Valued Contributor
Re: Prevent IPM Malicious Call outbound calling



This issue has been documented in the HP Knowledgebase, although the document is written with a traditional VCX IP Telephony and IP Messaging setup in mind, not IP Messaging with NBX.


I suggest the following:


-Change the password for the AA mailboxes to something long and hard to guess, as the Virtual Calling Card settings on those mailboxes are used to transfer calls and are vulnerable. Do the same for anyone using FMFM. Remind users to change their mailbox passwords on a regular basis and to always use complex mailbox passwords.

-Disable FMFM for anyone that doesn't explicitly need that feature, as that is how most malicious outbound calling is done. -Limit the amount of minutes in the Virtual Calling Card on mailboxes using FMFM to the absolute minimum required.