http://www.itweb.co.za/sections/techforum/2002/0209050728.asp?A=TEP&S=Telephony&T=Section&O=FPSH By John Van Munckhof 5 September 2002 Although most companies today have improved security on their data networks, thus cutting down on white-collar crime and hack attacks, too few have paid enough attention to their PBX system. The PBX remains a potentially huge back door problem for data network security. "Many corporates have implemented firewalls as well as stringent anti-virus and content filtering applications to reduce attack and fraud," says John van den Munckhof, managing director of Dimension Data Interactive Communications. "The PBX, however, remains a significant loophole. All the perimeter security in the world can be bypassed by a poorly configured authorised or unauthorised modem." Indeed, as a leading communications publication puts it: "If you want to do real damage to a business or institution, telecom infrastructure is probably a better target than the corporate LAN or Web site. PBX hacking may not sound glamorous by comparison with elite Internet penetrations, but it can be just as damaging. Attacks on PBXs, ACDS, voicemail, voice-response units, and other infrastructure can bring down a company: make it unable to function, expose its secrets, damage its reputation, burden it with telephone charges and the cost of re-provisioning and repair after damage is done." (Source: Communications Convergence, April 2002. Securing your Switch by John Jainschigg.) By not securing the PBX, companies risk a number of costly problems. "Poorly configured authorised or unauthorised modems enable an attacker to do war dialling exercises on the PBX," explains Rob Brown at network security specialists Dynamic Recovery Services (DRS). DRS, in partnership with Dimension Data, markets the TeleWall PBX security solution from SecureLogix. "War dialling software allows the hacker to automatically dial a range of numbers until it finds a fax or modem number. The hacker then uses the modem to access the organisation. It can also identify the management port on the PBX, which he can easily hack into to get free reign over the entire PBX system." Once in, the hacker can wreak chaos. He can change voicemail messages and listen to messages that have been left. "For example, he may change the voicemail message left by the CEO for those trying to contact him, or he may listen to a highly confidential message left for the CEO concerning an upcoming merger." Once inside the PBX, the hacker can also create a virtual extension, giving himself an outside line to use for international calls, thus being able to run up huge bills on international calls. Apart from outside attack, there is the very real threat of toll fraud from within the company if the PBX is unsecured. This in turn can lead to further external attack, where for example a hacker can piggyback on an unauthorised modem that an employee has brought into the organisation. "If employees find that they can no longer get into their favourite porn or sport Web site, because of newly installed content filtering, they can simply bring in their own modem and use the dial-in facility - but using the company's telephone system," says Brown. "Alternatively, he can use a built-in laptop modem. Not only does this create a back door to circumvent company policy, but when he dials out a hacker can piggyback on the call, thus bypassing security on the data network." Employees often use the simple tactic of dialling internationally over an unbarred fax line if their own desk telephones are barred. "In the last month alone, we have talked to four different companies that between them have run up toll fraud bills of R4 million - in these cases, all unauthorised international calls," says Brown. And many South African companies have seen huge surges in their telephone bills when a reality television show requires viewers to call in and vote. Another problem companies and governmental organisations are more aware of since 11 September is criminal or terrorist activity within their organisations. They often also battle against unscrupulous recruitment agencies that regularly poach their staff. "The answer to all these problems is a PBX security system that sits between the telecommunications provider and the company PBX," says Van den Munckhof. TeleWall is a PBX firewall and intrusion detection system that effectively solves the last back door security problem on the data network. It logs all call progress information and characterises all call types. "Basically it gives the same visibility to your voice network as your data network," says Van den Munckhof. The system can terminate all calls made to certain telephone numbers, for example, competitors or even known criminals. It can also bar all incoming calls from certain telephone numbers, for example, recruitment agencies. It will identify all calls made using unauthorised modems, and - depending on the rules set by the company - either alert the administrator and terminate the call immediately, or simply alert the administrator. It can also terminate all voice calls over fax lines, thus stopping phone abuse. "This is done in real-time, and is not a report that you get a week later," says Van den Munckhof. "For example, if you suddenly see that a number of employees are all dialling the same cellphone number, you may want to check it out. Often it will be a prank call that is doing the rounds, or a vote line, for example, and this number can immediately be barred to prevent further unnecessary costs." If TeleWall detects war dialling, this is identified as an attack, terminated, and the administrator will be alerted via e-mail or fax. "Perhaps most importantly, the system will enable you to see patterns, which will then enable you to put the right policies and preventative measures in place," says Van den Munckhof. "This will result in significant cost savings." TeleWall uses an Oracle database, and works with all brands of PBX. It caters for analogue, digital and voice over IP and can be remotely administered. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Sep 06 2002 - 02:31:40 PDT