Installing a call logging solution, to provide notification of suspicious activity on your PBX, is a useful measure and one that can often give valuable early warning of an attack. In addition, review existing PBX control functions that might be at risk or which could allow errors to occur.
Be aware that many voice systems now have an IP address and are therefore connected to your data network. You therefore must assess what provisions you have to segment both networks. Security exposures can also result from the way multiple PBX platforms are connected across a corporate network or from interconnectivity with existing applications.
Research and investigate operating system weaknesses, including analytical findings, manufacturer recommendations, prioritisation and mitigation or closure needs - and implement a regular schedule of reviewing server service packs, patches, hot-fixes and anti-virus software.
Finally, formalise and instigate a regular testing plan that includes prioritisation of the elements and components to be assessed, and supplement this by conducting a series of probing exercises to confirm the effectiveness of the security controls used.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.