|
|
|
|
Dial 1-800 plug Holes
|
 |
|
November 1, 2002
By Joe Hernick, Dean Ellerton and Jim Wiggs
|
|
IP security is top priority for IT managers, but many still leave their networks vulnerable to intrusion by way of telecom systems. Potential threats include access to internal data networks via unauthorized modems, illicit calls to ISPs via outbound modems, toll fraud and use of unsecured voice or fax lines to transmit data. Perpetrators may be well-intentioned employees setting up remote-control apps or "black hats" looking to exploit telecom security holes.
San Antonio-based SecureLogix Corp. is targeting these telecom security threats. Its ETM (Enterprise Telephony Management) platform is the only product offering an enterprise-level toolset for monitoring and managing in-band security for analog and digital circuits connected to different kinds of PBXs in geographically dispersed locations.
While the ETM suite scales from single-site, single-span configurations to enterprisewide solutions, the product will most likely be purchased by large organizations facing either a specific security threat or a telecom management challenge. Representative of SecureLogix's customer base is the U.S. Air Force, which is looking to SecureLogix to complement the STUs (secure telephone units) it uses for high-level point-to-point communications in domestic and international bases.
|
|
Other potential customers include health care and financial companies concerned with patient and customer privacy, and any organization worried about potential "back-door" vulnerabilities via unsecured analog access points, such as service ports on LAN-connected PBXs and VRUs (voice response units) or modem-enabled field equipment, like oil rigs and irrigation controls. Excessive unauthorized toll charges are another motivator.
Back to School
Our test lab for this article was a production environment in a private boarding school in New England. We installed the SecureLogix equipment in-line on the ISDN PRI between a production PBX with 400-plus active extensions and the local telecom's central office. Our Real-World Labs® team then ran the ETM through a rigorous gamut of tests by autogenerating hundreds of thousands of voice calls over a 30-day period, creating large data sets for testing reporting while providing a consistent base level of background activity so our functionality testing would not occur on an idle platform (see "How We Tested"). We ran all tests with the ETM software version 3.03 (version 4.0 should be hitting the streets now--see "Sneak Peek at ETM 4.0").
|
FYI
A Fortune 500 company discovered more than 7,000 clandestine remote-access users--15 percent of its work force--even though the HR and IS departments believed that no remote access was available, according to Gartner. The company had to use war-dialer tools to discover unauthorized dial-up connections to computers, modems, fax machines and other devices.
|
Note that the SecureLogix ETM environment is a vendor-installed product suite. On-site installation and configuration are sold as a part of every contract; time and expense are based on complexity. SecureLogix technicians performed a standard installation of the test equipment under the guidelines normally associated with an enterprise installation. Because our test site had no pre-installed Oracle services, a Microsoft Windows 2000 database server running Oracle 9i was included in the installation. If an existing Oracle solution exists, SecureLogix will integrate the ETM platform within that infrastructure, if desired (the ETM suite plays only with Oracle; SQL shops will need to make the additional investment).
We experienced just a half-second outage as the equipment was connected between our PBX and PRI voice line; the ETM had been set up with our configuration specs prior to connection.
Let us be clear--we could not have completed the installation and base environment setup without on-site support from SecureLogix. While the basic setup of the environment is pretty straightforward, the devil is in the details. To paraphrase the field engineer: "There are just too many weird configurations out in customer sites."
|
|
|
|
|
|
|
|
RSS
