PBX Protection

[William Knowles <wk () C4I ORG>]

http://www.planetit.com/techcenters/docs/security/technology/PIT20000510S0022

PBX Protection
by Diane Boccadoro (May 10, 2000)

Your company doesn't currently do business in South America, and your
offices are locked up every night by 10. So why does your phone bill
show hour-long calls to Peru and Argentina after midnight every night
for a week? You have a toll-free numberfor the convenience of your
customers, but when your phone bill comes, you notice 35 calls in a
row from the same number, lasting less than a minute each.

Hackers, crackers, phreakers: Whatever you call 'em, they can steal
you blind from a thousand miles away before you know what hit you, and
after the fact, there's little you can do about it - except maybe
yelling out your window, "I'm mad as hell and I'm not gonna take it
anymore!"

Every year, companies pay billions of dollars for phone calls that are
illegally charged to their accounts by people who raid their phone
systems. You can contest the charges, but the law says that the owner
of a PBX is responsible for all calls made from his system, legitimate
or otherwise, so don't get your hopes up. You need to protect your PBX
from high-tech assault, like an experienced hacker who might post your
access code on the Net for cheap calls by other Web surfers, or a
disgruntled former (or even current) employee who makes long-distance
calls on your time, or hackers who want to set up "free" voice
mailboxes or even reprogram the system so you and your employees can't
access it.

[...]


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".