TUCoPS :: Phreaking General Information :: pbx.txt

Ways to protect your DISA PBX
 

PBX's 
A PBX is a business-oriented phone system, designed to provide efficient voice 
communications between an organization's users. The only reason most phreaks are
interested in PBX's is because the DISA.

DISA 

DISA (Direct Inward System Access) PBX's allows authorized users of a private PBX 
system to remotely access company switch with any touch tone telephone. The passwords 
can only be the keys on the key pad of the phone which leads to some problems.


DISA Phreaking

DISA PBX's are major targets for phreakers, if a phreaker suspects that a 
particular telephone number is associated with a DISA, that number will be 
called and everyone password possible will be used till access is granted,

If a PBX has the DISA feature and a phreaker gains control of the maintenance 
port, the feature will be activated and users assigned. The only problem is that 
the phreakers are then the authorized users. This could lead them deap into your 
PBX and private voicemails can be heard and company secrets could be devolged.


---------------------------------
Ways to protect your DISA PBX.
--------------------------------

DISA's lead to many problems, passwords are shared with families and 
freinds. This leads to the passwords being used frequently. 

Romoving the DISA if possible would be best.
If the DISA can not be removed then:
	Change all passwords, every month 
	Issue individual, rather than group.  
	Use the maximum number of password characters allowed.

Telephone number: 
	Not same prefix as company number 
	Make sure the prefix is the the same as the company number.
	If PBX DISA is suspected of being compromised change the number asap. 
	Never publish the DISA number
	Attendant never gives the DISA phone number of password to anyone. 
	Set NO TONE as a start signal, rather than TONE.  This helps protected
		you DISA from computers dialing numbers looking for them.

One feature I have only seen once and still have no clue what the security was 
called, is was the best security I have ever seen. I was testing a DISA PBX from 
commonly used passwords. After trying three passwords it disconnected me. After
calling in three time it told me the phone number of the phone I was using was 
temporary banned. This must of sent a warning to the company who owned the PBX that
people were trying to break into it. If this is a feature on your DISA PBX do set
it.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH