http://www.scoop.co.nz/stories/BU1109/S00390/how-much-could-pabx-fraud-cost-your-business.htm
This is so true. Many of our customers constantly refer letters to me that they receive from their phone line providers that state the following:
"An unsecured PBX system can be compromised via an insecure voicemail system (or similar), that allows incoming callers to dial extensions directly and sometimes even outside lines. Hackers have targeted these systems, across the world, sometimes resulting in a large volume of international calls being charged to the PBX user’s account."
When I get alerted to this, my normal response to our customers is:
"VadaXchange PBX is configured with the best security measures in mind. The passwords generated on the system are secure. The system is patched against all known vulnerabilities as a part of your SLA with Vadacom.
The only step you need to ensure you follow is when creating new log-ins on the VadaXchange system to use "generate" button to generate secure passwords as opposed to make passwords up yourself."
I'd like to elaborate more here on security of telephone systems.
If you own or manage a phone system there are two types of attacks that you need to defend:
- Attack from the telephone line that exploits the ability of phone system to relay calls via voicemail and interactive voice response systems.
- Attack from the internet where computer based telephony is hacked in order to make calls.
The interesting thing is that both security risks affect both traditional TDM systems and the new IP systems. This is contrary to many statements made by old-school telephone sales people, who don't often understand IP phone systems and have even less understanding of IT security. Last thing you want to do is seek IT security advise from a telephone sales person.
I need to establish my own credentials here. Although I would not call myself an IT security expert, I do have a background in IT security, having (a) a tertiary qualification in IT and (b) having run a business before who's principal product was a firewall and service was looking after business computer network security.
To defend yourself from both types of vulnerabilities you do need to follow the guidelines that were provided by Telecommunication Carriers' Forum:
1. CHOOSE A STRONG PASSWORD
Voicemail and Direct Inward Systems Access (DISA) passwords should be changed on a regular basis, avoiding factory defaults and obvious combinations such as 1234 or the extension number.
2. CHANGE IT
Make sure all security features – passwords, PINS etc – are changed following installation, upgrade and fault/maintenance. Don’t forget to reset password defaults.
3. KEEP IT CONFIDENTIAL
Keep all internal information such as directories, call logging reports and audit logs confidential. Destroy them appropriately if no longer required.
4. REVIEW REGULARLY
Review system security and configuration settings regularly. Follow up any vulnerabilities or irregularities.
5. VENDOR TERMS AND CONDITIONS
Make sure you have the right terms and conditions reflected in your contracts with your PBX, VoIP and/or voicemail maintainer in order to keep your system regularly maintained and serviced to stay safe.
At Vadacom we provide regular security patches to our customers. We monitor vulnerability advisories. We also provide tools for generating secure passwords.
This comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThanks for sharing such a nice blog with meaningful information
ReplyDeleteip phone systems
Antivirus helpline number (+1 877-718-7117) to solve technical issues of avast, McAfee, Norton, etc. We provide toll-free number antivirus technical support number
ReplyDeleteAntivirus Help support number
Antivirus Help support
Antivirus Helpline Phone Number
Antivirus Helpline
Antivirus technical Support number
Antivirus Tech Support Number
Norton antivirus Renewal Subscription
Norton antivirus product renewal
Norton security renewal with product key
Norton product key activation
Norton setup enter product key
Norton setup with product key
Renew Norton with product key
McAfee activate
McAfee activation 2020
McAfee activation code
McAfee activation code not working
McAfee activation code not Opening
McAfee antivirus activation
McAfee consumer support
Avast subscription renewal
code activation Avast
Avast premier activation code
Avast activation code
avast activation code not working
Browser Technical Support Number (+1-877-718-7117) helps you to solve all the technical issues of Google Chrome, Apple Safari, Mozilla Firefox, Internet Explorer
ReplyDeleteBrowser Toll Free Number Support
Browser Technical Helpline Number
Browser Technical Support Phone Number
Browser Technical Support
Google chrome not responding
Google chrome not responding in Windows 7
Google chrome not responding in Windows 8
Google chrome not responding in Windows 10
Firefox not responding
Safari not working on Mac
Safari not responding
Safari Technical Support Phone Number
safari customer service phone number
internet explorer not responding windows 10
internet explorer not responding windows 8
internet explorer not responding windows 7
internet explorer stopped working windows 10
internet explorer stopped working windows 8
internet explorer stopped working windows 7