STAMFORD, Conn.--(BUSINESS WIRE)--
A PBX - private branch exchange - is a telephone system operating within
a company and has outside telephone lines. Frontier Communications
(NYSE: FTR) is reminding business PBX customers that "private" does not
protect them from hackers.
"Business customers are responsible for protecting their own PBX
equipment from fraudulent use, so some basic blocking and tackling by
companies can help prevent hacking of their equipment," said Jeff
Blanton, Manager of Revenue Assurance for Frontier.
Voice Mail Fraud is the most prevalent and most significant
threat to businesses using a PBX. Hackers gain access to the phone
system in order to place long distance calls directly from the business
customer's lines. Unauthorized access to a system is usually gained
through voice mail menus protected with simple passwords (1111, 2222,
1234, etc.) or unchanged factory default passwords. Once in the system,
hackers use system commands to gain dial tone and place calls that
appear just like any other call originating from the business. Good
password management policy and practice is a strong protection step.
Default User Passwords and maintenance port passwords can wind up
on the PBX system when the installation and configuration isn't properly
done. Many savvy Fraudsters know the default passwords used by switch
vendors. PBX fraud can occur when the PBX vendor or the customer fails
to change these default passwords.
Although no system is 100 percent protected, Frontier suggests that
business customers do the following to help prevent PBX fraud/hacking:
-- Confirm that no default or unchanged factory passwords exist in the PBX
and/or voicemail system.
-- Confirm no unauthorized or additional passwords exist in the system.
-- If the customer does not need international calling, recommend
international call blocking in the PBX and at the local switch/long
distance switch.
-- Delete/lock all unused mailboxes.
-- Require ALL users to change their voice mailbox passwords to 6 or 8
digit non-trivial passwords. This includes Administrative, General
Delivery and System Manager mailboxes.
-- Disable Outbound Transfer/Dial/Pool Access in administrative programming
(COS) for each mailbox.
-- Lock out mailboxes after three unsuccessful password attempts.
-- Disable DISA (Direct Inward System Access) and/or establish secure
account codes if possible. (DISA allows someone calling in from outside
the PBX to obtain an "internal" system dial tone and dial calls as if
from one of the extensions attached to the telephone switch.)
-- Set up restriction filters and apply them to voice mail ports/DNs.
-- Set up restriction filters and apply them to lines and/or setup COS
passwords to by-pass restrictions.
-- Disable "Allow Redirect" option for all sets.
-- Make sure systems are upgraded to latest patches.
-- Treat all internal directories, call logging reports and audit logs as
confidential. Shred them when no longer needed.
-- Disable remote access to any maintenance ports/modems.
-- Block 1-900, 1-976, and 1010 casual dialing within the PBX/Voice Mail
system.
-- Block third-party/Collect calls against the PBX DNs.
"By following these steps, business customers can make a significant
difference in the security of their PBX systems," said Blanton. "At a
time when everyone has a keen eye on security and the bottom line, basic
prevention really pays off. We are here to help our customers with
security and system enhancements."
About Frontier Communications
Frontier Communications Corporation (NYSE: FTR) is the second largest
rural local exchange company in the United States and a member of the
S&P 500 Index. The community-based company offers telephone, television,
Internet services, wireless broadband and more in 24 states. For more
information, visit www.frontier.com.
Source: Frontier Communications Corporation
Contact: Frontier Communications
Brigid Smith, 203-614-5042
Brigid.smith@frontiercorp.com