How To Prevent Toll Fraud On A UC500/520/CME Cisco Router

Today I had a customer that complained about toll fraud on their UC500 and wanted me to make sure they were secure against such an attack.  So, I looked over what they had and did what Ive outlined below.  I found a good document on Cisco's site for this.  Im researching more on what other changes might be good for the fight against toll fraud.
Here is the document on Cisco's site.  Below is what I did.

In CME:
 I took out any dial-peers that were not needed.

telephony-service
 after-hours block pattern 1 91
 after-hours block pattern 2 9011 7-24
 after-hours block pattern 3 91900 7-24
 after-hours day mon 17:30 08:00
 after-hours day tue 17:30 08:00
 after-hours day wed 17:30 08:00
 after-hours day thu 17:30 08:00
 after-hours day fri 17:30 08:00
 after-hours day sat 17:00 08:00
 after-hours day sun 12:00 23:59

telephony-service
no transfer-pattern 9.1T
no transfer-pattern .1T

(I did this on all ephone-dns)
ephone-dn  17  dual-line
call-forward max-length 3

telephony-service
no auto-reg-ephone

In CUE:
deny in the AA script "Allow external transfers" (unchecked)

apply restriction tables (example below)

***ADDED March 10th***
I modified my outside ACL to be the following for the outside interface:
access-list 101 permit tcp 10.1.1.0 0.0.0.255 eq 2000 any
access-list 101 permit udp 10.1.1.0 0.0.0.255 eq 2000 any
access-list 101 deny   udp any any range 5060 5061 log
access-list 101 deny   tcp any any range 5060 5061 log
access-list 101 deny   tcp any any range 1720 1721 log
access-list 101 deny   ip 192.168.10.0 0.0.0.255 any
access-list 101 deny   ip 10.1.1.0 0.0.0.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any

interface FastEthernet0/0
 ip access-group 101 in