toll fraud

[vorlander]

Hi, my company is improving new security policies..also our telephone system is under investigation.

How do you prevent toll fraud on your systems?

Thank you

[ralph]

There are multiple ways to implement toll fraud security on a Mitel.  By default, nothing is implemented. 
We always build a layered approach to it so if one layere is pealed back there are still restrictions.
So let me see if I can list out what to do - note: this doesn't include Voice Mail security execpte for toll restrictsion.

(1) Class of Restriction:  restrict your TRUNKS to a COR that doesn't allow outbound calls.
(2) Class of Service:  Restrict your trunks from public network to public network connections.
(3) Class of Service:  Restrict your trunks and phones from external call forwarding.
(4) Class of Restriction:  restrict your phones to only being able to dial numbers relevant to your business: ie: block international calls, block 900 numbers etc.
(5) Interconnect Restriction: Block all trunk to trunk connections.
(6) DISA:  remove it if programmed.
(7) Carrier restrictions: Have your carrier block internation calls (if possible)
( Carrier Restrictions: Have your carrier block operator assisted calls.
(9) Carrier Restrictions: Have your carrier block 3rd party calls.
(10) Class of restriction: Be sure your VM ports are restricted from dialing outbound.-  allow pages etc, via system speed dial to allow only specific numbers to be dialed ie: pagers, cell phones, etc.
(11) Be sure that when a call comes in, and YOU hang up, the trunk actually disconnects.  I've seen where a call will come in, the caller says nothing, the user thinks its a random faulty call hangs up, the caller actually will get PBX dial tone.  Multiple layers of security will still block an outbound call but this still should not happen.

These are just what I come up with off the top of my head.   Unfortunantly, my experience has been, that most vendors (All VARs not just Mitel VARs) pay little attention to toll fraud if any.   Some years ago I (sorta) speciliazed in Mitel PBX security and was able to get my company to implement a standard security policy for new installs.  This has worked well.  It can be a real pain to retrofit a PBX but it should be done if it hasn't been.

Ralph
www.AAVoicePro.com/mitel

[vorlander]

Thank you, but in this situation you are not able to forward your phone to an external number.
Many of our customer has VIP user that forward their phones to their mobile..

I think that we implement only VM restriction.

Thank you very much.

[ralph]

That's a common request to be able to fwd calls to an external number.
To do that, strip back all restriction except COR.   Then set up system speed dials to call each individual cell phone.  Be sure to enable "Over Ride Toll Restriction" to yes.  The user then fwds to the speed dial number.   This is less secure than what I wrote above, but does allow the user to fwd to an external number while still preserving security.
A good PBX security audit would catch these things and at least show you where you were and how secure you are.

Ralph

[juneinin]

Yes a good PBX security audit would catch these things and at least show you where you were and how secure you are.. that is one of the most important part of it..

_________________
Call Center Software

[steverowlands]

Always remember to change the Administrator & Manager passcodes on the administrator voicemail account.

Internal & external users can forward voicemail to premium rate numbers by using the systems options on the admin voicemail account.

This is important 

[MitelMania]

on the 3300 it is also necessary to go into the RTC shell and change the passwords there as well...  many of the ARS forms CAN be accessed through the old "sx-2000" shell  and thise passcodes remain default even when the ESM passwords are secure... that says if someone was able to get the IP address of your system they could be into ARS and open up whatever routes they want...


I have found MANY mitel systems where the RTC shell is default...
-Christopher