About This Document
xii Issue 2 November 1996
are security conscious and check the CDR/SMDR reports every morning
looking for suspicious activity. They will not see records of the calls
because CDR/SMDR was turned off by the hackers. The administrator
may notice the absence of CDR/SMDR records for evening, night, and
weekend calls made by employees.
NETCON Data Channels
The NETCON (Network Control) data channels provide internal access to the
system management capabilities of your DEFINITY® Communications System.
If the 8400B Plus Data Module is connected to a modem, or there is a modem
pool, your system may be at risk for toll fraud.
Expert toll hackers will target the administration and maintenance capabilities of
your system. Once criminals gain access to the administration port, they are
able to change system features and parameters so that fraudulent calls can be
made. In a modem pool or NETCON modem installation, this would also permit
a hacker to transfer to a NETCON extension, get data tone, and obtain a login
prompt — permitting transfer out to make toll calls.
If the data module or modem must be connected to a NETCON administration
port, then deny access to any high-risk features or endpoints by placing them in
restriction groups on the DEFINITY Communications System. This restricts their
accessibility from the incoming facility or endpoints that could transfer a call.
Also, use Class of Restriction to Class of Restriction (COR-to-COR) to restrict
stations from calling the NETCON data channels, so that only CORs allowed to
access the maintenance port are able to do so. For example, if voice mail
extensions have a COR of 9, and extensions assigned to NETCON channels
have a COR of 2, ensure that COR 9 does not have access to COR 2. Anyone
not authorized to use the NETCON channel should not be able to access it.
In addition, a data module or modem port used for voice mail maintenance or
administrative access is often a switch extension. It should be restricted in the
same manner as the NETCON channel.