Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Toll Fraud ITAS TIP - 315 NA
Norstar NAM
Toll Fraud ITAS TIP - 315 NA
by
PERRYPJ
Posted
(Edited
)
Blocking Toll Fraud in BCM, Call Pilot, and Norstar Voicemail
Condition
Certain vulnerabilities have been identified which allow malicious toll fraud through the
automated attendants in BCM, Call Pilot 150, and Norstar Voicemail. Nortel is pleased to announce that new patches are now available to effectively block this vulnerability.
Problem recognition and recommended solutions
1. For sites that are not using centralized voicemail or centralized auto attendant for multiple nodes, please ensure the feature ôenable network transfersö is set to ôNoö.
In BCM and Call Pilot 150, this option can be found under ôConfigurationö and
ôSystem Propertiesö within Call Pilot Manager. ôEnable Network Transfersö is ôNoö by default in BCM and Call Pilot 150 and is not seen in Call Pilot 100 because it is
always off by design.
In Norstar Voicemail 4.1, Enable Network Transfers is ôYesö by default and we have a patch that allows you to turn off this option in Feature 915. This patch can be
downloaded on our website under the product ôNorstar: Messaging - Voice Mailö. A link to the website is provided below. It is an executable program that makes a
bootable diskette.
1. Double-click the executable and follow instructions to make the diskette.
2. When the diskette is made, shutdown the NAM and insert the diskette.
3. Power up the NAM and wait for the single beep indicating that the patch is done.
4. Remove the diskette and reboot the NAM.
5. Now the new option will be seen in Feature 915 and will show up under ôAdminö as ôExt Xferö.
6. Feature 915 is the feature code to enter ôAccess Programmingö on Norstar Voice Mail. The password is access2 (2223772) on the keypad of a two-line display set.
On some Norstar Application Modules, the feature code for ôAccess Programmingö may be feature 916, 917, 918 and so on. (There are various reasons that the ôAccess Programmingö feature code changes which will not be
discussed in this document.)
7. Change Ext Xfer to ôNoö on systems that are not being used for centralized auto attendant.
Note: If your Norstar Voicemail is version 4.0 or below, we recommend upgrading to version 4.1 and applying the applicable toll fraud patches.
2. On BCM, Call Pilot 150, and NVM 4.1 sites that are running centralized voicemail,ôEnable Network Transfersö needs to be ôyesö to allow functionality of centralized
auto attendant. The feature ôEnable Network Transfersö is intended to be used for ôPrivateö MCDN (Meridian Customer Defined Networks) only. Using this feature for
any other purpose than to transfer to a route with a ôprivateö DN type can open your system to toll fraud and is not supported.
For these sites, Nortel Networks has developed a patch that will only allow callers in auto attendant to dial destination codes that point to routes with a ôprivateö DN type and blocks callers from dialing destination codes that point to routes with a ôpublicö DN type. This will effectively eliminate any chances for toll fraud.
This patch will be ported into the Call Pilot release 3.0 and BCM release 3.7 streams.
For previous software versions, the patches are available at the Nortel Networks.com/support website under the ôSoftwareö tab of each product category
(Business Communication Manager; Norstar: Messaging û Call Pilot 150; and Norstar: Messaging û Voice Mail).
The required patches are named as follows:
Patches for NVM :
NVM_Toll_Fraud_CAA.exe
NVM_Toll_Fraud_Non-CAA.exe
Patches for CallPilot 150:
CP_2.10.08.00_NAEnglishCanFrench.zip
CP_2.10.08.00_NAEnglishLASpanish.zip
CP_2.10.08.00_NAEnglishCantonese.zip
CP_2.10.08.00_NAEnglishTaiMandarin.zip
CP_2.10.08.00_UKEnglishAusEnglish.zip
Please only use the appropriate CP language patch for your region.
