[ISN] Are hackers accessing your company via your PBX?

From: InfoSec News (isnat_private)
Date: Thu Sep 05 2002 - 23:27:04 PDT

  • Next message: InfoSec News: "Re: [ISN] Alberta hackers find wireless networks wide open"

    http://www.itweb.co.za/sections/techforum/2002/0209050728.asp?A=TEP&S=Telephony&T=Section&O=FPSH
    
    By John Van Munckhof
    5 September 2002  
    
    Although most companies today have improved security on their data
    networks, thus cutting down on white-collar crime and hack attacks,
    too few have paid enough attention to their PBX system. The PBX
    remains a potentially huge back door problem for data network
    security.
    
    "Many corporates have implemented firewalls as well as stringent
    anti-virus and content filtering applications to reduce attack and
    fraud," says John van den Munckhof, managing director of Dimension
    Data Interactive Communications. "The PBX, however, remains a
    significant loophole. All the perimeter security in the world can be
    bypassed by a poorly configured authorised or unauthorised modem."
    
    Indeed, as a leading communications publication puts it: "If you want
    to do real damage to a business or institution, telecom infrastructure
    is probably a better target than the corporate LAN or Web site. PBX
    hacking may not sound glamorous by comparison with elite Internet
    penetrations, but it can be just as damaging. Attacks on PBXs, ACDS,
    voicemail, voice-response units, and other infrastructure can bring
    down a company: make it unable to function, expose its secrets, damage
    its reputation, burden it with telephone charges and the cost of
    re-provisioning and repair after damage is done." (Source:  
    Communications Convergence, April 2002. Securing your Switch by John
    Jainschigg.)
    
    By not securing the PBX, companies risk a number of costly problems.
    
    "Poorly configured authorised or unauthorised modems enable an
    attacker to do war dialling exercises on the PBX," explains Rob Brown
    at network security specialists Dynamic Recovery Services (DRS). DRS,
    in partnership with Dimension Data, markets the TeleWall PBX security
    solution from SecureLogix.
    
    "War dialling software allows the hacker to automatically dial a range
    of numbers until it finds a fax or modem number. The hacker then uses
    the modem to access the organisation. It can also identify the
    management port on the PBX, which he can easily hack into to get free
    reign over the entire PBX system."
    
    Once in, the hacker can wreak chaos. He can change voicemail messages
    and listen to messages that have been left.
    
    "For example, he may change the voicemail message left by the CEO for
    those trying to contact him, or he may listen to a highly confidential
    message left for the CEO concerning an upcoming merger."
    
    Once inside the PBX, the hacker can also create a virtual extension,
    giving himself an outside line to use for international calls, thus
    being able to run up huge bills on international calls.
    
    Apart from outside attack, there is the very real threat of toll fraud
    from within the company if the PBX is unsecured. This in turn can lead
    to further external attack, where for example a hacker can piggyback
    on an unauthorised modem that an employee has brought into the
    organisation.
    
    "If employees find that they can no longer get into their favourite
    porn or sport Web site, because of newly installed content filtering,
    they can simply bring in their own modem and use the dial-in facility
    - but using the company's telephone system," says Brown.
    
    "Alternatively, he can use a built-in laptop modem. Not only does this
    create a back door to circumvent company policy, but when he dials out
    a hacker can piggyback on the call, thus bypassing security on the
    data network."
    
    Employees often use the simple tactic of dialling internationally over
    an unbarred fax line if their own desk telephones are barred.
    
    "In the last month alone, we have talked to four different companies
    that between them have run up toll fraud bills of R4 million - in
    these cases, all unauthorised international calls," says Brown.
    
    And many South African companies have seen huge surges in their
    telephone bills when a reality television show requires viewers to
    call in and vote.
    
    Another problem companies and governmental organisations are more
    aware of since 11 September is criminal or terrorist activity within
    their organisations. They often also battle against unscrupulous
    recruitment agencies that regularly poach their staff.
    
    "The answer to all these problems is a PBX security system that sits
    between the telecommunications provider and the company PBX," says Van
    den Munckhof.
    
    TeleWall is a PBX firewall and intrusion detection system that
    effectively solves the last back door security problem on the data
    network. It logs all call progress information and characterises all
    call types.
    
    "Basically it gives the same visibility to your voice network as your
    data network," says Van den Munckhof.
    
    The system can terminate all calls made to certain telephone numbers,
    for example, competitors or even known criminals. It can also bar all
    incoming calls from certain telephone numbers, for example,
    recruitment agencies.
    
    It will identify all calls made using unauthorised modems, and -
    depending on the rules set by the company - either alert the
    administrator and terminate the call immediately, or simply alert the
    administrator.
    
    It can also terminate all voice calls over fax lines, thus stopping
    phone abuse.
    
    "This is done in real-time, and is not a report that you get a week
    later," says Van den Munckhof. "For example, if you suddenly see that
    a number of employees are all dialling the same cellphone number, you
    may want to check it out. Often it will be a prank call that is doing
    the rounds, or a vote line, for example, and this number can
    immediately be barred to prevent further unnecessary costs."
    
    If TeleWall detects war dialling, this is identified as an attack,
    terminated, and the administrator will be alerted via e-mail or fax.
    
    "Perhaps most importantly, the system will enable you to see patterns,
    which will then enable you to put the right policies and preventative
    measures in place," says Van den Munckhof. "This will result in
    significant cost savings."
    
    TeleWall uses an Oracle database, and works with all brands of PBX. It
    caters for analogue, digital and voice over IP and can be remotely
    administered.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Sep 06 2002 - 02:31:40 PDT