Preventing Call Forward and Voice-Mail Toll Fraud Using Calling Search Spaces

Call Forward All (CFA) is a feature in Cisco CallManager that allows an internal number (for example, an employee office number) to be forwarded to an external number (for example, an international number, mobile number, or premium number). For example, an employee can call the office number, which is then forwarded to the number specified in the forwarding field. This number can be an international or premium number. The user can configure the setting using the web interface, so the forwarding configuration can be set up and removed very easily from home or elsewhere. CFA exploits can be avoided by applying a calling search space to the CFA feature. As shown in Figure 22-2, the administrator has applied a calling search space named IntLocCSS (which allows only internal and local PSTN calls) to the CFA field.

Figure 22-2. Restricting Call Forward All


The only call forwarding ability available to the user (from either the CCMUser pages or the IP phone) is Call Forward All. By applying the calling search space to only this field, you have effectively restricted user forwarding.

Voice-mail systems, which can transfer a call to an extension, can be misused in a similar way if they are configured to allow transfer of calls when the called party is not available. If such transfers are not limited, a caller could connect to the voice-mail system by a local call and then transfer to the public telephony network (for example, a long-distance number). Voice-mail forwarding exploits can be avoided by applying a calling search space to the voice-mail port in the Cisco CallManager configuration. As shown in Figure 22-3, the administrator has applied the same IntLocCSS calling search space to the voice-mail port.

Figure 22-3. Restricting Voice-Mail Forwarding

Blocking Commonly Exploited Area Codes

Part I: Cisco CallManager Fundamentals

Introduction to Cisco Unified Communications and Cisco Unified CallManager

Cisco Unified CallManager Clustering and Deployment Options

Cisco Unified CallManager Installation and Upgrades

Part II: IPT Devices and Users

Cisco IP Phones and Other User Devices

Configuring Cisco Unified CallManager to Support IP Phones

Cisco IP Telephony Users

Cisco Bulk Administration Tool

Part III: IPT Network Integration and Route Plan

Cisco Catalyst Switches

Configuring Cisco Gateways and Trunks

Cisco Unified CallManager Route Plan Basics

Cisco Unified CallManager Advanced Route Plans

Configuring Hunt Groups and Call Coverage

Implementing Telephony Call Restrictions and Control

Implementing Multiple-Site Deployments

Part IV: VoIP Features

Media Resources

Configuring User Features, Part 1

Configuring User Features, Part 2

Configuring Cisco Unified CallManager Attendant Console

Configuring Cisco IP Manager Assistant

Part V: IPT Security

Securing the Windows Operating System

Securing Cisco Unified CallManager Administration

Preventing Toll Fraud

Hardening the IP Phone

Understanding Cryptographic Fundamentals

Understanding the Public Key Infrastructure

Understanding Cisco IP Telephony Authentication and Encryption Fundamentals

Configuring Cisco IP Telephony Authentication and Encryption

Part VI: IP Video

Introducing IP Video Telephony

Configuring Cisco VT Advantage

Part VII: IPT Management

Introducing Database Tools and Cisco Unified CallManager Serviceability

Monitoring Performance

Configuring Alarms and Traces

Configuring CAR

Using Additional Management and Monitoring Tools

Part VIII: Appendix

Appendix A. Answers to Review Questions


Authorized Self-Study Guide Cisco IP Telephony (CIPT)
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
ISBN: 158705261X
EAN: 2147483647
Year: 2004
Pages: 329 © 2008-2020.
If you may any questions please contact us: