Lucent Technologies DEFINITY User Manual page 11

Pc console

Hide thumbs Also See for DEFINITY:

Installation for adjuncts and peripherals (229 pages)

Installation manual (144 pages)

Administrator's manual (108 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

Table of Contents

About This Document

Maintenance ports are their most recent target of abuse. In this scenario,

hackers find a private branch exchange (PBX) maintenance port number with

their " war dialer;" a device that randomly dials telephone numbers until a modem

or dial tone is obtained. They then " hack" the user ID and password, sometimes

just by using the PBX default passwords, to enter your system.

This is the most dangerous type of abuse because, once in your system, the

hackers have control over all the administrative commands. While in your

system, they have been known to:

Turn on Remote Access or Direct Inward System Access (DISA). Hackers

have been known to change the system at 8:00 p.m. to allow fraudulent calls.

Then, at 3:00 a.m., they reprogram the system back to its original

configuration. One company was hit three weekends in a row before it

realized what was happening.

Turn off Call Detail Recording (CDR) or Station Message Detail Recording

(SMDR), hack your system all weekend, then turn it back on before Monday

morning. This is especially disturbing to managers who are security

conscious and check the CDR/SMDR reports every morning looking for

suspicious activity. They will not see records of the calls because

CDR/SMDR was turned off by the hackers. The administrator may notice the

absence of CDR/SMDR records for evening, night, and weekend calls made

by employees.

PBX Security Measures

Everyone in your company who uses the telephone system is responsible for

system security. Users and attendants need to be aware of how to recognize

and react to potential hacker activity. Informed people are more likely to

cooperate with security measures that often make the system less flexible and

more difficult to use.

Implement the following general security measures to protect your PBX and

discourage the unauthorized use of your communications system.

Never program passwords or authorization codes onto auto-dial buttons.

Display phones reveal the programmed numbers, and internal abusers can

use the auto-dial buttons to originate unauthorized calls.

Discourage the practice of writing down passwords. If a password needs to

be written down, keep it in a secure place and never discard it while it is

active.

Attendants should tell their system manager if they answer a series of calls

where there is silence on the other end or the caller hangs up.

Users who are assigned voice mailboxes should frequently change personal

passwords and should not choose obvious passwords.

Issue 2.5 October 1999

Table of Contents

Troubleshooting

This manual is also suitable for:

Definity pc console 2.5

Lucent Technologies DEFINITY User Manual page 11

Troubleshooting

Related Manuals for Lucent Technologies DEFINITY

Related Products for Lucent Technologies DEFINITY

This manual is also suitable for:

Table of Contents