Cybersecurity for Rural Telecom and Broadband Sites

Greetings and welcome back.  This week, we continue our series on Cyber and Physical Security for Remote Telecom sites with our blog: Cybersecurity for Rural Telecom and Broadband Sites.  In our last blog, we discussed the availability of open network ports that are used by cybercriminals as back doors to steal data and destroy your equipment.  This week, we look at the ability of hackers to penetrate the front door of your network to wreak havoc with your operations.

To begin with, its important to realize that, whether you have a rural or urban telecom site, you’re a key target of hackers and data thieves.  Hackers get paid for disrupting your operations and data thieves get paid by stealing your customer’s data and selling it on the black market.  All the data that passes from your customers to and then from the Internet flows through your remote sites and for this reason, the bad guys put high value on your sites.

How Hackers can Attack Rural Telecom Sites

To give you an example of how hackers can target your rural sites, please look at this article of a hacker who brought-down hundreds of thousands of Deutche Telecom customers.  In this case, a hacker was paid $10,000 by a middle eastern company in order to take down the DT customer network.  The hacker modified the Mirai Botnet to attack the port 7547 – the port for Simple Online Access Protocol (SOAP) which is used to remotely manage a number of routers.  By using this port to overload the routers and then the network, the hacker was able to bring down the DT network.  The key thing here is that there are always people willing to pay to harm companies or their customers and you must consider that you are a potential attack candidate.

In making a scan of rural telecom sites via the Shodan Search Engine, I found a significant number of routers that have open ports that could be used to bring down their networks.  For obvious reasons, the names of those organizations will not be named but, it is clear that rural telecom sites are vulnerable to similar and perhaps much more destructive attacks.

How Data Thieves can Steal Data at Rural Telecom Sites

Stealing of data through a remote site is surprisingly easy.  To do so, one only need gain physical or virtual access to any remote telecom site.  From there, permissions can be created to allow selected packets of information to be duplicated and then sent to a cyber-thief’s awaiting server.  For security reasons, the particulars of this hack will not be shared but, I can say that I was able to find innumerable rural telecom site network systems online using Shodan.  Thousands of sites presented the option to remotely configure a switch at these sites and, once done, a data thief would be in control of that network site. This leaves those sites wide open to data thieves and leaves open huge liability to the telecom service provider.

What Can be Done to Protect Rural Sites?

Its imperative that the open ports of these systems be secured.  In terms of remote management, simply placing a firewall on that port is of little value.  The reason for this is that the firewall must decide to let those whom it believes to be “good guys” to have access to the units.  The problem with this is that its all-too-easy to spoof a good guy and take over the site.

What needs to be done is to completely lock down all remote management ports and to send all data from those ports into a secure location, accessible only by privileged individuals.  This is exactly what our RackGuardian product does.  It creates a stealth shield around any device that it monitors while it sends all monitoring data with respect to that device to our secure cloud portal.  The result is that you can remotely monitor and manage your critical network equipment while keeping its presence hidden from all Internet traffic.

Please think about this and give us a call if you would like assistance at your remote sites.  We would be happy to have a confidential discussion with you about your security options.

Until Next Time,

Be Well!

 

 

Network Closet Security Vulnerabilities – Physical Security

Greetings and welcome back.  In this blog, we take a close look at Network Closet Security Vulnerabilities – Physical Security.  This is the first in a new series on the key types of network closet security flaws.  This is a key topic, especially for all those of you who are covered under HIPAA, PCI-DSS, FERPA, Gramm Leach Bliley and other data security regulations.  The fact is, as more data shifts to the cloud, that means that more data is transported through your network closets to the various cloud providers that you employ.  Because cloud services tend to be well-fortressed, cyber criminals are turning to the easiest way to get to that data – your network closets.

To begin with, all of the key data security regulations require you to physically secure your data.  Here are some key provisions with which we should all take time to familiarize ourselves:

HIPAA Section 164.310: “Facility Access Controls. Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.”

