We have a 3300 on 8.0.10.7_1. Last night we were notified by our PRI provider of a 6+ hour call to our 800 number. I looked in our SMDR logs and found another call right after that one ended that was 2+ hours. In both cases, it looks like they went into the voicemail system and were "poking" around.
I'm the IT guy, so I talked to our "phone vendor", but they really haven't been that trustworthy from the start. For example, my first question was, "Is the 3300 capable of limiting the length of calls?" The answer I got (from the owner mind you) was "I don't really know, I'll have to wait until I have a tech in Monday". I found the option after reading through the help some and have set limits on call lengths.
In talking to our vendor, he claimed that people "get into the voicemail, then get into a voicemail box with a weak password, then somehow re-program the system to auto call out to a 900 number or other toll number to rack up charges". I'm having our Jr. IT guy go through all our voicemails and change any with a 1111 passcode and/or a passcode that is the same as the extension. I'm also having our PRI provider block all calls to the NANP Member countries (places like the Dominican Republic and Jamaica where you only have to dial 1 + area code to call, no country code required, but aren't other US states).
Our OpsManager and the Mitel web interface are inaccessable from the outside network, and I feel pretty confident about their security.
I've seen suggestions to turn off trunk to trunk calling, but we actually use that feature a lot, so that is kind of a non-starter.
I've also gone through the article here:
http://www.mitelforums.com/articles/mitel-toll-fraud.php but I'm unsure as to how to block 9-00 calls and to block specific extensions from making international calls.
Can anyone give me any pointers on how to setup those blocks? Is there anything else I should look for or set (assume my vendor didn't do even the most basic security features)?
Should I really just search for a new vendor and let them handle it?
Thanks in advance for your help.