The Multi Layered Approach - Mistake Resistant Security

[small]
Original writing of GHTROUT (Yes, Jon was real, and he and I worked at the same Interconnect). This is meant to raise awareness and prompt questions that should be asked more frequently.
[/small]


When we think of phone phreaking and hacking, a common vision is some late night or weekend where our phone lines are being enjoyed by people we donÆt know, waiting in what is like a line to the restrooms at State Fairànever ending and we feel like theàyou know. While that kind of penetration can be very costly, the following true story may have dome more damage:

It was in the early 1980Æs... Jon, my co-worker and friend, didnÆt steal. However, he did like to ôshockö his friends. We were doing a wiring project a block from his house one day. For lunch he would make sandwiches that rivaled the best deli (shock factor). As we ate, he picked up the phone and dialed a number, then added some digits and then started talking into the phone about [imagination goes here]. I figured whatever; it was probably some friends answering machine. That wasnÆt the case. He was speaking to three floors worth of overhead paging speakers at a fairly large customer. Scary isnÆt it. I think I might advertise free phone service before having to deal with that at my company,

How did such a security hole open up? That system had been in place for a while. The original installation design engineer did not overlook this û the secure paging trunk he set up was later changed from ôPAGö to ôCOTö to satisfy a customer request to allow Zone Paging. Then some time after, another change to allow pager outcalling to an 800 number service was requested. The technician modified the voice mail system to enable 1800 and it didnÆt work, he tried 800, then resorted to 8 and then finally called for help where he was reminded the allow table should be ô91800ö. That worked!. ItÆs late and he has other things on his mind than some company and their toll free pager needs. He is gone. Little problem here. The paging ôall-callö was 84. And guess who just left after putting ô8ö in the allow table. Just an innocent mistake and now three floors hear a company-wide announcement from Jon, the guy that loved to shock people.

Making it Hard to Screw Up

That incident was a turning point for me. I realized that normal changes by technicians and customers would continue to open holes if it was as easy as adding one digit in a table. In addition to the restrictions that can be assigned in the voice mail system, I activate each of these features where possible:

Flexible Trunk to Trunk Connections: Since most of the systems I have come across needed to allow outcalling to pagers or cell phones, it was a feature in the Meridian 1 X-11 Rls 23 that caught my eye. Flexible Trunk to Trunk Connections provided a means to restrict a phone TN (in this case, the voice mail TNs) from connecting a caller to a destination over a trunk. NCOS, TGAR or other CLS do not take precedence or over ride the feature setting Flexible Trunk to Trunk Connections is not enabled by default, but phone TNs show the restriction value as FTTU, FTTC, or FTTR. When the feature is activated in the Customer Data Block, users will lose the ability to release an incoming caller to an external destination unless they were changed to CLS FTTU

SRE is another Class of Service available. If this is assigned to Voice Mail TNs, the system not be able to originate calls over trunks, regardless of NCOS. The disadvantage is that Outcalling will not be possible either. It is a great layer to add if outcalling is not used.

NCOS is generally assigned to the Voice Mail TNs with some thought. Over time, the capabilities of each NCOS setting may have changed without considering the capability that may have been added to the voice mail TNs.

TGAR is a layer that can restrict phone TNs from dialing the Trunk Route Access Codes, bypassing the restrictions that NCOS provides.

The features listed above can effectively restrict voice mail from being use to place unauthorized calls. Each should be considered, evaluating the overall effect they may have on the system. Differences in system configuration can also change the level of restriction I have described.