Cisco VOIP and Hacking

[RTMCKEE]

I'm not sure if hacking is the right word, I think they call it phreaking, but what I'm talking about is toll fraud not what people usually think of hacking (computer networks)

I was wondering if anyone has Cisco VOIP and what type of guarantee they provide against toll fraud/hacking. I know Avaya checks your system every few months to see if it is vulnerable to that sort of thing, and they even have some sort of guarantee against it.

I was wondering if Cisco provided any such service or even if those guys have even thought of toll fraud. We are discussing going to a Cisco VoIP solution and was just wondering. I'm sure they have thought of all the ways to keep people out of the "data" part, but in just the few demos I've seen of their product, they seem to have a few features that could easily be exploited either by hackers or from someone just abusing the system from the inside.

The reason I ask is because where I previously worked we got hit with a $100K phone bill for one weekend of a hacker attack. I don't want to have to explain that sort of thing to another CIO!

Your in put would be helpful.

Thanks
RTMCKEE

 

[europe]

Do not know about the cisco stuff.

I do know that if you go to the Avaya web site and select "government" under de Customer heading, at the customer headlines you can find a press release about the upgrade of a DEFINITY at Fort Belvoir, one of eight US Army installations.

In the press release it is stated that the DEFINITY ECS is certified by the Department of Defense's Joint Interoperability Test Center.

Now I know passing test on security for the Department of Defense in the US says something about security. Please let me know if the information that was provided is helpfull.
Edwin Plat
A.K.A. Europe

 

[pansophic]

RTMCKEE,

You are correct, what you are describing is called phreaking, not hacking, but the priciples are the same, just the medium is different.

AFAIK Cisco is not providing any protection from phreaking, and the platform is susceptible to phreaking in all of the old ways (PSTN), but also in new ways because of the connection to the IP network. So far I haven't seen any hacks for accessing a Call Manager from off site, but they are bound to come up. I have seen hacks for the PingTel java phones already.

I have been working toll fraud and PBX phreaking issues for about 13 years, and the vast majority of the problems revolve around the following devices and features:

DISA - don't use it! Have the application removed if at all possible. I have applications that can test all possible 4 digit PINs in less than 2 days, and 6 digit PINs in just over 30 days. They are completely automated, and don't require any human intervention.

Auto Attendants - Allowing an Auto Attendant to be on a trunk or station that has the ability to dial off-net is a MAJOR no-no. I find it frequently. Why, because the auto attendant is part of the voice mail system, and we all like out-call notification of messages to go to our pagers. I have worked with customers who limited their stations to internal extensions, and then redirected each phantom extension to an idividual outgoing number. It is a huge headache, but cheaper than the alternative. Bottom line is, put limits on what the Auto Attendant considers to be valid calls, and put limits on where it can dial through the PBX. If there are any other limits you can set, then set them. Security is most effective in layers, so that when you misconfigure it (and you will sooner or later) you don't lose all of your protection.

Voice Mail Systems - That lovely out-call notification. Heard of a site where some voice mail boxes were hacked, and out-call notification was set to a pay-per-call service that they had set up. Call the number a hundred times and leave an urgent message. Rack up the dollars.

Trunk Access Codes - Allowing access to trunk access codes is necessary for testing, but there is practically no reason to ever leave them accessible. Many PBXs recommend that the trunk access codes look like an extension. Many auto attendants can transfer to them. Bad combination. Leave them blank, turn them off, limit access to the stations that are required for testing.

If you put the Call Manager behind a firewall, and don't allow RTP (UDP) and RTCP (TCP) protocols to go through your firewall, then you are probably OK from the network side. There are some other issues, like monitoring audio by sniffing the network, but in a well configured switched LAN that shouldn't be too much of an issue.

pansophic