8-18
Installation Guide for Cisco Unity Release 5.x with IBM Lotus Domino (Without Failover)
OL-13599-01
Chapter 8 Installing and Configuring Cisco Unity Software
Securing the Example Administrator Account Against Toll Fraud
Step 11 Click Close to close the Trusted Sites dialog box.
Step 12 On the Security tab, click Custom Level.
Step 13 In the Security Settings dialog box, change the value of the Reset To list to Low.
Step 14 Click Reset, and click Yes to confirm that you want to change the security settings for this zone.
Step 15 Click OK to close the Security Settings dialog box.
If the Security Settings dialog box does not close:
a. Close the dialog box by clicking the X in the upper-right corner.
b. In the “not responding” message box, click End Now. (The “not responding” message box may take
a few seconds to appear.)
Step 16 Restart the Cisco Unity Administrator.
Securing the Example Administrator Account Against Toll Fraud
It is possible for a malicious user to dial into Cisco Unity, log on as the Example Administrator by using
the default extension and password, and configure Cisco
Unity to forward calls to phone numbers for
which there are charges or to reconfigure greetings so an operator believes the messaging system is
personally accepting collect-call charges. To help secure Cisco
Unity against toll fraud, we strongly
recommend that you change the phone password for the Example Administrator account after
Cisco
Unity is installed.
To Change the Password on the Example Administrator Account
Step 1 In the Cisco Unity Administrator, go to any Subscribers > Subscribers page.
Step 2 Click the Find icon.
Step 3 On the Find and Select Subscriber page, click Find.
Step 4 Click Example Administrator.
Step 5 In the left pane, click Phone Password.
Step 6 In the right pane, check the User Cannot Change Password check box.
Step 7 Check the Password Never Expires check box.
Step 8 Under Reset Phone Password, enter and confirm a new password by using digits 0 through 9.
We recommend that you enter a long and nontrivial password; 20 digits or more is desirable. (The
minimum length of the password is set on the Subscribers
> Account Policy > Phone Password
Restrictions page.) In a nontrivial password:
• The digits are not all the same (for example, 9999).
• The digits are not consecutive (for example, 1234).
• The password is not the same as the extension assigned to the example account.
• The password does not spell the name of the example account, the name of the company, the name
of the IT manager, or any other obvious words.
Step 9 Click the Save icon.
