Home > Articles > Certification > Cisco Certification > CCIE

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Preventing Toll Fraud

Toll fraud is a chronic issue that has impacted the PSTN and IP worlds alike. Toll fraud can be summarized as the illicit use of a telephony system to make long-distance (international) calls without any accountability. To prevent toll fraud in a Cisco Collaboration network, you can employ various tools:

  • CUCM class of service (CoS)
  • Voice gateway toll fraud prevention application
  • Voice gateway class of restriction (CoR)
  • Cisco Unity Connection restriction rules

CUCM Class of Service

CUCM CoS can be enabled via multiple tools, listed and described in Table 5-2.

Table 5-2 CUCM CoS Components

CUCM CoS Component


Partitions and calling search spaces (CSS)

Provide segmentation and control to the number that can be called, or vice versa. As a leading practice recommendation, either disable Call Forward All or limit it to an extension within your Collaboration network. Call Forward Busy and Call Forward No Answer should also be limited to internal partitions only. For phones with extension mobility, a logged-out CSS should be restricted to internal and emergency partitions only.

Time-of-Day routing

Allows certain partitions to be active during a preset time period during a day and after this period; these partitions become inactive automatically. Helps restrain calls made to national and international numbers after business hours. See Chapter 4 for more details.

Forced Authorization Code (FAC) and Client Matter Code (CMC)

Used to control the access to international and long distance calls. FAC/CMC forces a user to enter a predetermined code to proceed with a call hitting a route pattern that has FAC enabled. Both FAC- and CMC-processed calls are logged to CUCM Call Detail Records (CDR).

Block off-net to off-net transfers

Allows/disallows off-net to off-net transfers based on a clusterwide service parameter Block OffNet to OffNet Transfer. When enabled, CUCM blocks any off-net to off-net call transfers from endpoints, thereby minimizing the risk of anyone misusing the feature for transferring local PSTN calls to international destinations.

Ad hoc conference restriction

Ad hoc conference calls can be dropped when the originator hangs up. This is achieved by setting the Drop Ad Hoc Conference service parameter to When Conference Controller Leaves under Clusterwide Parameters > Feature > Conference. This ensures that the other parties (such as external users) cannot initiate a call to another external number.

Route filters

Can be deployed to filter any unwanted area codes as well as calls to known paid/premium numbers.

Cisco Voice Gateway Toll-Fraud Prevention Application

Cisco IOS voice gateways with Cisco IOS 15.1(2)T and later come (by default) enabled with an application that helps stops toll-fraud attempts. This new feature is known as Call Source Authentication, which is the default behavior of a toll-fraud prevention feature. By virtue of this feature, the router automatically adds the destination IP address(es) defined as an IPv4 target in a VoIP dial peer to the trusted source list. This feature is configurable via the global voice service voip command:

UCRouter(config)# voice service voip
UCRouter(conf-voi-serv)# ip address trusted authenticate

Voice Gateway Class of Restriction

Class of restriction (CoR) is analogous to CUCM partitions and CSSs. CoR is implemented at either dialpeers or ephone-dns on a voice gateway. The dial-peer cor custom command is equivalent to creating a CUCM partition, whereas dial-peer cor list is equivalent to creating a CUCM CSS. CoR can be implemented on SIP and H.323 gateways and while a gateway is in SRST mode. Example 5-6 illustrates CoR configuration on a Cisco IOS gateway.

Example 5-6 Cisco IOS Gateway CoR Configuration

UCRouter(config)# dial-peer cor custom
UCRouter(config-dp-cor)# name emergency
UCRouter(config-dp-cor)# name local
UCRouter(config-dp-cor)# name national
UCRouter(config)# dial-peer cor list emergency
UCRouter(config-dp-corlist)# member emergency
UCRouter(config)# dial-peer cor list local
UCRouter(config-dp-corlist)# member emergency
UCRouter(config-dp-corlist)# member local
UCRouter(config)# dial-peer cor list national
UCRouter(config-dp-corlist)# member emergency
UCRouter(config-dp-corlist)# member local
UCRouter(config-dp-corlist)# member national
UCRouter(config)# dial-peer voice 911 pots
UCRouter(config-dial-peer)# corlist outgoing emergency
<output-omitted for brevity>
UCRouter(config)# dial-peer voice 7 pots
UCRouter(config-dial-peer)# corlist outgoing local
<output-omitted for brevity>
UCRouter(config)# dial-peer voice 11 pots
UCRouter(config-dial-peer)# corlist outgoing national
<output-omitted for brevity>

Cisco Unity Connection Restriction Rules

Cisco Unity Connection can transfer calls from voice mail to the PSTN. This feature can be exploited for conducting toll fraud. To ensure that your Cisco Unity Connection system denies outgoing calls and/or transfers, configuring the following restriction rules is recommended:

  • Create a non-default call-restriction rule for calls and call transfers that denies everything starting with the outside (PSTN) access code; for example, deny 9* transfers from Cisco Unity Connection to PSTN in the United States and 0* in Europe.
  • Add restriction table patterns to match appropriate trunk access codes for all phone system integrations.
  • Restrict the numbers that can be used for system transfers and for Audio Messaging Interchange Specification (AMIS) message delivery..
  • + Share This
  • 🔖 Save To Your Account