Agenda

1
Agenda

• Soft-ex Pedigree
• Voice Security Overview
• Solutions

2
Soft-ex

• Soft-exs core business
• 18 years experience
• 50,000 installations worldwide
• Key Partnerships
• Nortel Select Partner
• Cisco Avvid partner
• Uniquely positioned to support Lancomms and its
  customers
• Web tariff site
• Web training
• Dedicated LoCall helpdesk
• Voice security portfolio

3

What is Toll Fraud ?

• Professional external hacking of PABX systems
• Similar to attempts made into data network and
  creating virus problems
• Hackers break into PBX
• Via voicemail
• Maintenance ports
• DISA
• Trunk to trunk access
• Internal misuse and abuse
• Employees making international calls
• Contracted employees using phones out of hours
• Diverting extension to international or premium
  numbers

4

• Simple to carry out, profitable and of negligible
  risk
• High profile examples
• Government agencies in Ireland, UK and USA have
  been victims of massive losses
• Irish business, an average of 20,000.00 per day
• Not taken seriously enough
• Difficult to minimise and monitor the threat
• Costly, administrative task
• An increasing threat
• Toll Fraud is increasing at a rate of 15 per
  year
• Estimates state that 1 in 4 companies will be
  affected
• According to the Forum for International
  Irregular Network Access (FIINA), organised crime
  is making 60 billion a year from telecoms fraud.

Why the issue ?
5
Business issues

• Discovery after the event
• Convergence
• More control over the PBX network and therefore
  more responsibility
• Network security has always been mission
  critical, PBX security has not
• Organisations may have a security policy e.g.
• My PBX is secure, have dialed digits barred and
  trunks pinned down for company holiday etc
• MET POLICE phone system was extremely secure
  however they were hit over 6 month period for
  total of 1million
• Its worth 60 Billion per annum
• Human factor

6
Business Issues cont.

• Already use a call logging system
• Not proactive
• Time / administration on detecting external and
  internal fraud tends to lead to ad hoc periods of
  use, not a fulfillment of a policy
• Multi site and multi-vendor
• You as the customer still have to pay the bill
• Key to security is a number of solutions, no
  magic bullet

7
Protecting the voice network
Questions

• How secure is our telephony infrastructure?
• How do we identify irregular call activity across
  our voice network?
• Who is responsible if a toll fraud attack occurs?
• B.C.M.
• What policies are in place for
• Spend
• Security e.g. pass word changes
• How can we reduce costs and release budget for
  future plans?
• It has been proved that monitoring of call
  costs/activity decrease this expense by between
  10-30 by reducing misuse and abuse and limiting
  toll fraud

8
Protecting the voice network

• Assessment of configuration
• Development of a policy, in harmony with
  organisations business requirements
• Pro-active management
• Pre attack hit detection
• Monitoring call traffic to ensure network
  provisioned efficiently -trunk to trunk traffic
• Monitoring of call activity -call
  cost/duration/unusual activity
• Ensuring class of service is efficient

9
Solutions Security audit

• Nortel, Cisco to follow
• PBX,
• Call Pilot
• Meridian Mail
• Audit of 85 separate analysis, designed to exceed
  current industry standards
• Assessment of how PBX is programmed, identifying
  weak spots and areas for improvement with
  corrective actions
• Comprehensive consultancy document

10

• Full Glossary
• Simple terms
• Reports include, System config Mailbox
  passwords ACD Restriction and
  permission lists Call routing

11
Solutions SwitchMinder

• 24/7/365 onsite proactive solution
• Using core RingMaster and outputs
• Detects on Trends, individual events and Totals
• Specific destinations
• Trunk to Trunk, DISA, Voicemail
• Unknown accounts
• Maintenance Ports
• Out of Hours
• Diverts (mobile etc)
• Excessive use ( thresholds )
• Cumulative costs

12
GUI

• Simple
• Browser based
• Easily tailored
• Overall policy
• Specifics
• Full History Audit trails

13
Pro active alertingManagement by exception
14
Soft-ex / Lan Communications Value Proposition

• Fraud is increasing
• The most effective questions tend be asked after
  the event, at board level
• Effective policy
• Simple, cost effective tools to reduce risk
• Delivering ongoing management
• Return on investment
• Peace of mind

15
Thank you