PCI-DSS Requirement 9.1: Verify the existence of physical security controls for each computer room, data center, and other physical areas with systems in the cardholder data environment. Without physical access controls, such as badge systems and door controls, unauthorized persons could potentially gain access to the facility to steal, disable, disrupt, or destroy critical systems and cardholder data. 

GRAMM LEACH BLILEY: “Management should deploy adequate physical security in a layered or zoned approach at every IT operations center commensurate with the value, confidentiality, and criticality of the data stored or accessible and the identified risks.”

Its clear from these sections of security codes that you need to provide a secure card-based access system in order to be compliant with major data security regulations.  What isn’t clear is which physical security system is the best for your application.  Fortunately, our RackGuardian system is one of the only systems that supports virtually any access card on the market.  That means that, if you are already using a card access system for your main door at your facility, chances are very good that RackGuardian can support that card on a plug-and-play basis.  If, on the other hand, you need a new access card system, then we also have you covered.

In the next 2 blogs, we plan to look at cybersecurity and also backup power and environmental security for your data.  Please take a good look at RackGuardian and we believe that you will find that its the most powerful security product for data security on the market.  We welcome you to contact us with any questions about your individual security needs.

Until next time,

Be Well!

Network Closet Security – Physical Security

Greetings and welcome back.  In this blog, we take a close look at Network Closet Security Vulnerabilities – Physical Security.  This is the first in a new series on the key types of network closet security flaws.  This is a key topic, especially for all those of you who are covered under HIPAA, PCI-DSS, FERPA, Gramm Leach Bliley and other data security regulations.  The fact is, as more data shifts to the cloud, that means that more data is transported through your network closets to the various cloud providers that you employ.  Because cloud services tend to be well-fortressed, cyber criminals are turning to the easiest way to get to that data – your network closets.

To begin with, all of the key data security regulations require you to physically secure your data.  Here are some key provisions with which we should all take time to familiarize ourselves:

HIPAA Section 164.310: “Facility Access Controls. Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.”

PCI-DSS Requirement 9.1: Verify the existence of physical security controls for each computer room, data center, and other physical areas with systems in the cardholder data environment. Without physical access controls, such as badge systems and door controls, unauthorized persons could potentially gain access to the facility to steal, disable, disrupt, or destroy critical systems and cardholder data. 

GRAMM LEACH BLILEY: “Management should deploy adequate physical security in a layered or zoned approach at every IT operations center commensurate with the value, confidentiality, and criticality of the data stored or accessible and the identified risks.”

Its clear from these sections of security codes that you need to provide a secure card-based access system in order to be compliant with major data security regulations.  What isn’t clear is which physical security system is the best for your application.  Fortunately, our RackGuardian system is one of the only systems that supports virtually any access card on the market.  That means that, if you are already using a card access system for your main door at your facility, chances are very good that RackGuardian can support that card on a plug-and-play basis.  If, on the other hand, you need a new access card system, then we also have you covered.

In the next 2 blogs, we plan to look at cybersecurity and also backup power and environmental security for your data.  Please take a good look at RackGuardian and we believe that you will find that its the most powerful security product for data security on the market.  We welcome you to contact us with any questions about your individual security needs.

Until next time,

Be Well!

 

New York Cybersecurity Law & Your Rack Systems

Greetings and welcome back!  This week we continue our series on the effect of the New York Cybersecurity Law for Financial Services Companies on the need to protect Information Technology (IT) systems as well as Industrial Internet of Things (IIoT) systems.  Specifically, we look at the New York Cybersecurity Law & Your Rack Systems.

New York State authorities took significant input from experts in IT security and IIoT security in formulating this Law.  As we discussed last week the key thing to remember about this law is the following:

Under the New York Cybersecurity Law, “Information Systems” are defined to include all IT systems as well as all IIoT power, cooling and security systems that support them.

