Protection From Outside Abuse

Existing Mailboxes

The first level of security is protection of the mailboxes by passcodes. By default, the server requires passcodes on all mailboxes. You can turn this feature off using feature bit 218 for direct calls, but you should do so with caution. Mailbox owner passcodes can be up to 10 digits in length, and users can change their passcodes at any time (feature bit 073).

The server administrator typically sets a temporary passcode for new mailboxes, but the user is forced to enter a permanent passcode during the interactive tutorial. Using FCOS settings, you can prevent users from setting a passcode that is the same as the mailbox number (feature bit 130), or from using trivial passcodes, such as 1234 or 8888 (feature bit 201).

If a caller enters the wrong passcode when trying to get into a mailbox, the server requires the caller to enter the correct passcode twice, or the server hangs up. Callers are not told whether the mailbox number or the passcode was incorrect; hackers do not know if they have even half of a valid combination. (You can use feature bit 081 to set the server to only require a single correct passcode after an incorrect attempt, but this reduces the effectiveness of the security feature.)

The server tracks bad passcode attempts for each mailbox and compares the number to the parameters set for the line group. If the bad passcode attempts for a mailbox exceeds the number allowed in the passcode trip period, the server plays a bad passcode warning at the next login so that the mailbox owner knows that someone may have tried to gain unauthorized entry.

Feature bit 132 allows you to enable a bad passcode lockout, in which a mailbox is locked when the threshold of bad passcode attempts is reached. Only the server administrator can unlock the mailbox, set a new temporary passcode, reset the tutorial, and require re-initialization from the integrated telephone number (feature bit 142).

New Mailboxes

When you create a new mailbox, you can designate a temporary passcode for that mailbox, either by making up a passcode, or using the server’s random passcode generation program.

If you have created mailboxes but have not yet assigned them to users, you can use an FCOS to deny login (feature bit 001).

To ensure that a new mailbox, once assigned, is not used until the owner accesses it, you can require initialization from the integrated telephone number (feature bit 142). You can also set the FCOS to prevent messages from being received until the mailbox has been initialized (feature bit 127).

Line Groups

By dividing the total number of ports in your server into line groups, you can increase the security for specific applications. You can configure each application to be on a different line group, and enable an appropriate level of security for each application.

Separating the applications by line group can help prevent certain types of abuse, such as connecting from one application to another. Incoming and outgoing calls occur on separate line groups in a server. This keeps hackers from reaching the server and then dialing out through the NP Receptionist or another application.

You can restrict access to certain line groups, like a toll-free dial-in line group, by setting the FCOS to require callers to enter an access code before hearing the regular line group greeting (feature bit 160). If a caller exits one mailbox, the server requires reentry of the access code before allowing further progress through the server. You can also use FCOS to completely deny login on specific line groups (feature bits 101-109), or ensure that mailboxes cannot receive messages when the call is received on a specific line group (feature bits 111-119).

Telephone Answering

Outside callers can abuse access to a server during a telephone answering call by trying to break into the dialed mailbox or access other features. By correctly setting the line groups and FCOS in your server, you can control the feature set available during an answering session.

You can force the termination of telephone answering sessions after callers leave a single message by setting the line group to not allow multiple messages for outside callers. For Greeting-Only mailboxes, you can have the server hang up immediately after playing the greeting (feature bit 062), call the mailbox attendant after the greeting (bit 063), or call the mailbox user after the greeting (bit 064).

By customizing an FCOS to contain feature bit 004 (Outside caller functions) but not feature bit 005 (Play outside caller menu prompts), you can allow knowledgeable users to access server functions, while not letting other callers know that the functions are available.

Feature bit 137 (Caller must enter access code) can restrict outside callers from leaving messages in high security mailboxes. You set the access codes when configuring each individual mailbox.

You can further ensure the privacy of mailbox users by not putting them in the Dial-by-Name database (feature bit 092), or by not allowing the mailbox name or extension number to be played (bit 202). This latter feature can be especially important in hotel or dormitory situations.

Audiotext (Tree Mailboxes)

You can protect audiotext applications by requiring callers to enter an access code (feature bit 137) before hearing the information. Because you can design audiotext applications as a series of mailboxes, each with individual information, you can set a unique access code for each piece of information to ensure corporate security.

You can configure audiotext applications to hang up after playing the greeting (feature bit 062), or transfer to the mailbox attendant (bit 063) or mailbox extension (bit 064). You can also deny login from within the tree (bit 152).