Telecommunications Security

1
Telecommunications Security
Raval Fichadia John Wiley Sons, Inc. 2007

• Chapter Ten
• Prepared by Raval, Fichadia

2
Chapter Ten Objectives

• Learn the basic concepts of telecommunications
  (PSTN, PBX, VoIP) and associated terminology.
• Understand the risks that impact
  telecommunications and the controls to mitigate
  them.
• Gain the skills to assess the security posture of
  a telecommunications infrastructure and make
  management recommendations.
• Apply security principles and best practices to a
  telecommunications infrastructure.

3
The Big Picture

• Elements of the telecommunications
  infrastructure.
• Some risks that impact the infrastructure.

4
Telecommunication primer

• Telecommunication telephone-based communication
  across different parties using either PSTN or
  VoIP technologies.
• Traditional telephone communication occurs via
  the Public Switched Telephone Network (PSTN).
• PSTN involves transmitting analog voice signals
  over copper wires to a local station where it is
  digitized and sent on a dedicated network to its
  destination end node.
• VoIP is newer technology that involves the
  digitized voice via small packets over shared
  network.
• Vendors that provide PSTN includes ATT, Qwest.
  VoIP providers include companies like Vonage.

5
Telecommunication primer

• Telecommunication PSTN components include the
  following
• End nodes are your basic telephones (for people),
  modems (for computers), telephony cards (for
  AVRs).
• Phone switches are equipment where a dedicated
  channel between various callers and receivers is
  established.
• Transmission media typically includes copper wire
  between end nodes and local phone switch and
  digital/fiber connections between various
  switches.
• Signaling system that provides call control
  (connecting / disconnecting callers, determining
  best route etc.)

6
Telecommunication primer

• Telecommunication Need for phone switches
• Connecting phones to every other phone is
  untenable. For e.g., 10,000 phones need 50M
  connections (n(n-1)/2).
• Phone switches solve this problem by acting as a
  central hub which connects to all phones. 10,000
  phones need 10,000 connections (n).

7
Telecommunication primer

• Telecommunication Function of phone switches
• Phone switches act as a broker by opening a
  dedicated circuit when a caller request for it.
• Number of circuits are determined by Earlang
  equations.
• Different categories of phone switches
• Private Branch Exchange (PBX) is a privately
  owned switch
• Central Office (CO) is a phone company owned
  switch that interfaces with end users phones.
• Tandem switches large scale switches that
  interface to various COs and other tandem
  switches.

8
Telecommunication primer

• Telecommunication Hierarchy of phone switches
• Phones connect to CO switch via local loop.
• CO switch connects to tandem switch via trunk
  lines.
• Tandem switches connect to each other.

9
Telecommunication primer

• Telecommunication Transmission media allow a
  path for user-to-network and network-to-network
  communication.
• User-to-network communication, from home phone to
  CO, typically occurs over copper wires in an
  analog format.
• Dual-Tone Multiple Frequency (DTMF) is used to
  signal CO for a communication channel.

10
Telecommunication primer

• Telecommunication Transmission media allow a
  path for user-to-network and network-to-network
  communication.
• Network-to-network communication, from switch to
  switch, typically occurs over fiber in a digital
  format.
• Analog signals are digitized via pulse-code
  modulation (PCM), combined via time-division
  multiplexing (TDM) and sent over PSTN.

11
Telecommunication primer

• Telecommunication Transmission media allow a
  path for user-to-network and network-to-network
  communication.
• Over the PSTN tandem switches carry the signal
  over the network to the destination CO for
  delivery to the end node.

12
Telecommunication primer

• Telecommunication Signaling system is needed to
  build a route among switches and to provide call
  control.
• Before a call is sent over the PSTN, a dedicated
  path (circuit) has to be setup.
• Messages to setup a circuit, tear it down,
  provide busy tones, etc. need to be passed back
  and forth (call control).
• This signaling is accomplished via an out-of-band
  network called common channel signal (CCS)
  network.
• SS7 is the current implementation of CCS network.

13
Telecommunication primer

• Telecommunication Signaling system is needed to
  build a route among switches and to provide call
  control.
• SS7 is a packet switched shared network for
  signaling (PSTN is a circuit switched dedicated
  network for transmission of voice signals).

14
Telecommunication primer

• Telecommunication VoIP components include the
  following
• End nodes are VoIP-enabled telephones. They
  could be like regular phones (hardphones) or be
  softphones.
• Call processors also known as softswitches
  that setup calls, translate phone numbers into IP
  addresses, do signaling, authorize users, etc.
• Media processors that broker transmissions
  between VoIP and PSTN networks.
• Signaling gateways that mediate between signaling
  on VoIP networks and signaling on PSTN networks.

15
Telecommunication primer

• Telecommunication VoIP networks currently
  coexist with PSTN networks.
• Media processors and signaling gateways bridge
  the gap between PSTN and VoIP networks.

16
Telecommunication primer

• Telecommunication Advantages of VoIP includes
• Data networks can be reused for voice traffic
  (convergence).
• Enhanced features and functionality compared to
  PSTN.
• Cheaper calls than PSTN networks. Cost doesnt
  vary as much by time-of-day or distance.
• VoIP allows for location independence calls
  follow you.
• Allows for efficient use of bandwidth silence
  doesnt consume any bandwidth.
• However, quality for VoIP calls still has to
  catch up with PSTN calls.

17
Telecommunication primer

• Telecommunication Comparison of VoIP vs PSTN

18
Management concerns

• Concerns about telecommunications system security
  typically include the following
• Maximizing the communication infrastructure
  availability for employees and customers.
• Ensuring the integrity of communications
  infrastructure.
• Keeping up with existing and upcoming telecom
  scams, toll frauds, social engineering attacks
  and implementing mitigating controls.
• Having an effective backup, recovery, business
  resumption and a disaster recovery plan.