Many notable examples of cyberattacks have already taken place through IIoT power and environmental control systems including:

  • Ukrainian Power Plant Cyberattack – an Uninterruptible Power Supply (UPS) system used in combination with switchgear caused a massive blackout throughout much of the Ukraine.
  • Staminus Cloud System Cyberattack – a rack-mounted Power Distribution Unit (PDU) used to enter the cloud-based servers in a rack, stealing millions of dollars-worth of data records.
  • SCADA/BMS Cyberattacks – case studies of 5 attacks on industrial systems and the results on the affected businesses

The ease with which UPS, PDU and Environmental Control Systems is well documented by the related links. In addition, a thorough review of attack vectors against UPS, PDU and Air Conditioning Systems was well documented fully 5 years ago in a White Paper written by Dr. Patrick Traynor of the Georgia Institute of Technology.  In this paper, the vulnerability of the SNMPv3 communication protocol is thoroughly discussed.  SNMPv3 is the latest version of SNMP and was largely believed by users to be secure.

Other possible attack sequences on various types of IIoT systems have also been proven to be possible.  A number of government and university studies that have documented vulnerabilities to such attack sequences as shown below:

Because actual attacks are taking place and because new vulnerabilities to attacks are continually being discovered, the US Government has launched a branch of the Department of Homeland Security to provide information in this area.  This organization is known as the Industrial Control System Computer Emergency Response Team (ICS-CERT) and it publishes alerts, advisories and regular reports on the latest products which have been found to have cyber or physical vulnerabilities.  The ICS-CERT website contains a searchable database for present and historical reports written on IIoT power, cooling and control systems.

So what does this mean for securing your rack systems?  The New York Cybersecurity Law says the following:

you must secure all IT and IIoT support systems from each of the following threats:

  • Confidentiality – protecting the cyber and physical security of all data. This includes both data that is at rest and data that is in transit
  • Integrity – protecting the intended state of the data from being compromised by cyber or physical means or altered in any way
  • Availabilityensuring uninterrupted operations of all systems that support the continuous access to data for all hours and times in which it is needed on a continuous basis

This means that you Must secure all communications to and from each of the following rack IIoT systems:

  • Rack Power Distribution Units (PDUs)
  • Rack Uninterruptible Power Supplies (UPS)
  • Rack Cooling Systems 

It is clear from the attacks that have already taken place through these types of systems that they must be protected with a firewall that is specifically suited to protect the confidentiality of their communications and the integrity of the systems themselves.  It is also clear that these power and cooling systems must be monitored to protect their availability to ensure the uptime of all IT systems.

RackGuardian stands alone in the market as the only product to include the ability to protect and monitor any type of rack IIoT system.  This insures the security and availability of the IT systems that these IIoT systems support.  RackGuardian is simple to install and use and affordable for all budgets.  Please feel free to call one of our experts to see how RackGuardian can protect your rack systems, whether you have one rack or hundreds.

Until Next Week,

Be Well!

 

 

Server & Telecom Racks and New York Cybersecurity Law

Greetings and welcome back!  Beginning this week, we are going to dovetail our discussions of the Federal Gramm Leach Bliley Act (GLBA) for financial services companies together with the New York Cybersecurity Regulations for Financial Services Companies.  Because New York is the home to many of the country’s financial services companies, it seems natural to address both the Federal Standards of GLBA with the State Standards for financial companies in one logical set of blogs.  So today, we begin this series by looking at Server & Telecom Racks and New York Cybersecurity Law.

The timing of beginning our discussion is centered around the enforcement of the New York Regulations, which began last week on August 27th.  The NY Cybersecurity regs are an extremely comprehensive set of requirements that cover all in-state and international operations for a financial entity of over $5 million in revenue.  While not having the power to regulate operations in other states, the Department of Financial Services (DFS) in New York makes it clear that any branch office in another state that impacts the operations of a New York office will be dealt with accordingly.  This is a polite way of saying that if security is truly needed in New York then it only makes sense to follow the same procedures for all locations, regardless of location.

To begin with, let’s talk about what the NY Regulations cover.  Specifically, the regulations require securing 6 different types of systems from affecting information stored by a covered entity in 3 different ways.  The 6 types of systems that must be protected are as follows:

500.01 (e) Information System means a discrete set of electronic information resources organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of electronic information, as well as any specialized system such as industrial/process controls systems, telephone switching and private branch exchange systems, and environmental control systems.