Patches for BCM:
BCM_360.121_CTI.01.2004.exe
www.nortelnetworks.com/support
Other Considerations in reducing Toll Fraud risks
Passwords: It is important to change all passwords on a regular basis. This includes telephony configuration and administration, voicemail, and mailbox passwords. This will prevent unauthorized access to the programming database where someone familiar with Norstar or BCM programming could make changes which would allow them to access your lines to make long distance calls. Below are parameters in programming related to potential toll fraud:
Restrictions provide the flexibility to add dialing restrictions to prevent specific area codes, telephone numbers, and long distance calls to be dialed. These restrictions can be programmed on a per set basis, per line basis, or per line per set basis.
Recommendation: Add toll restrictions to those telephones that should not be allowed to make long distance calls.
DISA (Direct Inward System Access) is a capability of the Norstar and BCM to automatically answer a line and provide dial tone so that the caller can then dial an
internal extension number or access an outside line to make a call. This feature is often used in situations where off-site employees need to make business long distance calls and have the calls billed directly to the company. Auto answer lines answered with DISA and DISA DNs both provide stuttered dial tone which requires a COS
(Class of Service) Password to be entered before any call can be made. Auto DNs give system dial tone and do not require any passwords too make a call.
Recommendation: If using DISA, program it so that it answers with stuttered dial tone which requires a password to make a call out of the system.
COS Passwords are user definable 6-digit passwords that are assigned to employees and allow them to override any restrictions (see above) which are assigned to their
telephone or lines, and to get access to tandem calling when DISA with stuttered dial tone (see above) is implemented. There are a total of 100 COS passwords that can be assigned.
Recommendation: Ensure passwords are more complex numbers than 111111, 123456, etc. to ensure integrity of the system.
In addition to system programming capabilities, it is possible for a telephone to be call forwarded to an external line destination code. For example, if lines are pooled and assigned a destination code (for example, 9), a telephone could be call forwarded to ô9ö and then from off site, a call could be made to that telephone and the caller
would hear external dial tone and be able to make a long distance call.
Recommendation: Ensure ôAllow Redirectö is set to ôNoö in set programming on telephones that should not have external call forward capability.
Recommendation: Program restrictions to lines and provide users COS Passwords that will allow them to make toll calls when in the office. COS passwords cannot be
used off site when calling call forwarded telephones.
Recommendation: Program a line pool button on the telephones rather than giving out the destination code. When a line pool button is pressed, the system will
automatically grab a free instead of the access code being manually dialed.
Voice Messaging
External Transfer from CCR: CCR (Custom Call Routing) is a feature of the voicemail which when enabled follows the automated attendant greeting and allows callers to transfer to an internal or external telephone number. The potential for toll fraud with this feature is that a hacker could get into the system and set up a CCR
transfer point to access an external line and allow them to dial a number.
Recommendation: Ensure that the administration password for your voicemail system is changed to a password that is not easily broken by hackers (example: donÆt
use 1111). Making the password less intuitive will increase the difficulty of unauthorized persons getting access.
External Transfer from a Mailbox is a feature that allows users to set up an external number so that when a caller is transferred to their mailbox, they can press
ô7ö and be transferred to an external number. If a hacker is able to get access to a mailbox, it could be set up to access an external line with no number, allowing the
hacker to dial anywhere.
Recommendation: Mailboxes are password protected and the passwords can be 4 to 8 digits in length. Mailbox user administration can be accessed off site. Choose a
password that is not easily broken by hackers (example: 1111). Making the password less intuitive will increase the difficulty of unauthorized persons getting access.
Additional Measures
In addition, there are other options available to assist in reducing toll fraud infractions. Within the telephony configuration programming, there is a feature called
Restriction Service. Restriction Service can be set up so that toll restrictions to lines and telephone sets will automatically come on after business hours. This will prevent unauthorized personnel that have access to the business after hours and on weekends from using the telephones to make long distance calls. For example, if business hours are 8:00 a.m. until 6:00 p.m. Monday through Friday, the system can be programmed to automatically implement toll restriction on all telephones (or only selected telephones) from 6:00 p.m. to 8:00 a.m. Monday through Friday and from 6:00 p.m. Friday to 8:00 am Monday. Any employees who work during these off hours can still make a long distance call by entering their COS password as discussed earlier in this document.
If there is suspicion of toll fraud activities, CDR (Call Detail Recording) can be used
on the BCM, or an SMDR (Station Message Detail Recording) unit can be used on a
Norstar to record all outgoing calls made from the system.
