Founded By:    |  _                        _______
 Guardian Of Time |  __      N.I.A.   _      ___   ___  Are you on any WAN? are
   Judge Dredd    |  ____     ___    ___    ___     ___ you on Bitnet, Internet
------------------+  _____    ___    ___    ___     ___  Compuserve, MCI Mail,
             /      ___ ___  ___    ___    ___________  Sprintmail, Applelink,
   +---------+       ___  ___ ___    ___    ___________    Easynet, MilNet,
   | 03NOV90 |       ___   ______    ___    ___     ___    FidoNet, et al.?
   | File 65 |       ___    _____    ___    ___     ___ If so please drop us a
   +---------+               ____     _     __      ___        line at
                              ___           _       ___ elisem@nuchat.sccsi.com
        Other World BBS        __
           Text Only            _    Network Information Access
                                       Ignorance, There's No Excuse.

                                 PBX Security
                                by Judge Dredd


$_NOTE:
This is the PBX security manual... it is not a how-to.  This is what is given
to PBX owners/operators.  Use it to your advantage.


Protecting Your PBX From Illegal Access
=======================================

As an owner of a private branch exchange (or PBX) you've invested
quite a lot of money into a remarkable piece of equipment that greatly
enhances your company's communications capabilities. A so-called smart
device, this sophisticated switch usually has a number of useful
device, this sophisticated switch usually has a number of useful
features such as remote access and voice store-and-forward systems, or
voice mail.

     The problem is, criminals are finding it easier than ever to
access these helpful features, blocking out legitimate users.  This is
mainly because many end-users are not taking advantage of new
protective technologies that are now available.

   You may be a victim of this industry-wide problem and not even
know it. Last year, a Midwestern manufacturer lost $25,000 when
someone accessed its PBX for a short time to make unauthorized long
distance calls.

One favorite PBX pathway to free long distance calls is the
remote access unit, which allows callers to access the switch from a
phone outside the company and obtain a dial tone.

     The abuse is hitting end-users at all levels. Over a two- month
period in 1988, employees at a large city agency rigged a phone system
in a scam that cost taxpayers over $700,000 for unauthorized phone
calls. Workers tampered with the organization's PBX to allow callers
from public payphones to dial a special access number that gave them
an outside line to anywhere in the world.

    In another case, intruders left instructions on computer bulletin
board systems detailing how to access conference bridges, call
diverters and remote access units.

     Abusers can include current and former employees, summer interns
and technicians as well as hackers, street hustlers and other thieves
of telecommunications services.  And unfortunately, many companies
simply forget to take out the easy-to-break authorization test codes
that are installed before a PBX is placed in service.


                      Establish Strict Defenses
                      =========================

1.   Assign authorization codes randomly on a need-to-have basis,
     and limit the number of calls using these codes. Never match
     codes with company telephone, station or badge numbers.

2.   Instruct employees to safeguard their authorization codes,
     which should be assigned individually, not printed in
     billing records. And the codes should be changed frequently,
     and canceled when employees depart.

3.   Remote access trunks should be limited to domestic calling
     and shut down when not in use.

4.   Use the time-of-day PBX option.

5.   Use a system-wide barrier code, followed by an authorization
     code with the most digits your PBX can handle.

6.   Use a nonpublished number for remote access lines.

7.   Use a delayed electronic call response (the same as letting
     your phone ring four or five times before answering).

8.   Try hacking your own system to find weaknesses, then correct
     them.


               Implementing Effective Controls
               ===============================

1.   Know the safeguards on your PBX.

2.   Develop an action plan that provides adequate staffing to
     direct specific defensive procedures.

3.   Monitor billing, call details and traffic for unusual
     patterns and busy lines during off-peak hours, such as late
     at night.

4.   Inform PBX console attendants, night security officers and
     remote access users of the need to secure equipment and what
     to do if they suspect an intrusion.

5.   Ask your PBX vendor/supplier what inherent defenses could be
     used to make your PBX more difficult to penetrate.

6.   Monitor valid and invalid call attempts as often as
     possible.

7.   Look for attempted calls of short duration that usually
     indicate hacking activity.

8.   Know who is on the other end of the line before giving out
     any information.

9.   Learn whom to contact at your local and long distance
     service providers when you have a security problem.


                            Glossary
                            ========

Access number: Preliminary digits that must be dialed to connect
to an outgoing line.

Authorization code: Unique multidigit code identifying an authorized
subscriber that must be validated for a call to be processed.

Barrier code: A number of digits that, when dialed before an
authorization code, allow dial entry to a PBX.

Bulletin board system: Computer-based message system.

Call detail recording: A PBX feature that logs outgoing and incoming
calls.

Conference bridge: Allows several parties to carry on a conversation
(Conference Call) from remote sites.

End-user: Subscriber that uses, rather than provides, telecommunications
services.

PBX, or private branch exchange A private switch, either automatic or
manually operated, serving extensions in a business complex and
providing access to the public switched network.

Remote access: A feature that allows an employee to access a PBX from
a remote site and charge calls to the caller's company.

Smart device:  A computer-based system that carries out complex functions.

Switch: A mechanical or solid state device that opens or closes
circuits, changes operating parameters, or selects paths or circuits,
either on a space or time division basis.

Time-of-day option: An added restriction to the automatic route
selection or least-cost options, it can be preset to block long
distance calls at certain hours.

Trunk: A communications channel between different switching systems or
between a PBX and a central office.

Voice mail: or voice store-and-forward systems: A voice message system
that allows messages to be played back when the addressee returns.


          Since 1985, CFCA has served as the industry's
         clearinghouse for information pertaining to
          the fraudulent use of telecommunications
          services. To learn more about PBX system
          security, call (703)848-9768, or write:

          The Communications Fraud Control Association
               7921 Jones Branch Drive, Suite 300
                       McLean, VA  22102

              eMail address:  < cfca@mcimail.com >


A short footnote:

    If you even >think< you have a problem with PBX Fraud, contact:

  1.  Your PBX Switching System Vendor

  2.  Your 'Local Exchange Carrier' ( Your local telephone company) and

  3.  Your 'Inter-Exchange Carrier' ( Your long-distance telephone company)

    If finding the >right person< gets to be a problem, contact the
Communications Fraud Control Association (CFCA) at the above address
or telephone them at (703) 848-9768.

---

Enjoy.  Its early and it looks like it's gonna be a nice day... I'm outta
here. -JD