Security for Private Branch Exchange Systems   [open pdf - 103KB]

Hacker attacks on computer networks are well known, but Private Branch Exchange (PBX) systems are also vulnerable. In one case, a hacker penetrated the Private Branch Exchange (PBX) system operated by a hospital in Escondido, California. For nearly two years, on various occasions, he blocked calls to and from the hospital, connected hospital operators to spurious numbers (including the county jail), and placed bogus emergency calls that appeared to be coming from inside the hospital. Unfortunately, the hospital's experience is not unique. Failure to secure a PBX system can result in exposing an organization to toll fraud, theft of proprietary, personal, and confidential information, loss of revenue, or legal entanglements. Depending on how the organization's network is configured and administered, information leading to intrusions of data networks may be compromised as well. A PBX is a sophisticated computer-based switch that can be thought of as essentially a small, in-house phone company for the organization that operates it. Protection of the PBX is thus a high priority. This bulletin introduces some of the vulnerabilities of PBX switches and describes some countermeasures that can be used to increase the security of your PBX. For a more detailed treatment of these issues, see NIST Special Publication (SP) 800-24, PBX Vulnerability Analysis (see http://csrc.nist.gov).

Public Domain
Media Type:
Help with citations