Pbx Security In The Voip Age

PBX Security in the VoIP age

Once upon a time hackers hacked computers and cause the IT department varying degrees of heartache.

And the corporate telecom manager implemented his corporate PBX Security policy and locked the communications room door on his way home.

Then along came the Phreak and they started attacking long distance carriers.

And the corporate telecom manager slept quietly in his bed safe in the knowledge that PBX Security meant locking the comms room door.

Then someone invented Voicemail and IVR systems.

Phreaks started to pay attention to corporate telephone systems.

And the telecom manager started to stir.

Now we have VoIP systems running on virtual servers, web facing collaboration applications, home workers with SIP handsets and mobile phones which function as extensions linked over WiFi to your telecommunications server.

Now we have Phreaks attacking DISA, Voicemail and IVR systems, we have hackers attacking telecommunications servers and their associated web facing applications and to add insult to injury we have penetration testers telling us that we have not secured our applications properly!

What went wrong?

Well that question, at least, is easy we never thought it would happen to us.

Attacking telephone systems in the current day and age is now a multi billion dollar industry (estimated $80 billion globally) attracting a lot more that bored school kids, the people perpetrating these attacks are more likely to be a part of an organised crime or terrorist group.

So, PBX Security needs to come of age, quickly.

Businesses need to implement and adhere to, strict PBX Security policies, locking down all unnecessary functions and applications. Telecom Managers need to stay up to date on the latest threats being posed by these attacks.

A new report from the Communication Fraud Control Association has placed the UK in the top 5 countries which are global fraud hotspots, joining the likes of Cuba and India.




PBX Security Best Practices

Ensure your employees change the manufacturers default password immediately upon being assigned a voicemail box and frequently thereafter.

Programme your voice mail system to require passwords with a minimum of 6 characters (8 is preferred the more complex the password, the more difficult it is to guess)

Train your employees not to use easily-guessed passwords such as their phone numbers, local number, simple number combinations or patterns.

When assigning a phone to a new employee, never make the temporary password the employees telephone number.

If possible programme your voice mail system to force users to change their password at least every 90 days. If not then introduce a corporate password policy which requires them to do so.

If possible DISA should be disabled. DISA is a function which allows you to make telephone calls through your telephone system when you are at an offsite location. If this feature is used, it is important that you generate and monitor reports to ensure that it is not being abused.

Remove all unassigned voice mailboxes

The above security measures are of a general nature and will not protect every aspect of an individual telephone system you should contact your system maintainer or specialist PBX Security Consultant.

Remember that you are responsible for paying for all calls originating from, and charged calls accepted at, your telephone, regardless of who made or accepted them.

For further information visit http://www.chris-mcandrew.co.uk or http://www.telecompages.co.nr