It is clearly important to balance the cost of securing your voice infrastructure from attack against the cost of doing nothing. The consequences from inaction can include:

• Direct financial loss through fraudulent call misuse (internal or external)
• Missed cost saving opportunities through identification on surplus circuits
• Adverse publicity, damage to reputation and loss of customer confidence
• Litigation and consequential financial loss
• Loss of service and inability to dispense contractual obligations
• Regulatory fines or increased regulatory supervision

The threat from within

As is the trend with hacking data networks, the threat to PBXs comes primarily from within. For example, an employee, a contractor, or even a cleaner could forward an extension in a seldom-used meeting room to an overseas number and make international calls by calling a local rate number in the office.

The perpetrator could likewise be the beneficiary of a premium rate telephone number in this country or abroad and continue to leave phones off the hook or on a re-direct to that number netting thousands of pounds in illicit gains in a weekend.


And, of course, let's not forget about the new telecommunications technologies which are based around open communications via the Internet. These include IP-driven PBXs supported by all the adjunct devices, the deployment of CTS (Computerised Telephone Systems), CTI (Computer Telephony Integration) and Voice over IP. The introduction of these technologies means IT and telecoms managers need now to become even more alert to prevent new and existing threats that are typically associated with data networks, now impacting upon voice networks. Without diligent attention, telecoms systems are in grave danger of becoming the weak link in the network and utterly defenceless against targeted attacks by hackers.

So what practical measures can telecom or IT managers take to help prevent becoming a victim of telecom fraud?

One of the most effective approaches to improving the security of telephony systems includes conducting regular audits of:

• Station privileges and restrictions
• Voice and data calling patterns
• Public and private network routing access
• Automatic route selection
• Software defined networks
• Private switched and tandem networks
• System management and maintenance capabilities
• Auto attendant and voicemail
• Direct inward system access (DISA)
• Call centre services (ACD)
• Station message detail reporting
• Adjunct system privileges
• Remote maintenance protection
• Primary cable terminations and physical security of the site and equipment rooms

Other measures include reviewing the configuration of your PBX against known hacking techniques, comparing configuration details against best practice and any regulatory requirements that may pertain to your industry sector.