Phreaker Abatement

The Goal


The goal of phreaker abatement is to prevent the intrusion of
uninvited outside parties into the telecommunication systems of
your company.

If you and your company are doing "catch-up", then proceed
to the  IMMEDIATE ACTIONS section of this document. If you and
your company have performed (or have in process) each of the items
in the immediate section, proceed to the really important item
of providing a telecommunications policy. If you and your company
have performed the above items then it is time to really get to
work and eliminate the remaining loop-holes that a phreaker may
enter.

In the short term, this process may mean a great deal of work.
None of the work should cause any outage for the users of your
system.

In the long term, this process will provide a level of security
that cannot be achieved in any other way. You will know your system
and be able to manage it.

Without this or some other similar process, the phreaker will
eventually find your system. There is no gurantee that the phreaker
will be able to enter your system. However, I rather think it
is prudent to act to prevent damage and/or expense.

I do not believe this is the only solution. There are many others,
and if you would like to share those procedures and ideas, drop
me a message. I also will enter credit for ideas, if permission
is granted at the time of submission. If there is not credit permission,
I will sift the information and enter parts in this document with
an anon credit.

Immediate Actions


The following is a list of items that should be done immediately:
Passwords


Change all default passwords
Use the maximum length passwords
Use a password generator to create random, convoluted passwords
Change all maintenance passwords at least each 30 days
Do not use the same passwords at different sites.
Make sure you have control of ALL passwords


Serial Ports


Locate every system serial port (maintenance, admin, etc.)
Trace these to their destination. Make sure there are no connections
you cannot identify. Make sure there is no bridging.
Clearly identify each modem connection.
Protect each sio port with a protection device. Such as a
call back protection device.


DISA


If you can disconnect disa, do it.
If you cannot disconnect disa then do the following:

Change all passwords each month.
Issue individual passwords, if possible.
Change the disa number if it has been compromised.
Never publish the disa number.
The attendant should never give the disa number to anyone.
Set the disa to send no tone as a start signal rather than
a tone.




Voice Mail


Make sure your software will not allow call forwarding.
Make sure there are no voice mail boxes you cannot identify
Make sure the passwords are changed every 30 days
Make sure there is no visitor mail box.


Codes to Deny
Contact your long distance carrier and have them deny service to:

 700 prefixes
 809 prefix - if you do not do business in the Caribbean deny this area code.  More telephone fraud is reported on calls to this area than to all other locations in the world combined.
 976 and 976 look alike prefixes.
 900 prefixs.
 011 (international calls) if you do not normally do international business.  My tracks on the pay per call croud indicates that they are moving from the 800 pay per call in favor of the 011 call.

Make sure that you deny access to each of the above in your own machine.  Additionally, deny all 800 and 888 pay per call lines.
One of the better ways to do the deny is to use an allow table that will not output the required digits.  Looks like it works but don't.  May even escape notice if the phreaker has access to the maintenance port.

Telecommunications Policy

To effectively achieve this goal, a long term, strategy must be
developed and the approval of upper management obtained. This
action will give the document the weight of POLICY. The following
are recommendations for policy from Northern Telcom. There is
no hard and fast rule that all elements are required or that these
are the only elements that could be included.

Risk Assessment
Define Responsibilities
Authority
Identify Protection Resources
Procedures
Audit
Enforce Policy
Publish Incidents
Balance
Ownership


This really is not a telecommunications policy but is some kind of security
policy. Truely what is needed is a policy that will meet the needs of the
current company configuration, and adjust for future growth. Readers are
invited to use the above items in the generation of a policy.

If your company has a policy and would share with the readers of this site,
please forward via fax, snail mail or otherwise. No payment for the
document is possible.

Long Term Security items



Now that the items above are achieved or in progress, we need to seek out
any phreakers. Keeping them out was the original goal. But it would have
been useless to get them out and not be able to secure the system.

Activate the SMDR. Make it active both incoming and outgoing. Check any
calls of long duration or high cost. Check any calls that are not within
working hours. Check for any calls to a 900, 976 (or look alike), 800 pay
per call line, or area code 809. Check any 011 calls or calls to other
common carriers.

Note:  To make matters far more confusing, the Area Code 809 has split!
The new area codes for Antigua and Barbuda is 268.  The old code is also
still in effect.  If you block 809, block 268 also.  Check your smdr for
area code 268 also.

Question:  Can anyone explain why eight prefixes need their very own area
code.  This was done with little prior notice.

Check the phone bills. Go over the bills with regularity and question all
items on the bill.

There are a number of items I will leave out at this point to avoid
phreaking. A closing comment:

Give me a call or an eMail if you have a question.  I charge for analysis.
I do not charge for questions.