Preventing Call Forward and Voice-Mail Toll Fraud Using Calling Search Spaces

Call Forward All (CFA) is a feature in Cisco CallManager that allows an internal number (for example, an employee office number) to be forwarded to an external number (for example, an international number, mobile number, or premium number). For example, an employee can call the office number, which is then forwarded to the number specified in the forwarding field. This number can be an international or premium number. The user can configure the setting using the web interface, so the forwarding configuration can be set up and removed very easily from home or elsewhere. CFA exploits can be avoided by applying a calling search space to the CFA feature. As shown in Figure 22-2, the administrator has applied a calling search space named IntLocCSS (which allows only internal and local PSTN calls) to the CFA field.

Figure 22-2. Restricting Call Forward All

Note

The only call forwarding ability available to the user (from either the CCMUser pages or the IP phone) is Call Forward All. By applying the calling search space to only this field, you have effectively restricted user forwarding.

Voice-mail systems, which can transfer a call to an extension, can be misused in a similar way if they are configured to allow transfer of calls when the called party is not available. If such transfers are not limited, a caller could connect to the voice-mail system by a local call and then transfer to the public telephony network (for example, a long-distance number). Voice-mail forwarding exploits can be avoided by applying a calling search space to the voice-mail port in the Cisco CallManager configuration. As shown in Figure 22-3, the administrator has applied the same IntLocCSS calling search space to the voice-mail port.

Figure 22-3. Restricting Voice-Mail Forwarding