Re: Phone Switches + telephone banking etc

From: Dave Booth (dboothat_private)
Date: Fri Jun 07 2002 - 12:09:41 PDT

Next message: hellNbak: "Re: Phone Switches + telephone banking etc"

Previous message: Rich Henning: "Re: PGP spoof decrypted output?"
In reply to: Vachon, Scott: "RE: Phone Switches + telephone banking etc"
Next in thread: Tony Camp: "RE: Phone Switches + telephone banking etc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Vachon, Scott wrote:
> In a past occupation, I worked with phone switches. Most have a bare minimum
> OS that runs on them but, for full functionality they are used with a
> separate host (or hosts).

Indeed, and that has been the source of a major burr in my hide. In 
various jobs I've more than once encountered the scenario where the 
separate host is an out-of-the-box install of the OS, unpatched, every 
service in the book running and with the telephony app thrown in there 
with a default install just before its shipped to the customer site 
along with a support and maintenance contract. This app, of course, 
usually remains something of a black box even when glared at with 
extreme prejudice by an experienced sysadmin. When that same sysadmin 
starts tallking about locking down some unnecessary services or even 
(horrors!) reimposing the default setup of most *nix variants that 
prevent root logins anywhere but the physical console the immediate 
response is usually "Change our default config and you void your 
maintenance contract - install any other software and we will no longer 
support the app. No, our remote support techs must be able to make a 
root login over the dialup line or we wont support the system at all..."

Needless to say, most businesses balk at the thought of having their 
phone system unsupported if it goes down and so the system remains wide 
open. One vendor who I wont trouble to name even went so far as to 
forbid the installation of backup client software but at the same time 
handed the root password to anyone who asked for it "so that they could 
run the commands that control the switch connection" Thankfully the 
disaster waiting to happen there didnt occur on my watch and I wasnt put 
in the position of having to find a diplomatic way to tell my employer 
that I'd told them so...

-- 
Dave Booth, CWT-IT
dboothat_private
+---------------------------------------------------+
| Catapultam habeo. Nisi pecuniam omnem mihi dabis, |
| ad caput tuum saxum immane mittam.                |
+---------------------------------------------------+

Next message: hellNbak: "Re: Phone Switches + telephone banking etc"
Previous message: Rich Henning: "Re: PGP spoof decrypted output?"
In reply to: Vachon, Scott: "RE: Phone Switches + telephone banking etc"
Next in thread: Tony Camp: "RE: Phone Switches + telephone banking etc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 07 2002 - 15:48:06 PDT