Condition
Certain vulnerabilities have been identified which allow malicious toll fraud through the
automated attendants in BCM, Call Pilot 150, and Norstar Voicemail. Nortel is pleased to announce that new patches are now available to effectively block this vulnerability.
Problem recognition and recommended solutions
1. For sites that are not using centralized voicemail or centralized auto attendant for multiple nodes, please ensure the feature ôenable network transfersö is set to ôNoö.
In BCM and Call Pilot 150, this option can be found under ôConfigurationö and
ôSystem Propertiesö within Call Pilot Manager. ôEnable Network Transfersö is ôNoö by default in BCM and Call Pilot 150 and is not seen in Call Pilot 100 because it is
always off by design.
In Norstar Voicemail 4.1, Enable Network Transfers is ôYesö by default and we have a patch that allows you to turn off this option in Feature 915. This patch can be
downloaded on our website under the product ôNorstar: Messaging - Voice Mailö. A link to the website is provided below. It is an executable program that makes a
bootable diskette.
1. Double-click the executable and follow instructions to make the diskette.
2. When the diskette is made, shutdown the NAM and insert the diskette.
3. Power up the NAM and wait for the single beep indicating that the patch is done.
4. Remove the diskette and reboot the NAM.
5. Now the new option will be seen in Feature 915 and will show up under ôAdminö as ôExt Xferö.
6. Feature 915 is the feature code to enter ôAccess Programmingö on Norstar Voice Mail. The password is access2 (2223772) on the keypad of a two-line display set.
On some Norstar Application Modules, the feature code for ôAccess Programmingö may be feature 916, 917, 918 and so on. (There are various reasons that the ôAccess Programmingö feature code changes which will not be
discussed in this document.)
7. Change Ext Xfer to ôNoö on systems that are not being used for centralized auto attendant.
Note: If your Norstar Voicemail is version 4.0 or below, we recommend upgrading to version 4.1 and applying the applicable toll fraud patches.
2. On BCM, Call Pilot 150, and NVM 4.1 sites that are running centralized voicemail,ôEnable Network Transfersö needs to be ôyesö to allow functionality of centralized
auto attendant. The feature ôEnable Network Transfersö is intended to be used for ôPrivateö MCDN (Meridian Customer Defined Networks) only. Using this feature for
any other purpose than to transfer to a route with a ôprivateö DN type can open your system to toll fraud and is not supported.
For these sites, Nortel Networks has developed a patch that will only allow callers in auto attendant to dial destination codes that point to routes with a ôprivateö DN type and blocks callers from dialing destination codes that point to routes with a ôpublicö DN type. This will effectively eliminate any chances for toll fraud.
This patch will be ported into the Call Pilot release 3.0 and BCM release 3.7 streams.
For previous software versions, the patches are available at the Nortel Networks.com/support website under the ôSoftwareö tab of each product category
(Business Communication Manager; Norstar: Messaging û Call Pilot 150; and Norstar: Messaging û Voice Mail).
The required patches are named as follows:
Patches for NVM :
NVM_Toll_Fraud_CAA.exe
NVM_Toll_Fraud_Non-CAA.exe
Patches for CallPilot 150:
CP_2.10.08.00_NAEnglishCanFrench.zip
CP_2.10.08.00_NAEnglishLASpanish.zip
CP_2.10.08.00_NAEnglishCantonese.zip
CP_2.10.08.00_NAEnglishTaiMandarin.zip
CP_2.10.08.00_UKEnglishAusEnglish.zip
Please only use the appropriate CP language patch for your region.
Patches for BCM:
BCM_360.121_CTI.01.2004.exe
www.nortelnetworks.com/support
Other Considerations in reducing Toll Fraud risks
Passwords: It is important to change all passwords on a regular basis. This includes telephony configuration and administration, voicemail, and mailbox passwords. This will prevent unauthorized access to the programming database where someone familiar with Norstar or BCM programming could make changes which would allow them to access your lines to make long distance calls. Below are parameters in programming related to potential toll fraud:
Restrictions provide the flexibility to add dialing restrictions to prevent specific area codes, telephone numbers, and long distance calls to be dialed. These restrictions can be programmed on a per set basis, per line basis, or per line per set basis.
