I have a customer wants to enable message notification, but is concerned that by allowing unity to globally dial out in the restriction tables, it will open the sytem up for toll fraud, ie an outside person could call into the system, get a dial tone, and then dial back out. Is that even possible with Unity? Is there any way to tighten outcalling?
You've just stumbled onto the Big Unity Issue Of For the Week Of September 9th-13th. There should be a field notice coming out shortly about preventing individuals of questional moral fiber from using Unity for toll fraud. There's two ways to do this:
1. Safely remove the eadministrator and esubscriber from the system (as their default settings are now quite widely known and easily exploitable).
2. Configure Unity to prevent certain calls via the restriction tables.
The first one will be detailed in a document I wrote that will very, very shortly be posted to this link:
The second one falls under CSCdy54570 (ask your friendly neighborhood TAC engineer about it). Essentially the call routing rules only block 9011 (international) calls, but let everything else go through. This includes calls to the international operator. You'll want to add restriction patterns to the restriction tables that block as much as you feel necessary. Usually customers will want to block 900 (dialing out to the international operator) and 91?????????? (dialing out long distance).
Now, as for your concern, there's no reason you should be worried about MWI making long distance calls because that is very easily controlled by the administrator. Just set the MWI devices for the mailboxes to X and you're set. All other notifications that can be configured by a user in Active Assistant (under the Message Notification page in SAWeb) are a slight cause for concern.
What the real concern is, however, is call forwarding. With Call Manager I can only CFwdAll as far as my calling search space. With Unity, the same applies to him. Many customers, unfortunately, allow Unity to call anything it wants to (by not paying too much attention to the calling search space on the voice mail ports). So I can log into my subscriber account on Unity and configure any calls coming to me to go to where ever I want them to go, including places my CCM phone won't call. Another tricky thing is someone can simply dial into Unity, log in as the example administrator (using the default id and password) and do the same. Now every call that comes to me through Unity will be transferred to whatever number I want it to go. This makes it easy for me to find some unwitting local business using Unity to have them place long distance and international calls through them.
So my point is to lock down those restriction tables on Unity and use that forth coming document to remove the eadministrator and esubscriber. You can also lock down the voice mail ports' calling search space on Call Manager, but this won't do any good for our PBX-integrated brethren. This will help prevent your business from being exploited.
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: firstname.lastname@example.org Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...