Filter
Top Products
About This Document
xiv Issue 2 November 1996
■ Change passwords frequently (at least quarterly). Set password
expiration times and tell users when the changes go into effect.
Changing passwords routinely on a specific date (such as the first of the
month) helps users to remember to do so.
■ Establish well-controlled procedures for resetting passwords.
■ Limit the number of invalid attempts to access a voice mail to five or less.
■ Monitor access to the dial-up maintenance port. Change the access
password regularly and issue it only to authorized personnel. Consider
using the Remote Port Security Device (RPSD) — a Lucent
Technologies product that helps protect your administration and
maintenance ports from unauthorized access.
■ Create a PBX system management policy concerning employee turnover
and include these actions:
— Delete all unused voice mailboxes in the voice mail system.
— If an employee is terminated, immediately delete any voice
mailboxes belonging to that employee.
— If a terminated employee had Remote Access calling privileges
and a personal authorization code, remove the authorization code
immediately.
— If barrier codes and/or authorization codes were shared by the
terminated employee, these should be changed immediately.
Notify the remaining users as well.
— If the terminated employee had access to the system
administration interface, their login ID should be removed (G3V3
or later). Any associated passwords should be changed
immediately.
■ Back up system files regularly to ensure a timely recovery should it be
required. Schedule regular, off-site backups.
■ Keep the attendant console and supporting documentation in an office
that is secured with a changeable combination lock. Provide the
combination only to those individuals having a real need to enter the
office.