Norstar voice mail getting hacked into

[ksutec]

Our company's voice mail is being hacked into. We have an older 4 channel NAM unit installed in conjunction with an expanded 8X24. The caller is getting into the system when the auto attendant is set to answer calls at night, and is using our lines to go back out and dial Pakistan. There is no pool access for the stations applied to the voice mail unit, and today I turned off the outdialing feature on all mailboxes. DISA is disabled in the KSU. Any ideas on how they are doing this? How do I prevent this? Is this a common occurance with older voice mail systems or is it a potential problem with call pilots as well?

Any advice is appreciated. Thanks!

Rob R.

 

[bkrike]

It is a potential for all voice mail systems.
Change all mailbox passwords to something that is not easy to guess.
Have your vendor set up a shorter password expiry time period.
Delete unused mailboxes.


Vendors with experience in such matters are familiar with how your system is being hacked, but it is not something that should be discussed in a public forum, as it will just give more people ideas on the vulnerabilities of the system.

To secure your system you need to call a qualified Nortel vendor. Make sure they have experience with this particular problem.

 

[bkrike]

When I say change all your mailbox passwords to more complicated ones, that includes the sys-admin and the general delivery.

 

[bdalida]

You could build a filter also for the DN's on your voicemail ports. Restrict everything. Just another precaution.

 

[TRONIC1]

You could also hook up a printer and run a call log report to find out exactly how this is being done and with the help of your telco, possibly who is doing this. Wouldn't it be nice to catch the scum that pull this crap.

 

[senk1s]

we suggested this to one of our cleints ....and it is working out so far

Get the CO to force account codes on LD and international.
so to complete a call another 3/4 digit number is required.
So the callers need to 'guess' this as well to make the call

 

[hawks]

All the above are good suggestions I would add one more to the list. If you do not use pick codes (1010) then build a filter restricting 1010 and assign it to the lines.

 

[ksutec]

Thanks, guys. I changed all passwords (including gen delivery and sys coord), printed out reports from the system to try and find anything unusual, built restriction filters for 1010 and 0 and applied it to all lines, deleted all mailboxes that weren't used on the system (from employees that have left), Made sure there was no line access to the voicemail ports and restricted them. The only thing left is to force account codes on the lines, which is would work for sure, but it just causes a bit of inconvenience. He was in the system again the other day, so I think we may have to look a newer system. Thanks for all the advice!

 

[bkrike]

You don’t need a new system.
Per my first post: YOU NEED A QUALIFIED VENDOR TO SECURE YOUR SYSTEM.
Apparently you still don’t know how they are getting in, so this only strengthens my point.

 

[galfaro]

Yes, ABSOLUTELY.
If you are getting hacked into your system, dont blame the system. It is doing it's job.
You must seek a qualified vendor as bkrike suggested.
Your problem is not going to go away until you have a pro fix it for you.
Think about it.
Gabriel