|
Telecommunications/PBX Audit & Security Assessment
Security for the Converged PBX and its Network
 Introduction
Denial of Service attacks are among the many methods used by hackers in the telecommunications industry in targeting businesses with voicemail systems using VoIP as a method of carrying message traffic. With the advent of converged applications and more servers entering the PBX world, more and more attention must be given not only to Denial of Service attacks, but other attacks as well.
The Communications Fraud Control Association (CFCA) announced the results of a comprehensive survey that was conducted by them. It was estimated that the annual worldwide telecom fraud losses to be over $55 billion. That is a huge amount of money by any standard and this is more than sufficient in confirming that telecom fraud is a really lucrative criminal business.
 The PBX in the New Era
The PBX is and has been used as an indispensable business tool since the days of Alexander Graham Bell. But today, PBX use has broadened and is now LAN-connected through servers running on UNIX, LINUX and various Windows based Operating Systems.
Security for the Converged PBX
TeleDesign Security’s TelGuard™ Security Analysis is a comprehensive Risk Analysis of a PBX’s physical and administrative site security. It includes analysis of software configurations, system parameters, remote maintenance, trunks, report management, Call Detail Reporting (CDR), carriers, stations, DISA/remote access and Voicemail. In addition, the security audit examines IP integration, user authentication, password management and protection, operating system and network architecture vulnerabilities, and business management methodologies. Our three-prong process consists of analyzing the application configuration, operating system security, and network architecture. This in turn enables the safe use of your vital business processes and applications while protecting the balance of your network.
Process and Deliverables
Our Remote Access Security Audit and Vulnerability Assessment capabilities make the project cost effective. The analysis of the application, operating system, and network data configurations collected is then compared against NIST (National Institute of Standards & Technology) standards, best practices, regulatory compliances and latest known hacker trends and techniques. The security audit and risk assessment deliverable will be in the form of a grading matrix consisting of High, Medium and Low security risks for the PBX, voice mail and other adjunct servers. TSI’s recommended corrective actions are based on the client’s business needs, security configurations, network architecture and hardware components.
The configuration data extracted and the ensuing recommendations report will include information pertinent to:
- Station Privileges and Restrictions
- Hunt Groups / Abbreviated Dialing / Digit Translations
- Login and User Profiles
- Voice and Data Calling Patterns
- IP network connectivity and Voice Over IP Services (VoIP)
- Public and Private Network Routing Access
- Automatic Route Selection
- Virtual Private Networks
- Private Switched Networks
- System Management/Maintenance Capabilities
- Voice Mail
- Auto Attendant
- Remote Access (Direct Inward System Access - DISA)
- Call-Center Services (ACD)
- Station Message Detail Reporting / Call Detail Recording (CDR)
- Adjunct Systems Privileges
- Miscellaneous System Interfaces
User Benefits
- Improved user productivity through secure user configuration, O/S, and network design
- Prevention of toll fraud, denial of service attacks and restoration expense.
- Conform to public and private sector industry standards.
- Avoid regulatory compliance penalties.
- Market-leading technology recommendations
Conclusion
New converged PBX exploitable vulnerabilities are a new learning process for the public and private sectors. Forward-looking entities recognize the problem and have integrated converged PBX infrastructure testing in their overall IS security programs. At TeleDesign Security, our expert Senior Security Consultants Conduct a three point inventory of your converged PBX configuration, operating system and network security components. The results will enable you to eliminate major vulnerabilities and develop new standards and security guidelines optimizing your company’s security stance along with the confidence that your network will resist malicious intrusions. At TSI, we don’t just identify problems—we help define a solution that revolves around your business objectives.
The Power of Three²
| Services |
Options |
ROI |
| App. Config. |
Proactive |
Zero Loss |
| O.S. |
Reactive |
Confidentiality |
| Network |
Post-active |
Corp Image |
Why Select TeleDesign Security
With expert consultants totaling over 100 years of Telecom experience, TeleDesign Security can provide assistance beyond the technical requirements for PBX Audit and Security Assessment. With the advance of technology, today’s PBXs are IP-driven and are part of the data network. This converged technology is turning a company's confidential data into business-critical assets, and information security is now an enabling process for delivering services essential for electronic business. By effectively managing risk, an organization can maximize its business potential in the networked world. TeleDesign Security's expertise helps our clients achieve this goal by understanding, prioritizing, and mitigating their security-related business risks using our comprehensive set of information protection services.
|
