businesses telephone system and carrier services. Often this takes the form of someone dialing into your system and gaining outside line access to make long distance and international calls. The cost of these calls will then be charged to you as if someone within your organization made the call. Although many carriers have become very good at identifying toll fraud based on your business calling patterns, it is possible that thousands of dollars worth of toll calls can be made over a single weekend.

What is Telabuse?

Although closely related to toll fraud, Telabuse has also been called "call waste" and "call fraud". In their two volume book "Toll Fraud and Telabuse, A multibillion Dollar National Problem" by John J. Haugh, Robert E. Burney, Gregory L. Dean & Lawrence H. Tisch, Telecommunications Advisors Inc. 1992, "Telabuse" is defined as: "fraud, waste, and abuse by the staff of users, including their friends and relatives". Using this definition we will discuss methods of locking unauthorized use of business telecom services.

Determine What Is Necessary to Conduct Business

Knowing what needs to be done in order to program any PBX with security in mind, a business must first determine what PBX features are required for its business environment as well as who will use these features. Here we will focus on the standard desktop telephone, trunks and the out dialing capabilities of each. Please bere in mind that although the Mitel 3300 has many powerful business features such as Unified Communications and Mobility, security for these features will be discussed in future articles.

First we must decide what features your business needs and what phones need them. Each phone will have out dialing requirements based on the job function of the person using it. For example, the CEO of a company may require international calling to conduct business. This is generally not true of the lunch room phone or the copy room phone, therefore these phones should be classified differently.

Other questions to ask when designing security are:

• Does the phone need to make long distance calls?

• Does the phone need to call states other than the one it's in?

• Does the phone need outbound access during off business hours?

• Does the phone need to be able to forward off-premise to another phone such as a cell phone?

These are questions you must ask yourselves in order to begin tightening security of your phone system. Also, please make a note, these same questions apply to your voice mail system as well.

ARS Protection

ARS stands for "Automatic Route Selections". This is the programming that exists in your PBX that gives it the ability to select an outside line when you dial your outside line access code (in many cases the digit "9"). The flexibility of this programming is one of the best features of the Mitel Product line. This same programming flexibility, however, leaves the security to the skill, understanding and care of the technicians working on your system. This is true of any PBX.

In a Mitel PBX, out bound dialing is generally controlled by the Class of Restriction (COR) of the device making the call. A device is a phone, a trunk or a port. Each device is assigned a COR that defines it's authorization for out bound calling. The design of the capabilities of COR is left up the technicians installing the system. It can be very complex and difficult to understand so we have designed a method of programming COR that simplifies it so that you and your technician can easily know what calling patterns a device is allowed to have.

This is where we need to introduce the Mitel programming forms for ARS. These will be specific to the Mitel.

• Class Of Restriction. This form is used to define classes of what is allowed or denied. You'll see on the left hand side of the column index numbers 1 through 64. If you look in the data field of this form and see that it is blank, this means there are no restrictions in your system at all and it may be at risk for being compromised.

• Digit Modification. This form is used to program the system to absorb any number of digits that you may be dialed for an outside line. For example, if a "9" is dialed, it generally is not sent to the carrier. So the "9" will be deleted and only the remaining digits are sent to the carrier.

• Route Assignment. This form is used to assign a trunk group, a digit modification and a COR to a route.

• Automatic Route Selection - ARS. This form is where you assign a route to the digit a user dials.

Two things can be accomplished by using these forms correctly

• A multilevel security plan.

• Simplicity of programming maintenance.

To do this the system is going to set up 6 levels of COR. The 6 levels are:

• Totally restricted

• Local and toll free calls

• Calls within your lata

• Calls within your state

• National calling

• International calling

Programming the Class Of Restriction Infrastructure

We begin in the COR form. First of all we want to restrict the default COR, number 1, so that anything we have specifically allowed is blocked. So in row #1 enter "1-64".

Next we're going to set up a COR that will define "local call restriction".

1. In row #11 enter "1-10,16-64". What this will mean is that when you assign a COR of 11-15 to a device the call will be allowed out.

2. Next in row #12 enter "1-11,16-63". This means that a device with a COR of less than 11 will be blocked but any device with a COR of 12-15 will be allowed.

3. Row #13 enter "1-12,16-64"

4. Row #14 enter "1-13,16-64"

5. Row #15 enter "1-14,16-64".

6. As you can see, restrictions become tighter as we go up the rows.

Now we must define the digit modification. Do this by editing the "Digit Modification" form. Commonly, in North America, the access code is either "8" or "9". When pressing these numbers you should receive a secondary dial tone. In general, we simply want to delete the access code so it isn't sent to the carrier. For simplicity, we are going to go to row #11 and in the absorb field we are going to change the "0" to a "1". This instructs the system to absorb the 1st digit of what you dialed (i.e. the number "9"). Repeat the same thing for rows 12 through 15.

Next, we must assign these new COR and digit modification numbers must be defined to a route. A route is how a call is assigned a trunk group for access to the outside world. (We will assume here that all your outside trunks are in trunk group 1.) Edit the form "Route Assignment" and go to row #11. In this row you will use the drop down box to choose "TDM Trunk Group". In the trunk group field enter "1". Next in the Class Of Restriction and Digit Modification fields enter "11".

