Avaya

Modular Messaging Help

Print | Back | Fwd | Close
Home | Search the Help
 Getting Started 
 Administration 
 Maintenance 
 Reference 
Home > Getting started > Modular Messaging and Security > PBX Security

PBX Security

Private Branch Exchange (PBX) is an essential component that supports the critical functions of your organization. Failing to protect your PBX can expose your organization to toll fraud, theft of proprietary and confidential information, and loss of revenue. PBXs provide a wide range of communication features that provide new opportunities for unauthorized people to exploit.

Threats for PBXs include:

  • Theft of service, such as toll fraud

  • Unauthorized disclosure of critical information, such as routing and address data

  • Unauthorized data modification, such as changing billing information or modifying system tables to gain additional services

  • Denial-of-service attacks that prevent the system from performing as intended

  • Traffic analysis by an unauthorized user to observe and misuse call information

Security measures in the PBX should be designed to prevent unauthorized users from placing fraudulent calls once they have accessed the system. If security restrictions are not properly implemented, it is possible that incoming calls to your system are transferred to outgoing facilities. If an intruder circumvents the security of the PBX and gains access to the voice mail system, the intruder might then configure the compromised system to dial out to a domestic or foreign phone number.

Improving Outcalling Security

When the outcalling feature is enabled, the system notifies subscribers of new messages. Subscribers often want the system to contact a long distance number or call pager number where they can receive this notification. You can consider the following options to minimize toll fraud related to outcalling:

  • The voice ports can be assigned to a toll restricted Class of Restriction (COR) that allows calling only within a local area.

  • Outcalling numbers can be entered into an unrestricted calling list for either Automatic Route Selection (ARS) or Toll Analysis.

  • Outcalling numbers can be limited to 7 digits or 10 digits. To limit the number of digits that can be dialed for outcalling, change the System Parameters Outcalling form. Note that if outcalling to a pager is allowed, additional digits may be required.

  • Disallow callers to dial specified digits as the initial digits of an invalid mailbox. For example, if 9 is configured to request an external line from the PBX, and 9 is not selected, dialing the invalid mailbox 9004 does not get an external line. By default, all digits should be selected as the initial digits of an invalid mailbox.

  • Outcalling can be turned on for selected subscribers only. You can do this by setting up or changing a Class of Service (COS) for the selected subscribers, and then assigning the Class of Service to individual subscribers.

Fraudulent Transfers

Once users transfer to dial tone, they can dial a trunk access code (TAC), feature access code (FAC), or extension number. If the system is not properly secured, unauthorized users can make fraudulent long distance calls or request a company employee to transfer them to a long distance number.

Basic Call Transfer

With Basic Call Transfer, a caller can dial any number that matches the length of a valid extension. So, if an unauthorized caller dials a transfer code followed by the first digits of a long-distance telephone number, (such as 91809 in a 5-digit plan), the voice mail system passes the numbers on to the switch. The switch interprets the first digit (9) as an access code, and the following digits as the prefix digit and area code. At this point, the caller enters the remaining digits of the phone number to complete the call. If call transfer is restricted to subscribers, the caller cannot initiate a transfer to an off-premises destination unless the digits entered match an administered subscriber’s mailbox identifier, for example, 91809. To insure the integrity of the subscriber restriction, do not administer mailboxes that start with the same digits as a valid switch Trunk Access Code. It is strongly recommended that all transfers be restricted to subscribers when Basic Call Transfer is used.

Enhanced Call Transfer

With Enhanced Call Transfer, the voice mail system uses a digital control link message to initiate the transfer, and the switch verifies that the requested destination is a valid station in the dial plan. When a caller dials in, the system verifies that the digits entered contain the same number of digits as administered for extension lengths. If call transfer is restricted to subscribers, the voice mail system also verifies that the digits entered match the extension number of an administered subscriber. With Enhanced Call Transfer, the reason for a transfer is included in the control link message that the voice mail system sends to the switch. For Call Answer calls, such as calls that are redirected to the voice mail system when an extension is busy or does not answer, when a caller enters 0 to Escape to Attendant, the voice mail system normally reports the transfer to the switch as redirected. The switch uses this reason to determine how to proceed with the call. If the reason for the transfer is redirected, the call does not follow the destination’s coverage path or its call forwarding path. This is because the switch does not redirect a previously redirected call. This restriction may not be acceptable where it is desirable to have the call follow the coverage path of the transferred-to station. Enhanced Call Transfer can be administered to allow this type of transfer.

Top of page

General recommendations

Following are some general security recommendations pertinent to PBX configuration, data, and maintenance and administration functions. These should be implemented to enhance the security of the system as a whole:

  • The PBX should route all calls only to their intended authorized destinations.

  • The PBX should prevent unauthorized access to, or tampering with, existing connections or conversations.

  • The PBX should prevent unauthorized disconnection of calls and should support positive disconnection.

  • The PBX should prevent unauthorized observation or manipulation of the subscriber database within the PBX memory.

  • The PBX should restrict the use of its resources and features to authorized users and subscribers, and should allow only authorized users to modify PBX database attributes. The PBX should log all unauthorized and authorized user access attempts to do unauthorized functions.

  • The PBX should implement valid identification and authentication procedures for physical access to PBX hardware and software.

  • The PBX should maintain an audit trail of all security related incidents occurring within the switch so that the audit information will be protected from unauthorized access, modification, or destruction.

  • The PBX should control privileged user access to switch functions, with users allowed access to only the specific functions necessary to perform their duties.

  • The PBX should define and control access to system objects, such as software modules, routing tables, and configuration tables.

  • The PBX should ensure that its security enforcement software is protected from external interference or tampering.

  • Ensure that there is a confirmation process for the authorized disclosure or use of the PBX documents. The confirmation process can be as simple as issuance of permits and receipts and verifying them before allowing access to the PBX documents.

  • Ensure that the PBX is placed in a physically secure location to ensure protection from damage and unauthorized access.

  • All activity initiated within the PBX should be logged and a record kept of this log. This log should include not only the normal daily operational routines, but also maintenance and trouble shooting procedures.

  • Backups of system configuration and database should be kept and maintained regularly. Such backup files should be kept in a secure area allowing access only to authorized personnel.

  • Whenever you plan to make changes in the PBX switch database or operating system, review the changes to make sure that the new changes are necessary and do not compromise controls and integrity of the switch.

  • Activate exception reporting on a periodic basis so that the system reports any deviations from the normal activity that may indicate errors or unauthorized acts.

  • Ensure that remote maintenance access is blocked, unless unattended access is required. Restrict dial-up access to the PBX for maintenance and administration. Dial-up modem access must be password protected. Users who have access to the PBX should be allowed to modify data that is pertinent only to their job functions.

  • Provide strong physical security for the PBX software. Ensure that PBX audit reports are shredded and destroyed properly.

  • Scrutinize and validate all software upgrades. Utility upgrades from remote contractors can give hackers unlimited access.

Emergency procedures might include the following:

  • Shut down the PBX or voice mail system immediately.

  • Change all passwords.

  • Immediately report the problem to your telephony company and your equipment supplier.

  • Advise all staff of the situation.

  • Call the police. Although some firms prefer not to refer these problems to police for fear of negative publicity, prosecutions do provide a great deterrent to thieves.

  • Gather evidence.

Top of page

Home | Search the Help | Print | Back | Fwd | Close

©2003 Avaya Inc. All rights reserved. Last modified 24 November, 2003