How was the phone system hacked?
Usually voice mail is the culprit from an outside hacker by using Outbound Transfer or Off Premise Notify features.
-Outbound Transfer - When a user allows callers to press 7 from their mailbox to reach their mobile, the hacker will change this number
-Off Premise Notification - a Hacker will program *72 plus a number, this will forward the phone line and they have also programmed another mailbox to cancel it in the morning using *73
-DISA (Auto Answer) if enabled on one of the lines it can allow a remote user via password to dial into the system to make Long Distance calls
-Forwarded Sets - An unruly employee paid to forward a set after hours then turns it off in the morning
These are guides lines only
Every site is setup different or has different software so you will need to do what suits the client.
Some of the tips below will block features for some users such as "Off Premise Notification" and "Outbound Transfer" from the voice mail systems....in this case rely on just programming a Restriction Filter and applying it to the voice mail DN's.
Below will also show ways to block voice mail from any access to the lines, while this is overkill it does not hurt to do so.
-Have Installer change Configuration and Administration passwords - in case of unruly employee tampering.
-Disable DISA and/or change COS password to something more secure - DISA is used for remote users to access the phone system.
-Setup restriction filters and have them applied to voice mail ports/DN's - This is the most important thing you should do.
-Setup restriction filters and have them applied to lines and/or setup COS passwords to bypass restrictions.
-Disable Allow Redirect option for all sets - This prevents a user from redirecting one line to another or Call Forwarding the phone to an external number.
Restriction example- Restrict 0 for overseas, * (or *72), 10 for those 10XX type services.
-Note that if your BCM allows users access to Mailbox Manager then you are at risk of being hacked.
-The login via the browser does not have a maximum attempts setting so it can be hacked easily from the outside world by an automated script
-The hacker will then change your Outbound Transfer number
-Port 80 and 443 are web browser ports that should be blocked in your router, VPN is a more secure choice from outside your network.
-More importantly via Callpilot Manager denying the mailbox or Class of Service access to any Pools or Outbound Transfer as well restrictions on the sets or lines will stop Toll Fraud
-Norstar Application Module (NAM) run the Toll Fraud Patches, see this link http://www.tek-tips.com/faqs.cfm?fid=7280 - Note that you can post in forum asking for a link for patch.
-Callpilot 100/150 upgrade software to 3.1
-BCM's with Callpilot make sure you are upgraded to the latest BCM patches.
-Delete all unused mailboxes
-Have ALL users change mailbox passwords to 6 or 8 digit non-trivial passwords, including General Delivery and System manager mailboxes.
-Disable Outbound Transfer and Off premise Notification in admin programming of Class Of Service(COS).
-Remove any valid entries under Outdial in admin programming of mailboxes
-Disable the "disable External Initialization" feature in COS
-Change maximum number of password attempts under COS
-Set "Return to AA to No" to prevent ** access (remote access to mailbox), note that this will effect what happens to callers after listening to an info mailbox.
-Have the carrier restrict oversea calls if you do not ever call overseas and/or have them setup passwords.
They maybe also be able to restrict certain digits (filter).
Suggested restrictions (use all or some depending on environment) based on North America:
* - Will prevent any attempt to override restrictions and prevent the use of Call Forward (*72)
0 - Will prevent Overseas calls
10 - Will prevent 10XX numbers
Other Restrictions you might be intrested in:
1 - Will prevent local long distance (Exceptions to add are toll free numbers 1800,1888,1887,1866,1855,1844)
411 - Will prevent charges for using the service local Directory Assistance
1555 - Will prevent charges for using the service abroad Directory Assistance
700, 900, 976 (1700, 1900, 1976) Will prevent charges for using the Premium Rate Services
For those whom need Off Premise Notify or Outbound Transfer it is recommended these user are in their own Class Of Service and that they use 8 digit complex passwords with a short Password Attempts setting before it locks the mailbox.
You would need to setup an SMDR to see what ext. made the call or run reports from voice mail system....see your vendor for more details.