Edit rows 12 through 15 and edit them to look the same as row 11 except for the COR and Digit Modification fields enter the same number as the row you're editing. Now rows 11-15 should look like this:

Row.... Trunk Group....... COR.... Digit Mod

11......... TDM Group 1..........11.......... 11

12......... TDM Group 1..........12......... 12

13......... TDM Group 1......... 13......... 13

14........ TDM Group 1.......... 14......... 14

15........ TDM Group 1.......... 15......... 15

We have just defined the multi-tiered Class Of Restriction we discussed earlier. Now we have an easy method of understanding the restrictions applied to a phone or device. Here is our definitions:

11 - Can only call local numbers (includes toll free number).

12 - Can call local number + Intra-lata numbers.

13 - Can call local numbers, Intra-lata numbers + calls within the state.

14 - Can call local numbers, Intra-lata numbers, calls within the state + All North American Numbers.

15 - Can call all of the above + 900 numbers + International numbers.

Anything else is restricted.

Now we must assign these new routes to what you dial so edit the ARS Digits Dialed Form. In this form we define what numbers you can dial. We will assume here that the outside line access code is a "9". The first thing we want do is define what a long distance number looks like. A long distance number is any number that is "1" + 10 digits following. The exceptions are toll free numbers and other numbers that your local carrier defines as local to you. We will deal with the exceptions in a moment. Add a long distance number by clicking the "Add" button and in the digits dialed field enter a "91". In the "Digits to Follow" drop down box select 10. In the Termination Type field drop down box select "Route" and finally in the Termination Number Field enter a "14". A long distance route is now assigned.

Now a route must be assigned for Toll Free calls and local calls. Add the following lines to the form for toll free numbers:

Digits Dialed..... Digits to Follow...... Termination type...... Termination Number

91800................. 7................................... Route........................... 11

91888................. 7................................... Route........................... 11

91877................. 7................................... Route........................... 11

91866................. 7................................... Route........................... 11

A brief word about local numbers. You may choose not to define local numbers. Depending on your area there could be hundreds that need to be defined and more may be added all the time. Although the infrastructure is now built in the PBX to be able to easily define them, most customers simply choose not to because of the cost to maintain it.

Not all areas of the country require you to dial an area code so for examples I will show how to program for both methods using the 248 area code for the example. For each local exchange enter the following based on this example:

Digits Dialed..... Digits to Follow...... Termination type...... Termination Number

9654.................... 4................................. Route............................. 11

91248654........... 4................................ Route.............................. 11

Program your Intra-lata numbers. You can usually find your Intra-lata numbers on your carriers website. In general, a lata will have one or more area codes defined. Note that some area codes may cross latas but typically these are minimal. For an example we will use the Detroit lata. For each area code add lines based on the following example:

Digits Dialed..... Digits to Follow...... Termination type...... Termination Number

91248.................. 7..................................Route............................ 12

91313.................. 7................................. Route............................ 12

91810.................. 7................................. Route............................ 12

91734.................. 7................................. Route............................ 12

91586.................. 7................................. Route............................ 12

Next add state area codes by following the Michigan example below. This will include all area codes in your state that you have not already defined.

Digits Dialed..... Digits to Follow...... Termination type...... Termination Number

91231................. 7................................... Route........................... 13

91269................. 7................................... Route........................... 13

91616................. 7................................... Route........................... 13

91906................. 7................................... Route........................... 13

91989................. 7................................... Route........................... 13

Lastly we need to define our highly restricted calls such as 900 and international calls.

Add the following lines:

Digits Dialed..... Digits to Follow...... Termination type...... Termination Number

9011.................... Unknown.....................Route............................ 15

91900.................. 7................................. Route............................ 15

Your PBX will now have the basic infrastructure of our multi-tiered class of restriction. All that needs to be done from here is to assign this COR to individual stations. To do this edit the Station Attributes form and in the COR field for each extension add it's new COR. If a COR of "11" is assigned to a phone it will only be able to call toll free and local numbers. A COR of "12" will allow the user to dial calls within your lata, a COR of 13 will allow long distance calls within a state, "14" allows anything in North America and a "15" allows a phone to be completely unrestricted.

If you like, you can choose to have a different COR for when the PBX is in "Day" mode, "Night 1" or "Night 2" mode. Doing this will restrict phones after normal business hours.

You may have also noticed that we did not define 911 calls. Emergency calls must not be restricted and needs to be tested. The setup for emergency call will be covered in an upcoming article.

About the Author: Ralph Willett manages a remote services center specializing in the Avaya, Nortel and Mitel product lines. He is an expert Mitel 3300 programmer with over 25 years of Mitel experience. His lead generation website can be found at www.AAVoicePro.com.

Article Source: http://EzineArticles.com/?expert=Ralph_Willett
http://EzineArticles.com/?Mitel-ARS-Programming-for-Security&id=6203318

Please join our forum and follow our newsletter.  Your participation may help others.

If you've found this article useful please Tweet