TUCoPS :: Phreaking Voice Mail :: passwrd.txt

Password security for VMB users
 

Password Protection

Many companies small and large who find themselves in trouble with the phreaker community
have avoided any interaction with passwords. 


Default Password 

Most companies pay people big bucks to come in and install PBX's and VMB's. But when that
person installs this equipment and leaves, that person may never come back again to work 
on it. Your technical support you hire to watch this equipment may not be aware about how
about most manufacturers of PBX's and VMB's set default passwords. I am sorry to say I have
seen documents out there that identify the initial default passwords online and offline.


Password Cracking

Phreakers will sit for days trying to crack your system passwords. With some programs for 
PC's out there, phreaks can set there computer to call and try every known password. Most 
passworded systems have a 3 try - then disconnect system. This makes it inconvienent for the
phreaker. If possible see if your equipment can ban a number after so many password attempts. 

Passwords laying around.

Room cleaners at hotels always look at the desk by the phone to see if there is a phone 
number written down with maybe some extra numbers written down (which could be a pin). They 
will make a copy of this number and pin and sell it to people who want it. I have seen phone
numbers with passwords laying around all over. I saw a few sitting around at my local phone
company and some numbers sitting on big business peoples desk.

-------------------------
Password Recommendations
-------------------------

Identify every password assigned

Change all Default Passwords 

Use the maximum length passwords 

Change all maintenance port passwords at least every 30 days. 

Do not use the same passwords at different sites 

Make sure you have control of the distribution and assigning of passwords 

When someone leaves the company, make sure all their accounts are closed and that any 
passwords they had are changed immediately. 
Make sure the passwords are not posted around the office or equipment room. 

I have only encoutered this once. When I was playing with a dial up after three call in's
the system banned my phone number I was calling from for a few days. This would really mess up
phreakers using pc password crackers.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH