Cisco Unity Security Guide (With Microsoft Exchange), Release 4.x
Preventing Toll Fraud

Table Of Contents

Preventing Toll Fraud

Using Restriction Tables to Help Prevent Toll Fraud


Preventing Toll Fraud


In this chapter, you will find a description of toll fraud—a potential security issue in any organization. You will also find information that may help you to develop preventive measures, and best practices to avoid toll fraud.

Using Restriction Tables to Help Prevent Toll Fraud

Toll fraud is defined as any toll (long distance) call that is made at the expense of your organization and in violation of its policies. Cisco Unity provides restriction tables that you can use to help guard against toll fraud. Restriction tables control the phone numbers that can be used for transferring calls, for message notification, and for other Cisco Unity functions. Each class of service has several restriction tables associated with it, and you can add more as needed. By default, restriction tables prevent access to long distance phone numbers, but you can configure them to restrict additional numbers typically associated with toll fraud, such as international numbers.

Best Practices

To prevent toll fraud by subscribers, administrators, and even outside callers who have improperly gained access to a Cisco Unity mailbox, implement the following changes:

Set up all restriction tables to block calls to the international operator (900). When this is done, a person cannot dial out to or configure call transfers from an extension to the international operator (900) for placing international calls.

If Cisco Unity is integrated with two phone systems, add restriction table patterns to match applicable trunk access codes for both phone system integrations. For example, if the trunk access code for one of the phone system integrations is 99 and you want to restrict the call pattern 900, you would also restrict the pattern 99900. When patterns that include the trunk access codes are restricted, attempts to bypass the restriction table by first accessing either trunk and then dialing the international operator will be blocked.

For those in your organization who do not need to access international numbers to do their work, set up restriction tables to block all calls to international numbers. This prevents a person who has access to a Cisco Unity mailbox that is associated with the restriction table from configuring call transfers or fax delivery from that extension to an international number.

Set up restriction tables to permit calls only to specific domestic long distance area codes or to prohibit calls to long distance area codes. This prevents a person who has access to a Cisco Unity mailbox that is associated with the restriction table from configuring call transfers or fax delivery from that extension to a long distance number.

Restrict the numbers that can be used for AMIS message delivery only to those numbers required for your system configuration.

Restrict the numbers that can be used for system transfers—a feature that allows callers to dial a number and then transfer to another number that they specify. For example, set up the applicable restriction tables to allow callers to transfer to a lobby or conference room phone, but not to the international operator or to a long distance phone number.

Set up the restriction tables that are associated with the class of service for the Example Administrator account to permit only a very limited set of phone numbers. Consider setting up the restriction tables to block calls to international numbers, and to permit calls only to specific domestic long distance area codes or to prohibit calls to long distance area codes.

To learn more about how restriction tables work and how to set them up, refer to the Cisco Unity System Administration Guide. The guide is available at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_maintenance_guides_list.html.