防止造成欺诈

盗窃长途服务, telecommunications services and toll fraud come in many different forms. Understanding your telecommunications system and the techniques used by the criminals are key to limiting your vulnerability to this type of crime.


beplay全站app安卓 conducts network monitoring on a 7×24 basis for its own internal efficiency and productivity needs. If, 在监视的过程中, suspect traffic patterns are detected from a customer’s lines or services that may indicate Toll Fraud or hacking is taking place, beplay全站app安卓 will take commercially reasonable steps to mitigate the customer’s exposure to financial impact.

这些步骤包括:

  • Notification of the customer and/or their beplay全站app安卓 Representative
  • Temporary suspension of Long Distance 服务 in whole or in part until the Customer’s Premise Equipment (CPE) is sufficiently secured. This suspension may take place without direct consent from the customer in extreme circumstances
  • Consultation with the customer on best practices to secure their CPE

The customer shall be wholly liable for all calls originating from their lines, 服务和/或CPE, regardless of who initiated those calls. 如果CPE被黑了, the customer hereby accepts and acknowledges that said hacking resulted from a weakness or exposure in the CPE and did not result from any action or inaction taken or not taken by beplay全站app安卓. The customer accepts complete responsibility for the maintenance and security of their own CPE, including but not limited to proper password management and restriction of unneeded international, Operator or Casual (1010) dialing unless otherwise specified in the contract. As such the customer accepts all responsibility for calls and any costs, charges or expenses resulting from those calls that result from their CPE security being breached or violated.

beplay全站app安卓 is not liable for any charges resulting from toll fraud or hacking incidents. 另外, beplay全站app安卓 is not responsible or liable as a result of its fraud monitoring and/or network monitoring. Any detection of a fraud incident and subsequent notifications or actions taken by beplay全站app安卓 is done as a value-add service and not in accordance with any obligations under an agreement between beplay全站app安卓 and the customer. The network monitoring efforts are in no way to be understood or agreed to be an acceptance of responsibility on beplay全站app安卓’s part for a toll fraud or hacking incident or charges that arise from the incident.

  1. 学习 about your telecommunications system:
  • Know the safeguards, the inherent defenses and security features
  • 确定漏洞;
  • Ensure staff are trained in safeguards and procedures.
  • Evaluate old systems – replace/upgrade if necessary
  1. Know the access paths that open doors to fraud:
  • IP路由器
  • / /公众开放端口访问
  • 语音信箱系统
  • 简单的密码
  • 直接进入系统通道(DISA)
  • Remote System Administration (Maintenance Ports)
  • 内直接拨号
  • 绑定中继和汇接网络业务
  • 调制解调器
  1. Monitor and analyze your systems information:
  • Study call detail records and review billing records (exception reports may provide a warning sign)
  • Know your own calling patterns and review them;
  • 检查语音邮件报告
  • Run IP access reports to determine unauthorized attempts to access your IP based phone system.
  • Monitor valid and invalid calling attempts whenever possible
  • 研究你的电话费
  1. 了解安全漏洞的迹象:
  • Complaints that the system is always busy
  • Sudden changes in normal calling patterns such as increases in wrong number calls or silent hang-ups, 晚上, 周末和假日交通, 800和WATS电话, 国际电话, 和奇数调用(i.e. 曲柄/淫秽调用);
  • 语音信箱的长途电话
  • 长时间保持
  • 无法解释的900(聊天线路)呼叫
  • High tolls for any unauthorized trunk extension

 

如果你有一个IP启用系统:

安装防火墙:

  • Hardware or software – inspect network traffic; deny/permit passage based on rules.
  • 防火墙非常重要. If the network enabled PBX is not behind a firewall, it will be hacked.
  • Web/SSH access should be by whitelist only.
  • The SIP traffic should be monitored by a program, automatically banning offending IP addresses that are SIP scanning the equipment for access.
  • IP security programs comes installed on most IP PBX distributions these days. If not, ask your supplier if they have anything or any recommendations

 启用网络的PBX系统:

  • Make sure the software version of the PBX is a current supported version, long term support release where security patches are routinely developed. Also make sure that the core system is updated and patched for vulnerabilities that are discovered and published.
  • If you have a software version that is no longer supported, update or migrate to an updated version, otherwise you will not be able to obtain security patches for current and future exploits.
  • When calls are forwarded but not seen in the Graphical User Interface of the PBX administration, 检查电话系统数据库.
  • Identify the section that deals with call forwarding for any numbers or addresses that are possibly call forwarded. Attackers will mask their call forwarding in the database where most people never look.
  • Seriously consider consulting a certified professional for any installation, 维护或安全审计.
  • Do not allow public access to the system. Access should always be through multi-factor authentication VPN.
  • Access from public IP’s and ports should be by whitelist only.

