Manualshelf

Technical information

ManualsBrandsAT&T ManualsNetwork RouterDEFINITY Remote Port Security Device
41424344454647484950
Security Risks
3-4 Issue 7 June 2001
Voice Messaging Systems
Voice messaging systems provide a variety of voice messaging applications;
operating similarly to an electronic answering machine. Callers can leave
messages for employees (subscribers) who have voice mailboxes assigned to
them. Subscribers can play, forward, save, repeat, and delete the messages in
their mailboxes. Many voice messaging systems allow callers to transfer out of
voice mailboxes and back into the PBX system. When hackers connect to the
voice messaging system, they try to enter digits that connect them to an outside
facility. For example, hackers enter a transfer command (the AUDIX Voice Mail
System uses ), followed by an outgoing trunk access number for an outside
trunk. Most hackers do not realize how they gained access to an outside facility;
they only need to know the right combination of digits. See Chapter 6 for
information on securing your voice messaging system.
Sometimes hackers are not even looking for an outside facility. They enter a voice
messaging system to find unassigned voice mailboxes. When they are
successful, they assign the mailboxes to themselves, relatives, and friends, and
use them to exchange toll-free messages. Hackers can even use cellular phones
to break into voice mailboxes. (See ‘‘Protecting Voice Messaging Systems’’ on
page 6-2.) In addition, unauthorized access to voice messaging systems can
allow hackers to access the switch and change administration data. See
‘‘Increasing Product Access (Port) Security’’ on page 3-6.
Administration / Maintenance Access
Expert toll hackers target the administration and maintenance capabilities of
customer premises equipment-based systems. Once criminals gain access to the
administration port, they are able to change system features and parameters so
that fraudulent calls can be made. The following measures can be taken to
prevent high level access to system administration.
Passwords
Changing Default Passwords
To simplify initial setup and allow for immediate operation, either the switch and
adjuncts are assigned default administration passwords, or passwords are
disabled, depending on the date of installation. Hackers who have obtained
copies of customer premises equipment-based and adjunct system
documentation circulate the known default passwords to try to gain entry into
systems. To date, the vast majority of hacker access to maintenance ports has
been through default customer passwords. Be sure to change or void all default
passwords to end this opportunity for hackers.
T