Q. What are the primary points of vulnerability within my voice network?
A. Points of Entry: The voice network is no longer a set of separate, disparate systems housed in switch rooms. It consists of a common network infrastructure with multiple access points for end users, administrators and applications software. Access points circumvent firewalls and the protections they afford.
PBX Trunks: Switch toll fraud and abuse arises from external crackers who try to enter vulnerable access points such as PBX trunks and stations. For example, a cracker dials into a PBX and randomly tests trunk access codes to seize an outgoing trunk using touchpad signals. Once the trunk is seized, telephone calls can be made to any long-distance number.
Direct Inward System Access (DISA) Ports: These are physical ports on PBXs intended for remote access by employees with proper authorization codes, such as sales personnel. Without an internal process for removing codes once employees have left the company, access remains wide open. In addition, regular audits of remote ports are needed to ensure that external crackers are not trying to guess access codes.
Voice Mailboxes: Open voice mailboxes of former employees are a particular area of concern. It's impossible for telecommunications personnel to keep up with employee terminations and layoffs. Consequently, voice mailboxes remain active. Without consistent coordination between HR and IT, mailboxes and stations will remain available long after they should. Another access point of messaging servers is un-initialized and abandoned voice mailboxes. It is easy to crack one of these mailboxes, since organizations set an obvious or easy initial password for new employees. Furthermore, there is usually a time lapse before an employee actually initializes the mailbox to change the default password.
Remote Access Ports: Voice servers utilize remote access ports for administration and maintenance. Many systems still use modems for access. These systems come configured with a standard set of logins, and rely upon the customer to change the default passwords. Often there are special maintenance accounts that customers rarely use nor do they change passwords. Logins and passwords are published in the documentation, which is usually available on the website of the hardware vendor.
The Internal Network: The corporate network provides access to voice systems via telnet for operations personnel. Voice systems that are IP-enabled but not segmented into separate and secure domains are vulnerable to attack from anyone on the network. In fact, IT administrators at colleges and universities frequently mention how students try to break into these systems and even succeed!
Viruses and Other Attacks: The deployment of voice applications on Windows platforms has reduced system acquisition costs but has added the burden of securing systems from viruses and related attacks. Firewalls, anti-virus systems, VPNs and intrusion detection systems must be used to secure these components. Service impacts can arise from disabling and reassigning ports, re-routing traffic or tampering with message queues. Installing patches and updates, however, impacts service on operations that require high availability, such as the voice network.
For more visit www.concord.com.
© 2005 Telecom Reseller. All Rights Reserved.