When Network Enabled PBX Systems are Hacked: 

  • If the web interface is exposed to the public internet, then it will not matter how complicated the login password is for the administration, the attackers will just exploit the code on the interface to gain access and then dump every password.
  • In the event of a security breach it may be necessary to rebuild the system over again including formatting the disk or downloading the factory image if you have a trusted backup

 

适用于所有系统的提示:

系统配置:

  • Use account codes for all toll calling or at a minimum High cost (International, Caribbean)
  • Use random generation and maximum length for authorization codes and passwords
  • Deactivate all unassigned authorization codes
  • Do not allow generic or group authorization codes
  • Restrict access to specific times (business hours). Block all toll calls at 晚上, on weekends and on holidays
  • Restrict unneeded dial strings at the PBX level.
  • Restrict call forwarding to local calls only or ideally remove it completely
  • 阻塞所有Operator Assist (0+), Conference or 3-way calling and 10XXXX calling from your PBX if this service is not necessary
  • Block, limit access or Require attendant assistance to overseas calls
  • Establish policies on accepting collect calls and providing access to outside lines
  • Educate switchboard operators and employees about "social engineering" (i.e. con- artists trying to obtain calling access or transfers through a PBX)
  • Secure equipment rooms (lock up all telephone equipment & 连接帧)
  • Run periodic security audits to check for exploits in the PBX
  • Frequently audit and change all active codes
  • Restrict Toll Free dialing from areas where there is no business requirement (this likely will need to be done through your Carrier).
  • 不允许直通拨号
  • Eliminate trunk to trunk transfer capability
  • Restrict all calls to 900, 976, 950 and 411
  • Restrict all possible means of out-dial (through-dial) capability in your voice mail system
  • Consider allowing only attendant-assisted 国际电话
  • Analyze call detail activity frequently for unusual activity
  • Disable DISA (Direct Inward System Access) if possible. If not possible, use maximum number of digits for DISA code
  • Deactivate unassigned voice mailboxes and DISA codes
  • 对抗社会工程, make sure that system administration and maintenance telephone numbers are randomly selected, unlisted and that they deviate from normal sequence of other business numbers
  • Use multiple levels of security on maintenance access
  • Do not allow unlimited login attempts to enter system. Program PBX to terminate access after third invalid attempt
  • Enable system lock-out feature on voicemail – this allows only X attempts at password before someone is locked out
  • 监控呼叫转移活动
  • Shred anything listing PBX access numbers, passwords or codes
  • Never divulge system information unless you know who you are actually communicating with
  • Test all PBX voice menus to ensure there’s no unintended routing or access exposure to outside lines or internal systems
  • Send e-mail reminders to all employees to change passwords on their voicemail periodically
  • Frequently change default codes/passwords on voice mailboxes
  • Do not use “alpha” passwords that spell common words or names
  • 删除/修改所有默认密码
  • Immediately deactivate passwords and authorization codes to known terminated employees
  • Change all passwords when there are personnel changes
  • Delete all ex-employee voicemail boxes and email access

语音信箱系统

  • Establish controlled procedures to set and reset passwords;
  • Change passwords regularly; MOST SYSTEMS HAVE FORCED PASSWORD CHANGES
  • Use maximum length passwords for system manager box & 维护港口;
  • Prohibit the use of trivial, simple passwords (i.e. 222, 123, your last name, LOCAL number etc.);
  • Limit the number of consecutive log-in attempts to 3 or less;
  • Change all factory installed passwords;
  • Block access to long distance Trunking facilities, and collect call options on the auto attendant;
  • Block or preferably Delete all inactive mailboxes;
  • 限制你的呼叫;
  • In systems that allow callers to transfer to other extensions, block any digits that hackers could use to get outside lines, 特别是中继接入码;
  • Conduct routine reviews of the status of your system and system usage.