Avaya 8400B Plus User Manual
Security Issues
Issue 2 November 1996
xi
Security Issues
As a Lucent Technologies customer, you should be aware that there is an
increasing problem of telephone fraud. Telephone toll fraud can occur in many
forms, despite the numerous efforts of telephone companies and telephone
equipment manufacturers to control it. Some individuals use electronic devices
to prevent or falsify records of these calls. Others charge calls to someone
else’s number by illegally using lost or stolen calling cards, billing innocent
parties, clipping onto someone else’s line, or breaking into someone else’s
telephone equipment physically or electronically.
increasing problem of telephone fraud. Telephone toll fraud can occur in many
forms, despite the numerous efforts of telephone companies and telephone
equipment manufacturers to control it. Some individuals use electronic devices
to prevent or falsify records of these calls. Others charge calls to someone
else’s number by illegally using lost or stolen calling cards, billing innocent
parties, clipping onto someone else’s line, or breaking into someone else’s
telephone equipment physically or electronically.
Today security problems are not just limited to toll fraud. There have been sharp
increases in reported incidents of hackers: criminals skilled in reprogramming
computer systems, accessing telecommunications systems through remote
administration or maintenance ports. These ports cannot be used to place
phone calls, but hackers can gain control over the setup of the system. Through
these ports, hackers create security “holes” to allow unauthorized calling — a
serious form of electronic vandalism.
increases in reported incidents of hackers: criminals skilled in reprogramming
computer systems, accessing telecommunications systems through remote
administration or maintenance ports. These ports cannot be used to place
phone calls, but hackers can gain control over the setup of the system. Through
these ports, hackers create security “holes” to allow unauthorized calling — a
serious form of electronic vandalism.
Maintenance ports are their most recent target of abuse. In this scenario,
hackers find a private branch exchange (PBX) maintenance port number with
their “war dialer”; a device that randomly dials telephone numbers until a
modem or dial tone is obtained. They then “hack” the user ID and password,
sometimes just by using the PBX default passwords, to enter your system.
hackers find a private branch exchange (PBX) maintenance port number with
their “war dialer”; a device that randomly dials telephone numbers until a
modem or dial tone is obtained. They then “hack” the user ID and password,
sometimes just by using the PBX default passwords, to enter your system.
This is the most dangerous type of abuse because, once in your system, the
hackers have control over all the administrative commands. While in your
system, they have been known to:
hackers have control over all the administrative commands. While in your
system, they have been known to:
■
Turn on Remote Access or Direct Inward System Access (DISA).
Hackers have been known to change the system at 8:00 p.m. to allow
fraudulent calls. Then, at 3:00 a.m., they reprogram the system back to
its original configuration. One company was hit three weekends in a row
before it realized what was happening.
Hackers have been known to change the system at 8:00 p.m. to allow
fraudulent calls. Then, at 3:00 a.m., they reprogram the system back to
its original configuration. One company was hit three weekends in a row
before it realized what was happening.
■
Turn off Call Detail Recording (CDR) or Station Message Detail
Recording (SMDR), hack your system all weekend, then turn it back on
before Monday morning. This is especially disturbing to managers who
Recording (SMDR), hack your system all weekend, then turn it back on
before Monday morning. This is especially disturbing to managers who