- Contents (DO NOT PUBLISH)
- Preface
- IP Communications Required by Cisco Unity Connection 10.x
- Preventing Toll Fraud in Cisco Unity Connection 10.x
- Securing the Connection Between Cisco Unity Connection 10.x, Cisco Unified Communications Manager, and IP Phones
- Securing Administration and Services Accounts in Cisco Unity Connection 10.x
- FIPS Compliance in Cisco Unity Connection 10.x
- Passwords, PINs, and Authentication Rule Management in Cisco Unity Connection 10.x
- Single Sign-on in Cisco Unity Connection
- The Cisco Unity Connection 10.x Security Password
- Using SSL to Secure Client/Server Connections in Cisco Unity Connection 10.x
- Securing User Messages in Cisco Unity Connection 10.x
- Cisco Unity Connection - Restricted and Unrestricted Version (Applicable for 10.5(2) SU6 and later)
- Index
Preventing Toll Fraud in Cisco Unity Connection
In this chapter, you will find a description of toll fraud—a potential security issue in any organization. You will also find information that may help you to develop preventive measures, and best practices to avoid toll fraud.
Using Restriction Tables to Help Prevent Toll Fraud
Toll fraud is defined as any toll (long distance) call that is made at the expense of your organization and in violation of its policies. Cisco Unity Connection provides restriction tables that you can use to help guard against toll fraud. Restriction tables control the phone numbers that can be used for transferring calls, for message notification, and for other Unity Connection functions. Each class of service has several restriction tables associated with it, and you can add more as needed. By default, restriction tables are configured for basic toll fraud restrictions for a dial plan with a trunk access code of 9. Restriction tables should be adjusted for your specific dial plan and international dialing prefixes.
To prevent toll fraud by users, administrators, and even outside callers who have improperly gained access to a Cisco Unity Connection mailbox, implement the following changes:
- Set up all restriction tables to block calls to the international operator. When this is done, a person cannot dial out to or configure call transfers from an extension to the international operator (for example, a trunk access code of 9 followed by 00 to dial the international operator) for placing international calls.
- If Unity Connection is integrated with two phone systems, add restriction table patterns to match applicable trunk access codes for both phone system integrations. For example, if the trunk access code for one of the phone system integrations is 99 and you want to restrict the call pattern 900, you would also restrict the pattern 99900. When patterns that include the trunk access codes are restricted, attempts to bypass the restriction table by first accessing either trunk and then dialing the international operator will be blocked.
- For those in your organization who do not need to access international numbers to do their work, set up restriction tables to block all calls to international numbers. This prevents a person who has access to a Unity Connection mailbox that is associated with the restriction table from configuring call transfers or fax delivery from that extension to an international number.
- Set up restriction tables to permit calls only to specific domestic long distance area codes or to prohibit calls to long distance area codes. This prevents a person who has access to a Unity Connection mailbox that is associated with the restriction table from configuring call transfers or fax delivery from that extension to a long distance number.
- Restrict the numbers that can be used for system transfers—a feature that allows callers to dial a number and then transfer to another number that they specify. For example, set up the applicable restriction tables to allow callers to transfer to a lobby or conference room phone, but not to the international operator or to a long distance phone number.
Restricting Collect Calling Options
We recommend that you work with your telecommunications provider to restrict the collect calling option on your incoming phone lines, if appropriate.