Penetration Testing mailing list archives
Re: [PEN-TEST] PBX Security
From: David Alexander <dalexander () TRISKELE CO UK>
Date: Wed, 4 Oct 2000 17:03:21 +0100
Joe I can't give you any specifics about that make or model, but here are some general pointers: 1. Check for any form of listening device near/hooked into the system to pass on data or phone numbers. I know it seems paranoid, but you are a bank and want to be thorough I hope. 2. Read through the manuals to find out what maintenance and admin accounts there are, check the password settings are not the defaults or easily guessed. 3. Check on automatic call re-routing and mailbox settings. Can people break into the admin settings and then re-route outgoing calls (phreaking) 4. talk to the admin and to the suppliers - is the system software patching up to date ? Hope this helps David Alexander Project Manager & Information Security Consultant Qualified BS7799 Lead Auditor Triskele Ltd. Office 01491 833280 Mobile 0780 308 3130
-----Original Message----- From: Joe Traietta [mailto:JTraietta () ASAHIBANKNY COM] Sent: 04 October 2000 15:07 To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] PBX Security I have been asked to perform a security review on the PBX system (NEC NEAX 2000 IVS) at my company. I have virtually no PBX experience, so I was hoping somebody could point me to a good resource, or pass along some personal experience about reviewing / auditing a PBX system. Thank you. Joseph Traietta Data Security Officer Asahi Bank, New York Branch
Current thread:
- [PEN-TEST] PBX Security Joe Traietta (Oct 04)
- Re: [PEN-TEST] PBX Security David Spinks (Oct 04)
- Re: [PEN-TEST] PBX Security Frasnelli, Dan (Oct 04)
- Re: [PEN-TEST] PBX Security Talisker (Oct 04)
- <Possible follow-ups>
- Re: [PEN-TEST] PBX Security PRAYAGSING MUKESH (Oct 04)
- Re: [PEN-TEST] PBX Security Dunker, Noah (Oct 04)
- Re: [PEN-TEST] PBX Security David Alexander (Oct 04)
- Re: [PEN-TEST] PBX Security Gallicchio, Florindo (2282) (Oct 04)
- Re: [PEN-TEST] PBX Security Loschiavo, Dave (Oct 04)
- Re: [PEN-TEST] PBX Security Mark L. Jackson (Oct 05)
- Re: [PEN-TEST] PBX Security Curphey, Mark (ISS Atlanta) (Oct 04)
- Re: [PEN-TEST] PBX Security Fricke, Gregory D. (Oct 04)
- Re: [PEN-TEST] PBX Security Ben Grubin (Oct 04)
- Re: [PEN-TEST] PBX Security Dunker, Noah (Oct 04)
- Re: [PEN-TEST] PBX Security Davidson,Sam (Oct 04)
- Re: [PEN-TEST] PBX Security Alex Balayan (Oct 04)