I have a new customer with a hacking issue. I do have some experience on the Nortel systems , but I am more experienced with Panasonic. Its seems someone is calling in and calling back out using my customers numbers to solicit people. I have gone in to the Callpilot and turned off outbound calling option in class of service (1) & (2) which is what Mbx's are set too. Does anyone have any thoughts ??
Thanks
did it continue after you disabled out bound calling ?
Yes, that is a good first step.
Most of the time it is because people use Mail Box passwords that are easy to crack.
In other words like: 1234 123456 1111 or their ext number twice.
Tell them to make all users change their passwords to a better secure number.
You can also use LINE Restriction that will disable calling overseas. Then also restrict area codes for the Carribean area.
At first I thought the problem had been solved. Customer sent me email the other day, with the message from the person the outbound call went too. I did tell customer that all passwords should be changed, but you know how that goes. I made the class of service change though Callpilot Manager, the mbx's only used COS 1 & 2. that I could see. Maybe I missed one !? As far as overseas, have not had any issues with that. Strangely the calls are local and to a law firm, my customer is a law firm as while. (odd) Calls are not that often, the previous episode was two or three a month. ???
Make sure the CICS does not have DISA programmed
When removing "Outbound Transfer" also remove "Off Premise Notify" for all COS's that do or will not require it in future (including unused COS's)
Make sure General Delivery and System Manager do not have access either way.
Change Password Expiry to 0 so they do not have to keep changing passwords and muck things up.
Enable Trivial Password Checking in System Properties so they will not be allow passwords like 1234
Tell them to use 6,7 or 8 digit passwords.
Look at Reports/MailboxInformation and it will show any mailbox that has been dialing out and show the number....do ASAP as the reports last only a week.
Ask if they have ever seen the calls go out (shows lines in use)
If you do not see any evidence via visual or reports then know that it is possible the marketers are just spoofing their Caller ID.
Make sure there isn't a mailbox set up that shouldn't be there. Something beyond extension number range.
....Unless that mailbox is a "Guest", "Info", Hunt Group", etc mailbox.
I like to make a set filter to deny everything for the voicemail ports and then overrides for the local area codes to that customer .
I had a service call this week that the customer was being hacked
It was on Norstar Flash
They were using General Dilivery MB 100
Using the Message Notication feature
The password was 1234
They put a *72 plus phone number called back in to system
Left message and all calls were forwarded
And because it’s a flash I couldn’t deny the B Chanel’s
From line access
So they only way is to make sure there’s a good password
On all MBs
........
And because it’s a flash I couldn’t deny the B Chanel’s
From line access
So they only way is to make sure there’s a good password
On all MBs
That is why I put restrictions on the LINES not on Users.
I also restrict the STAR and the NUMBER sign (pound sign)
But a good password is where it starts.
All voice mails use both A and B channels...not just the Flash
The B channel shall follow the restrictions of the A channel however best to restrict all A channels (port DN's) on the voice mail.
If it's a 4 channel flash then that is 2 DN's that need restricting.
I personally leave lines last but it all depends on the sites dialing habits
-I program a filter only for voice mail with *, 0, 10....this leaves them the option to use Outdial still with a stern warning to use an 8 digit complex password
-Sets I program 411, 976, 900, 700 plus any other restrictions that are ask of such as *, 0, 1, 10 etc
-As for Lines I ask if they ever make over sea's call's and if no then I also restrict *, 0, 10 as well, and if they say the odd time then I create a COS password to override the restriction.
I am thankful that in over 20 years I have never had a callback after locking down a system after a hack, it's almost worrisome when you leave the site because then the onus is on you but sticking to your same setup on each site as best you can helps.