Category

Check List

Description

Preventing Theft of the Administrator Right

Isolating Private and Public Networks

To ensure security, the device is required to be deployed on the private network. If the device is deployed on the public network, risks (such as network attacks, unauthorized registration, and account theft) may occur. If the device must be deployed on the public network, take network isolation approaches, for example, disabling SSH service port 22 and Telnet management port 23 on the SBC and firewall to prevent communication through these ports.

Configuring IP Address Whitelists

If users on the public network need to access the device, configure the whitelist. Users with the whitelisted IP addresses can perform administrator operations on the device through the public network.

Preventing Calls from Being Transferred Through a Trunk and the VU

Configuring Call Attributes for Prefixes

1.Confirm all dialing modes that will be considered as international toll calls with the carrier.

2.Configure international toll prefixes required by services as idd prefixes.

3.If there are international toll prefixes that are not required by services, ask the carrier to restrict the outgoing call rights of these prefixes. If the carrier cannot restrict the outgoing call rights of these prefixes, configure rights that no intra-office user has for these prefixes.

4.On the gateway, configure prefix 9 as a local prefix, 9 + nest dialing prefix + 0 as a national toll prefix, and 9 + nest dialing prefix + 00 as an international toll prefix.

5.If users do not have the requirement for dialing 9 + 17909 to make outgoing calls, set the maximum length of the local outgoing call prefix to 12 digits (9 + 11-digit mobile number), and set the maximum length of the national toll outgoing call prefix to 13 digits (9 + area code + fixed-line number).

Configuring Outgoing Call Rights for Trunks

1.By default, a trunk has the local call rights. If you want to forbid the outgoing call rights for trunk tandem calls through a trunk, you are advised to configure only the inter call right for the trunk so that an outer-office user who makes an incoming call through the trunk cannot make a call to another outer-office user.

2.Modify the trunk rights based on the customer requirements.

3.If the IDD right of the trunk is enabled, toll fraud of a third party through the X1900 series unified gateway may occur. Therefore, exercise caution when performing this operation.

Configuring a Number Length Limit for the Automatic Switchboard

When the automatic switchboard is configured, set the length of the extension number that meets user requirements. For example, if the maximum length of an intra-office extension number is 6 digits, set the extension number length to 6.

Configuring VU Outgoing Call Rights

1.Outgoing call rights for a trunk include inter, local, ddd, idd, and 32-level customized call rights. By default, a trunk has the local call rights.

2.Do not enable the rights that are higher than users' actual requirements. For example, if a user requires that the outgoing call right through the VU is local, do not enable ddd (national toll call), idd (international toll call), or other unnecessary rights.

Preventing Registration or Login of Unauthorized Users

Configuring User Password Authentication

It is recommended that password authentication, IP and password authentication or IP Pool be configured when users are added.

Changing the Self-Help Service Password

Unauthorized users may use this password to log in to the unified gateway to modify conference management and service registration data, for example, configure the unified gateway to forward all calls to a destination toll call number.

Defense Against Brute Force Registration

After the user registration number fails authentication, the unified gateway records the failure time. When the user registers with the unified gateway again, the unified gateway determines the difference between the current system time and last failure time. If the difference is larger than the protection time, the registration process is used. Otherwise, the system displays a message indicating registration failure. The protection time can be configured by modifying the SIP parameter control point.

Preventing Unauthorized Call Forwarding

Configuring Call Rights

Configure outgoing call rights based on the user requirements to avoid that any user can make international toll calls.

Configuring the Call Forwarding Services

Configure call forwarding rights based on the user requirements to prevent toll fraud by forwarding calls to international toll numbers.

Outgoing Call Restriction and Maximum Number of Concurrent Toll Calls

Outgoing Call Restriction and International Toll Call Frequency for a User

You can set the maximum duration of a local call, national toll call, or international toll call based on users' service habits.

Limiting the Maximum Number of Concurrent International Toll Calls for the System

Change the maximum number of concurrent international toll calls based on the customers' service requirements.

Configuring the Maximum Number Length for a Prefix

Configuring Different Number Lengths Based on the Prefix Type

To prevent unauthorized users from making toll fraud calls by adding number prefixes, you are advised to configure different number lengths based on the prefix type.

Deploying the CDR Server

Deploying the CDR Server

You can query call fraud information on the CDR server when a fraud occurs.