Recommendation: Add toll restrictions to those telephones that should not be allowed to make long distance calls.
DISA (Direct Inward System Access) is a capability of the Norstar and BCM to automatically answer a line and provide dial tone so that the caller can then dial an
internal extension number or access an outside line to make a call. This feature is often used in situations where off-site employees need to make business long distance calls and have the calls billed directly to the company. Auto answer lines answered with DISA and DISA DNs both provide stuttered dial tone which requires a COS
(Class of Service) Password to be entered before any call can be made. Auto DNs give system dial tone and do not require any passwords too make a call.
Recommendation: If using DISA, program it so that it answers with stuttered dial tone which requires a password to make a call out of the system.
COS Passwords are user definable 6-digit passwords that are assigned to employees and allow them to override any restrictions (see above) which are assigned to their
telephone or lines, and to get access to tandem calling when DISA with stuttered dial tone (see above) is implemented. There are a total of 100 COS passwords that can be assigned.
Recommendation: Ensure passwords are more complex numbers than 111111, 123456, etc. to ensure integrity of the system.
In addition to system programming capabilities, it is possible for a telephone to be call forwarded to an external line destination code. For example, if lines are pooled and assigned a destination code (for example, 9), a telephone could be call forwarded to ô9ö and then from off site, a call could be made to that telephone and the caller
would hear external dial tone and be able to make a long distance call.
Recommendation: Ensure ôAllow Redirectö is set to ôNoö in set programming on telephones that should not have external call forward capability.
Recommendation: Program restrictions to lines and provide users COS Passwords that will allow them to make toll calls when in the office. COS passwords cannot be
used off site when calling call forwarded telephones.
Recommendation: Program a line pool button on the telephones rather than giving out the destination code. When a line pool button is pressed, the system will
automatically grab a free instead of the access code being manually dialed.
Voice Messaging
External Transfer from CCR: CCR (Custom Call Routing) is a feature of the voicemail which when enabled follows the automated attendant greeting and allows callers to transfer to an internal or external telephone number. The potential for toll fraud with this feature is that a hacker could get into the system and set up a CCR
transfer point to access an external line and allow them to dial a number.
Recommendation: Ensure that the administration password for your voicemail system is changed to a password that is not easily broken by hackers (example: donÆt
use 1111). Making the password less intuitive will increase the difficulty of unauthorized persons getting access.
External Transfer from a Mailbox is a feature that allows users to set up an external number so that when a caller is transferred to their mailbox, they can press
ô7ö and be transferred to an external number. If a hacker is able to get access to a mailbox, it could be set up to access an external line with no number, allowing the
hacker to dial anywhere.
Recommendation: Mailboxes are password protected and the passwords can be 4 to 8 digits in length. Mailbox user administration can be accessed off site. Choose a
password that is not easily broken by hackers (example: 1111). Making the password less intuitive will increase the difficulty of unauthorized persons getting access.
Additional Measures
In addition, there are other options available to assist in reducing toll fraud infractions. Within the telephony configuration programming, there is a feature called
Restriction Service. Restriction Service can be set up so that toll restrictions to lines and telephone sets will automatically come on after business hours. This will prevent unauthorized personnel that have access to the business after hours and on weekends from using the telephones to make long distance calls. For example, if business hours are 8:00 a.m. until 6:00 p.m. Monday through Friday, the system can be programmed to automatically implement toll restriction on all telephones (or only selected telephones) from 6:00 p.m. to 8:00 a.m. Monday through Friday and from 6:00 p.m. Friday to 8:00 am Monday. Any employees who work during these off hours can still make a long distance call by entering their COS password as discussed earlier in this document.
If there is suspicion of toll fraud activities, CDR (Call Detail Recording) can be used
on the BCM, or an SMDR (Station Message Detail Recording) unit can be used on a
Norstar to record all outgoing calls made from the system.
Please Note: 1 is Bad, 10 is Good :-)
Part and Inventory Search
-
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.