19
Risks and controls

• Remote Access Feature of PBX that allows
  long-distance calls to remote users.
• Also known as Direct Inward System Access (DISA).
  
• Employees on the road call a toll-free number
  paid by the company.
• The PBX prompts for a passcode and gives a dial
  tone to make a long-distance call at companys
  expense.

20
Risks and controls

• Remote access risks
• Phreakers war-dial/dumpster dive/social engineer
  to identify remote access numbers crack the
  passcodes leading to toll-fraud.
• Controls
• Disable DISA if not reqd. Else, use strong
  passcodes.
• Dont make 800 s readily available.
• Disable dial tones on DISA ports to foil
  war-dialers.
• Limit places to which long distance calls can be
  made.
• Analyze the logs to identify toll-fraud.

21
Risks and controls

• Maintenance ports Feature of PBX that allows
  support personnel to administer various features
  remotely.
• Also known as Remote Administration.
• Support personnel and vendors call into the PBX
  and can administer various PBX features.
• The PBX prompts for a passcode before allowing
  access.

22
Risks and controls

• Remote access risks
• Phreakers war-dial/dumpster dive/social engineer
  to identify maintenance port numbers crack the
  passcodes leading to toll-fraud, silent
  monitoring, call rerouting and deny service.
• Controls
• Disable maintenance ports if not reqd. Else, use
  strong passcodes or stronger authentication
  means.
• Enable intruder lockouts.
• Disable dial tones on DISA ports to foil
  war-dialers.
• Analyze the logs to identify intrusion attempts.

23
Risks and controls

• Silent monitoring Feature of PBX that allows a
  user to listen in on others conversations.
• Businesses often have a need to silently listen,
  record, and/or store conversations among users.
• Supervisors listen in on conversations to ensure
  customer service in a call center/telemarketing
  type environment.
• Sometimes calls are recorded and/or stored for
  liability or compliance reasons (e.g. air traffic
  controller).

24
Risks and controls

• Silent monitoring risks
• Legal ramifications can arise if calls are
  monitored without reviewing applicable law. Laws
  vary by state.
• Unauthorized monitoring could occur if
  administrators arent diligent.
• Controls
• Procure legal consultation before enabling the
  feature.
• Inform callers and employees about the
  monitoring/ recording practice. Obtain consent
  forms from latter.
• Periodically review the business need for users
  with the privileges to monitor.

25
Risks and controls

• Telecom scams Several scams usually aimed at
  toll-fraud, are prevalent within telecom
  industry.
• Shoulder surfing attack includes attackers
  filming use of calling cards by callers.
• Pager/beeper/fax-back scam aims at tricking
  people calling into expensive toll-numbers.
• Operator deceit is a social engineering attempt
  wherein callers fool company employees to
  transfer them the operator and asking the
  operator to make a long-distance call on behalf
  of the employee.
• Employees can misuse call-forwarding feature by
  forwarding calls to their home numbers and having
  their friends call the company toll-free number
  reach them.

26
Risks and controls

• Telecom scam risks
• Toll-fraud.
• Controls
• Educate users about these scams and implement
  technical controls where possible.
• Restrict places to where calls can be made.
• Log long-distance activity and analyze logs for
  abuse.
• Limit the call forwarding feature.

27
Risks and controls

• Voicemail conferencing systems Allows for
  exchanging message exchanges conducting
  conference calls.
• Often sensitive information is exchanged via
  voicemails and/or discussed on conference calls.
• Security on these systems is often ignored.
  Passcodes are almost never changed. Recurring
  conf calls typically have the same passcodes.
• Sometimes these systems allow for zero-out
  options where the caller can reach an operator
  leading to an operator deceit scenario.
• Yes-Yes scam with mailboxes can lead to
  third-party billing abuse.

28
Risks and controls

• Voicemail conferencing systems risks
• Poor passcodes can lead disclose sensitive
  information.
• Toll-fraud.
• Controls
• Ensure strong password password management.
• Educate users and operators about scams.
• Disable zero-out and third-party billing options.
  
• Delete unused mailboxes.

29
Risks and controls

• VoIP Technology that involves transmission of
  digitized voice packets over a shared
  packet-switched network.
• VoIP transmissions are no different that data
  network transmissions. Hence it suffers from
  same security issues (see Network security
  chapter).
• VoIP devices are less proprietary in nature (than
  PSTN devices) and communicate via standard TCP/IP
  protocols. Hence it is more prone to attacks.
• A compromise of data network impacts both
  computer and telephone traffic.
• A compromise of users computer could easily
  impact voice traffic (softphones, web-based
  voicemail etc.).

30
Risks and controls

• VoIP risks
• Sniffing attacks could capture transmissions.
• Calls could be hijacked.
• DoS attack could disable voice communications.
• Controls
• Encrypt all VoIP traffic to mitigate sniff risk.
• Use Virtual LANs to logically segregate VoIP
  traffic from the rest of the traffic.
• Secure operating systems for PCs and VoIP
  devices.
• Secure networks via firewalls and Intrusion
  Detection Systems.

31
Assurance considerations

• An audit to assess telecommunication security
  should include the following
• Evaluate the physical security of
  telecommunications equipment.
• Assess the security pass-through/zero-out
  features available via the PBX, voicemail
  systems, and conferencing systems.
• Review end user education programs to warn them
  of various telecommunication scams and social
  engineering attacks.
• Ensure that the DISA and maintenance ports are
  secured against attacks.

32
Assurance considerations

• Review the security all servers that allow for
  VoIP communications (operating system audit).
• Review the security of the network that carries
  VoIP traffic (network security audit).
• Ensure that functional plans for backup and
  recovery, business resumption, disaster recovery
  are in place.

33
Recap