Phreaker Abatement The Goal The goal of phreaker abatement is to prevent the intrusion of uninvited outside parties into the telecommunication systems of your company. If you and your company are doing "catch-up", then proceed to the IMMEDIATE ACTIONS section of this document. If you and your company have performed (or have in process) each of the items in the immediate section, proceed to the really important item of providing a telecommunications policy. If you and your company have performed the above items then it is time to really get to work and eliminate the remaining loop-holes that a phreaker may enter. In the short term, this process may mean a great deal of work. None of the work should cause any outage for the users of your system. In the long term, this process will provide a level of security that cannot be achieved in any other way. You will know your system and be able to manage it. Without this or some other similar process, the phreaker will eventually find your system. There is no gurantee that the phreaker will be able to enter your system. However, I rather think it is prudent to act to prevent damage and/or expense. I do not believe this is the only solution. There are many others, and if you would like to share those procedures and ideas, drop me a message. I also will enter credit for ideas, if permission is granted at the time of submission. If there is not credit permission, I will sift the information and enter parts in this document with an anon credit. Immediate Actions The following is a list of items that should be done immediately: Passwords Change all default passwords Use the maximum length passwords Use a password generator to create random, convoluted passwords Change all maintenance passwords at least each 30 days Do not use the same passwords at different sites. Make sure you have control of ALL passwords Serial Ports Locate every system serial port (maintenance, admin, etc.) Trace these to their destination. Make sure there are no connections you cannot identify. Make sure there is no bridging. Clearly identify each modem connection. Protect each sio port with a protection device. Such as a call back protection device. DISA If you can disconnect disa, do it. If you cannot disconnect disa then do the following: Change all passwords each month. Issue individual passwords, if possible. Change the disa number if it has been compromised. Never publish the disa number. The attendant should never give the disa number to anyone. Set the disa to send no tone as a start signal rather than a tone. Voice Mail Make sure your software will not allow call forwarding. Make sure there are no voice mail boxes you cannot identify Make sure the passwords are changed every 30 days Make sure there is no visitor mail box. Codes to Deny Contact your long distance carrier and have them deny service to: 700 prefixes 809 prefix - if you do not do business in the Caribbean deny this area code. More telephone fraud is reported on calls to this area than to all other locations in the world combined. 976 and 976 look alike prefixes. 900 prefixs. 011 (international calls) if you do not normally do international business. My tracks on the pay per call croud indicates that they are moving from the 800 pay per call in favor of the 011 call. Make sure that you deny access to each of the above in your own machine. Additionally, deny all 800 and 888 pay per call lines. One of the better ways to do the deny is to use an allow table that will not output the required digits. Looks like it works but don't. May even escape notice if the phreaker has access to the maintenance port. Telecommunications Policy To effectively achieve this goal, a long term, strategy must be developed and the approval of upper management obtained. This action will give the document the weight of POLICY. The following are recommendations for policy from Northern Telcom. There is no hard and fast rule that all elements are required or that these are the only elements that could be included. Risk Assessment Define Responsibilities Authority Identify Protection Resources Procedures Audit Enforce Policy Publish Incidents Balance Ownership This really is not a telecommunications policy but is some kind of security policy. Truely what is needed is a policy that will meet the needs of the current company configuration, and adjust for future growth. Readers are invited to use the above items in the generation of a policy. If your company has a policy and would share with the readers of this site, please forward via fax, snail mail or otherwise. No payment for the document is possible. Long Term Security items Now that the items above are achieved or in progress, we need to seek out any phreakers. Keeping them out was the original goal. But it would have been useless to get them out and not be able to secure the system. Activate the SMDR. Make it active both incoming and outgoing. Check any calls of long duration or high cost. Check any calls that are not within working hours. Check for any calls to a 900, 976 (or look alike), 800 pay per call line, or area code 809. Check any 011 calls or calls to other common carriers. Note: To make matters far more confusing, the Area Code 809 has split! The new area codes for Antigua and Barbuda is 268. The old code is also still in effect. If you block 809, block 268 also. Check your smdr for area code 268 also. Question: Can anyone explain why eight prefixes need their very own area code. This was done with little prior notice. Check the phone bills. Go over the bills with regularity and question all items on the bill. There are a number of items I will leave out at this point to avoid phreaking. A closing comment: Give me a call or an eMail if you have a question. I charge for analysis. I do not charge for questions.