We've had similar problems with these systems, but have come up with a multilayered solution to deal with this. Most of these hacks are on either SIP trunks or ISDN trunks. Analogue trunks aren't generally affected as it's quite awkward to join the trunks to effect a call through the system. Here we go.
Disable voicemail remote access, change all voicemail passwords to non standard and keep changing them regularly. (Treat these passwords as you would a bank PIN).
In the toll exception tables, prevent calls out to 090 and 00 numbers which will prevent calls to premium rate and overseas. If your customer needs to call specific 090 number, you can enter these allowed numbers into the allowed table. If they require overseas, they have to accept that there is a risk of abuse.
If you're using SIP, make sure you get IP specific SIP trunks thereby preventing possible trunk hacking from offsite users.
To prevent unauthorised remote access, tie the customers router down to accept incoming requests only from a recognised maintenance IP address. Install a pc at the maintenance location that will act as a portal for mobile engineers who would access it remotely using PC anywhere or other remote management. Ensure you dont keep any saved databases on this remote PC.
Finally, ensure the system software is bang up to date and configure the new front end security. This requires a user name and password, and will lock the thing down for 15 minutes after 3 failed logins. (This also applies to users attempting to logon to the user portal)
Unfortunately this system isn't that secure out of the box. However if you think like the hacker, and configure accordingly, it's as secure as the best of them.
Eddie, one other comment. We have seen hackers/employees get round rule based tables preventing overseas calls form the UK (i.e. 00) by prefixing 141, the UK code for number withhold. Unless the client really needs the speaking clock or to withhold their number on a call by call basis, it is worth adding "1" onto your barred list.
Sorry about the delay. Yes definitely. You can also limit use of the system speed dial list on a per handset basis, and maybe think about total outgoing call barring when night service is put on. (This can also be done on a per handset basis).
×
Most hacking takes place over night/weekend. make sure that you night switch your phone system. Also make sure that in night mode your system invokes toll bars on the line side so extensions cant make toll call at night. because Ipecs can be remoted make sure the passwords are REALLY hard, use multiple lettters and numbers. Also turn off anyones voicemail that dont use it as this is another area they will target. Have company policy that states every employee must change their passwords weekly. might sound painful but that bill you get after being hacked will be worse
Graeme
No telephone system is 'safe'. We provide telephone systems from a number of suppliers and are regularly contacted by people with the same problem. Disabling call forwarding helps secure the system, but it will not make it bullet proof. (We have also seen 'get-rounds' to allow international dialing when it has be blocked.) If you really want to make the system secure you need a voice firewall. If you look at www.datasharptele.com under resources/toll fraud you will see more details of one of the systems available. NOTE - if they have caught you once they may well keep trying again every-so-often to see if they can get you another way.
1,037 views
Usually answered in minutes!
×