Telecommunications Security
Security testing of telecommunication systems.
In assessment exercises, Sword & Shield routinely finds corporate networks vulnerable to service modems and inadequate security on PBX systems.
Telecommunications Sweep
A sweep of the telephone address space is used to detect unauthorized modems and authorized but insecure modems. These tests are also used to ensure authentication systems are in place and to exploit any vulnerability that may exist.
A telecommunications sweep tests to see that no backdoor access is available to the system or network. The methods and procedures Sword & Shield uses in a telecommunications sweep have proven effective in verifying the existence and status of modems connected to the network and/or host systems.
PBX Security Auditing
The Private Branch Exchange (PBX) is an essential and sophisticated computer-based switch that can be thought of as essentially a small, in-house phone company for the organization that operates it. Even with the accelerated adoption of Voice Over IP (VOIP) technology, the PBX continues to serve a critical role in an organization's business communications. Protection of the PBX is thus a high priority. Failure to secure a PBX can result in exposing the organization to toll fraud, theft of proprietary or confidential information, and loss of revenue or legal entanglements.
Telecommunications (PBX) Audit
A typical PBX configuration includes the following: multiple public trunk lines terminating at the PBX, a computer system with memory managing the switching of calls in and out of the organization as well as providing various features (such as automated attendant), and a management console PC or terminal. Additionally, Automatic Call Distributor (ACD) systems and Voicemail systems are common applications used in conjunction with a PBX.
Much like a network router that routes Internet traffic, a PBX sends calls to the appropriate telephone number and handles traffic restrictions in a manner analogous to packet filtering. A PBX also provides system features (e.g., conference calling), and access rights and privileges like a network server.
Similar to data networks, there are risks and threats that can be identified and associated with the PBX and related systems. Some examples include theft of service, traffic analysis, data modification, "finger hacking", internal abuse, and call sending.
When Sword & Shield consultants conduct a security review of a PBX system, the examination can be conducted either remotely or while on-site. The review examines the current state and configuration of the PBX system and focuses on:
- Administration and Vendor Maintenance
- Toll Charge Access Restrictions
- System Feature Restrictions
- Administrative Console Security
- Monitoring and Utilization Tracking
- Awareness and Problem Management
- Facilities Security
The PBX audit exercise seeks to examine various aspects of the PBX configuration, usage, and operating environment in order to analyze and assess the level of vulnerabilities discovered, identify any past or present misuse/abuse, and provide recommendations for a more secure PBX operation.
Find out more:
Penetration Testing
Application Security Testing
Database Security Testing
Wireless Security Testing
Social Engineering
For Information on how Sword & Shield is helping federal agencies integrate penetration testing to address FISMA mandated annual security reviews, click here.
For more information on the growing threat of VISHING attacks, click here.
If you need help with your compliance initiatives, click here.
Our Markets
We service many markets, predominantly in these sectors:
Request Consultation
To speak to a member of our team, please fill out this request form.
