Cyber Attacks on Telecom Rack Systems

Welcome back!  This week we continue our look a vulnerabilities for Server and Telecom Racks as we look at Cyber Attacks on Telecom Rack Systems.

As we walk through this blog series, please keep one fact always in mind: Cybersecurity is all about the data that resides in your rack. It doesn’t matter whether that data happens to be in a server, a storage system or a telecom system.  Any data can be stolen can be used to gather information about your organization and can be used against your organization. A cyber criminal can do everything from steal that data to erase that data and everything in between. If you have data, it is valuable to someone and, in today’s world, people will steal or destroy it for the right price.

Data about your organization lives in many places. I list the obvious of servers and storage systems here but, did you ever think of the data in your telecom system? IP-based PBX systems dominate telecom sales for medium and larger organizations. This is a particularly hot spot for us because we have seen just how easy it is to log into PBX systems from all of the major brands.

Virtually every phone system today is managed via the network and that means that if you can manage it, a cyber criminal can get into it. If a cyber criminal gets into one of these systems – and the point is more of “when than if” because none of these systems offer much true cyber protection – there is no limit to the information they can gain or the damage they can cause.

Consider the following critical data that can be stolen from most phone systems:

  • The phone numbers and names of each person who has been called by your employees
  • The phone numbers and names of everyone who has called someone in your organization
  • Voicemails left for your employees
  • Personal calendars and other information that are tied into the system

Cyber Attacks on Telecom Rack Systems

So what would an unscrupulous competitor pay for this information? It turns out, just like the drug economy exists because their are buyers, so too, cyber crime exists because their are buyers of this data. A whole underground economy exists and flourishes in the business of black market data.

In addition to stealing data from your IP-PBX or other phone system, hackers can also break into your phone system for the purpose of using your system to originate international calls.  Hacking IP-PBX systems for toll fraud has become a huge problem in the past few years.  To alert its customers to this problem, TDS Telecom, a large Independent Voice and Data Carrier, sent the following warning to its customers:

Telephone hackers can infiltrate vulnerable PBX systems to make international and long distance calls, listen to voice mail, or monitor conversations…By controlling the PBX maintenance port, hackers can change the call routing configuration, alter passwords, add or delete extensions, or shut down a PBX, all of which adversely impact business operations.

Unfortunately, you may only find out you have been hacked when you receive a bill for international calls made from one or more of your lines that were not dialed by anyone in your company…Your business, not your Long Distance Carrier, is responsible for all charges incurred on your system due to fraud (including toll fraud), abuse, or misuse of services, whether known or unknown, and whether or not your Long Distance provider takes any actions to stop or block Toll Fraud. The responsibility for the security of your PBX system is yours and you should take steps to protect your assets.

So, yes, by attacking your PBX system, cyber criminals can actually make fraudulent toll calls, running up enormous bills in the process. They can also steal sensitive information about your employees, your customers and your vendors.  As you can see from the above information, there is virtually no limit to what a cyber criminal can do to you through your phone system and the only way that you might even know that someone has tampered with your system is if they run up an enormous toll charge.

For all of the readers of this blog, please consider the small cost of securing your phone system with RackGuardian. RackGuardian is the only product that can both monitor the maintenance port of your PBX system while it shuts off any attempt to connect to the system from the outside.  RackGuardian also monitors the power and environment in your telecom server room, a huge factor necessary to keep your system up and operational.  It provides the ability to reboot your telecom server in a uniquely secure manner.  In addition, it on-board analytics can warn you when your UPS system battery is about to fail.  No other product has gives you such a broad-scale protection for your telecom systems.

Cyber vulnerabilities in PBX/IP systems are real and, with time, they will only increase. RackGuardian can protect your phone system, its power, environment and everything in the rack. Its a small price to pay vs. a risk from hackers that is growing exponentially by the year.

Please think on this and, until next time,

Be Well!

Comprehensive Server & Telecom Rack Protection

Greetings and welcome to our blog.  In this installment, we are going to look at how you can provide Comprehensive Server & Telecom Rack Protection for your systems.  To begin with, let’s define what we mean by “comprehensive protection”.  We define this as:

Protecting the entire rack contents from environmental, physical security and cybersecurity vulnerabilities.

In today’s blog, we are going to take a look at the first area of needed protection for your racks: environmental protection.  Rack monitoring products are nearly as old as server and telecom racks themselves.  Normally, these systems provide the ability to monitor the temperature and humidity of your rack and some also offer the ability to monitor the power being distributed in your rack by your PDU’s.  These are all good things but, as the systems that you place in your racks become increasingly critical and expensive to own and operate, basic environmental information is of limited value to actually help you operate your rack-based systems in the most secure and efficient manner.  Let’s look at the kind of environmental information that can truly help you maximize your system’s reliability and operation.

  • Rack Energy Efficiency – Two years ago, the Department of Energy released and excellent study on small server and telecom room energy use. Among the findings in this study were that:
    • The Power Usage Efficiency (PUE) of small server rooms was measured at over 2.0 on several sites and the average was 1.85.
    • The wasted energy accounts for thousands of dollars in wasted cooling energy for every server room per year.
    • The inefficient cooling of server rooms and resultant hot spots leads to equipment failures and other reliability problems
  • Rack Backup Power Availability – Battery monitoring products have become almost standard for large data centers because users know that the failure of a UPS battery can have catastrophic consequences.  However, the smaller UPS units that protect server and telecom rooms have very minimal software capabilities to manage the backup battery.  Its a fair question to ask: If you purchase a UPS, how much battery time does it have at the present time?  Very few software products give you an accurate look at that number and that creates a huge problem for the servers that you are trying to protect with the UPS.
  • Rack Environmental Hazard Protection – Leak detection systems, like battery monitors, are common and nearly standard at all data centers.  But again, they seldom are used in small server or telecom rooms.  That is a huge problem because the fact is, whereas racks in data centers have very little chance of having water touch them directly, server rooms and telecom closets are often located with in close proximity to water and drain pipes within a commercial office.  This makes the possibility of water-related system and data loss a very real possibility.

We are pleased to say that our patented RackGuardian product is the only one on the market that can truly solve each of these problems.  To begin with, our patented energy management functions will actually tell you where to best place the servers and equipment in your racks to allow for the least airflow resistance and therefore, the most efficient and reliable cooling.  We have proven that this results in lowered cooling costs for your server and telecom rack sufficient to pay for the RackGuardian in less than 2 years.

In addition, another patented features of our RackGuardian is its ability to manage battery conditions for even the smallest UPS unit.  Our proprietary technology will allow you to know when your UPS batteries are becoming weak.  Every UPS battery will eventually fail, just as your car battery fails.  Its just a matter of when.  RackGuardian’s ability to spot weakness early in the battery process will allow you to replace your batteries and keep your UPS operating in a manner in which you expect.

Lastly, the RackGuardian offers the Flexi-Pad liquid sensor that is built just for data cabinets.  Traditionally, leak detection has been done by cables which simply do not work in a data rack environment.  The Flexi-Pad is a leak detection sheet that simply fits underneath your servers or on top of your servers.  Our on-board analytics have the ability to communicate with the Flexi-Pad to spot any sign of a liquid at its earliest point.

Best yet, RackGuardian’s on-board analytics virtually eliminate false alarms while it ensures that every real alarm will reach you instantly.  AlphGuardian’s patented iOS App can put a system alarm onto your phone in less than 2 seconds and its acknowledgment features insures that you have received the alarm.  We ask that you would think about these powerful features in conjunction with your server or telecom racks and give us a call to let us show you how we can protect your systems and pay back your investment quickly.

Until next time,

Be Well!