On August 20th,
the department of Homeland Security had a hacker breach their telephone system.
The hacker managed to exploit a security opening in the system's voice mail when
it was upgraded by a system administrator. Over 400 calls were made to the Middle
East and Asia with an approximate cost of around $12,000.
While it seems that (DHS is not disclosing more details of the hack) the
classic oversight of using default password settings in the voice mail system
let to this exploit, the fact it happened to DHS and the calls were made to the
Middle East is fairly ironic. We cannot say with certainty whether the system
in question was VoIP based or whether it was using PSTN or IP based trunks, but
from a voice security perspective, this event clearly shows that everyone is
vulnerable to the simplest and most basic exploits regardless of the technology
we use.
From the voice security practitioner point of view, following industry best
practices such as changing default settings immediately after systems are put
into production or when there is a major upgrade to the components, is a common sense practice. And in another
bit of irony, in 2003 DHS issued a warning about this very vulnerability. However,
in practical situations, due to a human error or omission, the default
passwords often are left unchanged leading to potential exploits. The scope of
this problem is amplified by the fact that today’s PBX is a complex application
serving thousands of users with hundreds of features and multitude of options.
When managing multiple IP-PBXs, manual processes can’t effectively track the configuration details and is prone to errors and mistakes: such is the cast at DHS. An automated VoIP assessment and compliance management tool would enable administrators to track conformity with voice security best practices and security vulnerabilities in all stages of a PBX’s life cycle, including staging, day-to-day usage, upgrades, patching, etc. Such a tool, if used on a consistent basis, would prevent most of these problems from occurring. Whether this tool is used on an ad-hoc or periodic basis, it allows identifying most of common problems and mistakes made by the PBX users and administrators.
We investigated what was on the surface, was a similar attack. The toll fraud amount was much, much higher. The attacker exploited a router/media gateway, that lacked the proper ACLs, allowing an H.323 connection from any IP address in the internal network. The attacker enabled H.323 calls to the media gateway, and therefore PSTN, without any intervention from the call control agent.
Posted by: Mark Collier | October 29, 2008 at 02:27 PM
This requires very long time to have more ideas just about this good topic thence the paper writing service can help us to get the right custom essays or to buy custom essay papers.
Posted by: Chloe22Cp | January 15, 2010 at 07:36 PM
I propose not to wait until you earn big sum of cash to buy all you need! You should take the business loans or just short term loan and feel free
Posted by: credit loans | April 03, 2010 at 03:57 AM
Practicing the best work in the company is great. It will be a great way to bring in money.
Posted by: Call Centers in the Philippines | January 16, 2011 at 08:31 AM
Believe me!!! I have been trying hard to write articles for my college magazine, but haven’t been very successful in my endeavor. But, after reading your article I wish to study more on the same subject and give out my best.
valentines day ideas
Posted by: Buy Kamagra | February 08, 2011 at 02:11 AM
Have no a lot of money to buy a house? You should not worry, because that is possible to take the personal loans to resolve such kind of problems. Thence take a short term loan to buy everything you require.
Posted by: mortgage loans | August 07, 2011 at 03:11 PM
I would like to propose not to hold back until you get enough amount of money to buy different goods! You can just take the mortgage loans or auto loan and feel yourself free
Posted by: mortgage loans | November 08, 2011 at 05:32 AM