PBX Security in the VoIP age
Computers & Technology → Technology
- Author Chris Mcandrew
- Published December 18, 2010
- Word count 558
PBX Security in the VoIP age
Once upon a time hackers hacked computers and cause the IT department varying
degrees of heartache.
And the corporate telecom manager implemented his corporate PBX Security policy
and locked the communications room door on his way home.
Then along came the Phreak and they started attacking long distance carriers.
And the corporate telecom manager slept quietly in his bed safe in the knowledge
that PBX Security meant locking the comms room door.
Then someone invented Voicemail and IVR systems.
Phreaks started to pay attention to corporate telephone systems.
And the telecom manager started to stir.
Now we have VoIP systems running on virtual servers, web facing collaboration
applications, home workers with SIP handsets and mobile phones which function as extensions linked over WiFi to your
telecommunications server.
Now we have Phreaks attacking DISA, Voicemail and IVR systems, we have hackers
attacking telecommunications servers and their associated web facing applications and to add insult to injury we have
penetration testers telling us that we have not secured our applications properly!
What went wrong?
Well that question, at least, is easy – we never thought it would happen to
us…….
Attacking telephone systems in the current day and age is now a multi billion
dollar industry (estimated $80 billion globally) attracting a lot more that bored school kids, the people perpetrating these
attacks are more likely to be a part of an organised crime or terrorist group.
So, PBX Security needs to come of age, quickly.
Businesses need to implement and adhere to, strict PBX Security policies,
locking down all unnecessary functions and applications. Telecom Managers need to stay up to date on the latest threats
being posed by these attacks.
A new report from the Communication Fraud Control Association has placed the UK
in the top 5 countries which are global fraud hotspots, joining the likes of Cuba and India.
PBX Security Best Practices
- Ensure your employees change the manufacturers’ default password immediately
upon being assigned a voicemail box and frequently thereafter.
- Programme your voice mail system to require passwords with a minimum of 6
characters (8 is preferred – the more complex the password, the more difficult it is to guess)
- Train your employees not to use easily-guessed passwords such as their phone
numbers, local number, simple number combinations or patterns.
- When assigning a phone to a new employee, never make the temporary password
the employee’s telephone number.
- If possible programme your voice mail system to force users to change their
password at least every 90 days. If not then introduce a corporate password policy which requires them to do so.
- If possible DISA should be disabled. DISA is a function which allows you to
make telephone calls through your telephone system when you are at an offsite location. If this feature is used, it is
important that you generate and monitor reports to ensure that it is not being abused.
- Remove all unassigned voice mailboxes
The above security measures are of a general nature and will not protect every
aspect of an individual telephone system – you should contact your system maintainer or specialist PBX Security Consultant.
Remember that you are responsible for paying for all calls originating from, and
charged calls accepted at, your telephone, regardless of who made or accepted them.
For further information visit http://www.chris-mcandrew.co.uk or
http://www.telecompages.co.nr
My name is Chris McAndrew and over the last 28 years I have worked on many PBXs, from Ambassadors to Mitel 3300s I have also received a few awards including Engineer Of The Year (2005) and one of my projects won the Comms Channel Awards in 2003.
I am currently employed as a tier 2 Mitel support engineer covering most aspects of the Mitel 3300 however my favourite areas are security and new technologies, currently things like SIP.
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- Top 10 Features You Didn't Know Existed in Product Configurators for Business Central
- From Paper to Digital: Transforming QA with Dynamics 365 Business Central
- How AI Content Moderation Keeps Your Brand Afloat
- the best metal detector
- You’re probably not ready for AI. Guide to K-12 data collection.
- Elevate Your Business Central Experience with Free Barcoding Integration
- Choosing the Best SMS Gateway Provider: 5 Essential Features for Success
- Designing Easy to Use Software: Understanding the Basics of UX Testing in Quality Assurance
- The Link: Merging Brains and Computers
- Machine translation vs AI translation: What sets them apart?
- Navigating the Path to Data Excellence: A Guide to Choosing the Right Power BI Consultant with GTH Cloud 365
- The Future of AI: Exciting Times, Big Questions
- The Evolving Landscape of SEO in 2024: Navigating the Digital Frontier
- Customize Your Gaming Console To Optimize Your Gaming Experience
- Data Recovery Complications
- Unveiling the Power of Digital Platforms
- Revolutionizing Connectivity: Digital Transformation in the Telecom Industry
- An Introduction to MacBook Pro
- Cultivating Efficient Partition Management with NTFS Recovery Toolkit 23
- Create Business or Personal Disk Replication with Active@ ISO Manager 23
- Essential Phone Security Tips for Your New Gadget
- Never lose your data again due to a lousy format. Use Active@ UNFORMAT 23
- Generative AI Aims to Bring Efficiency to the Production Process
- The Developer's Dream: AI-Powered Software Solutions Unveiled!
- BLOCKCHAIN TECHNOLOGY
- Unlocking Peak Efficiency: The Ultimate Guide to AI Productivity Accelerator
- AI-Powered Applications in 2023: A Year of Lessons and Reflections
- What exactly are metaverse domains?
- Virtual and Augmented Reality (VR/AR) in Videos
- Streamline Operations and Enhance Patient Experience