|
Password Protection Many companies small and large who find themselves in trouble with the phreaker community have avoided any interaction with passwords. Default Password Most companies pay people big bucks to come in and install PBX's and VMB's. But when that person installs this equipment and leaves, that person may never come back again to work on it. Your technical support you hire to watch this equipment may not be aware about how about most manufacturers of PBX's and VMB's set default passwords. I am sorry to say I have seen documents out there that identify the initial default passwords online and offline. Password Cracking Phreakers will sit for days trying to crack your system passwords. With some programs for PC's out there, phreaks can set there computer to call and try every known password. Most passworded systems have a 3 try - then disconnect system. This makes it inconvienent for the phreaker. If possible see if your equipment can ban a number after so many password attempts. Passwords laying around. Room cleaners at hotels always look at the desk by the phone to see if there is a phone number written down with maybe some extra numbers written down (which could be a pin). They will make a copy of this number and pin and sell it to people who want it. I have seen phone numbers with passwords laying around all over. I saw a few sitting around at my local phone company and some numbers sitting on big business peoples desk. ------------------------- Password Recommendations ------------------------- Identify every password assigned Change all Default Passwords Use the maximum length passwords Change all maintenance port passwords at least every 30 days. Do not use the same passwords at different sites Make sure you have control of the distribution and assigning of passwords When someone leaves the company, make sure all their accounts are closed and that any passwords they had are changed immediately. Make sure the passwords are not posted around the office or equipment room. I have only encoutered this once. When I was playing with a dial up after three call in's the system banned my phone number I was calling from for a few days. This would really mess up phreakers using pc password crackers.