The 3 types of coverage for the information that these systems support are as follows:

500.02 (a) Cybersecurity Program. Each Covered Entity shall maintain a cybersecurity program designed to protect the confidentiality, integrity and availability of the Covered Entity’s Information Systems.

When we combine these regulations, we see that  the integrity and availability of IT and Telecom systems must be protected by actively securing and monitoring backup power, cooling and physical security systems.  Any interruption in power or cooling to an IT or Telecom system can corrupt or destroy the data that is to be protected.  This means that the following systems must be protected in order to be in compliance with the law:

  • Uninterruptible Power Supply (UPS) and Power Distribution Units (PDU)
  • Cooling Systems for the Data, Network or Telecom Racks
  • Physical Access Systems

These regulations make it clear that your racks of servers and telecom systems together with their UPS, PDU, Cooling and Physical Access systems must be secured and monitored.  While protecting these types of systems in a large data center can be done in a more centralized fashion, the ability to protect distributed racks and support systems is a much more difficult task. These racks are found in places like:

  • Network Rooms and Closets including all IDF and MDF Rooms
  • Telecom Rooms and Closets including PBX and Telecom Switch Rooms
  • Small Server Rooms

Virtually all the systems in these server, network, telecom, power and cooling systems found in these rooms are rack-mounted systems.   Because of this, the security regulations require a rack-based system that is able to both secure and monitor all of these systems.  We designed RackGuardian do be a fully-enabled Smart Firewall unit that both provides integrated firewall security and analytic monitoring for any server, telecom system, UPS, PDU and cooling unit.

In coming blogs, we will discuss the specific ways in which UPS and PDU units have already been used to attack information systems.  We will also address attacks on telephone switching and PBX systems and how they have had disastrous effects on their owners.  In addition, we will take a look at how the GLBA regulations integrate with the New York State regulations and how complementary they are to one another.

If you would like to have a confidential discussion on protecting your server and telecom racks from cyber, physical and operational attacks, we would be happy to work with you to provide the protection and compliance you need for your company.

Until Next Time,

Be Well!

 

HIPAA Environmental Monitoring Standards

Greetings and welcome back!  This week we continue our series on the cyber, physical and operational security standards for HIPAA compliance.  Specifically, we take a look at HIPAA Environmental Monitoring Standards for the cooling and protection of the servers where your ePHI is stored.

SECURING ENVIRONMENTAL MONITORING AND CONTROL SYSTEMS

Medical records must be protected from more than just cyber or physical threats. HIPAA Security standards require that they must also be protected from destruction in the event of a natural or environmental event. This is specifically provided for in

HIPAA Section 164.304“Physical safeguards are physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards…

What are some of the environmental hazards that can cause the downtime, damage or data loss in the electronic information systems?  Here are a few that have been singled out in data environments:

  1. HVAC Cooling failure in server room or network closet resulting in overheated servers and downed ePHI systems
  2. Server cooling fan failure resulting in shutdown of ePHI server
  3. Water leak over servers or network equipment resulting in destruction of ePHI servers and data

All of these environmental problems are real problems that are often cited for failure of Information Systems equipment. As shown in this recent study of IT Systems Failure by the Uptime Institute, environmental-related failure is the 3rd largest cause of system downtime.  If you add “Weather Related” including water from heavy rains, etc, you get over one quarter of all IT system failure is due to environmental causes.

HIPAA Environmental Monitoring Standards

HIPAA requires all covered entities and business partners to have environmental monitoring for the rooms that contain their ePHI but, very few have taken this requirement seriously.  Because over a quarter of all ePHI system failure and data loss is related to environmental causes (and data loss is a HIPAA violation), it is penny-wise and dollar-foolish to fail to provide proper environmental monitoring for your server rooms.

Our RackGuardian system is purpose-built to provide cyber, physical and operational protection for all of your environmental control systems.  Please think about this and feel free to give us a call to confidentially discuss the protection of your critical server and network rooms.

Until Next Time,

Be Well!

 

HIPAA Physical Security Standards for Server Racks

Greetings and welcome back.  This week we continue our blog series on the  Cyber/Physical/Operational standards for HIPAA and  this week we look at HIPAA Physical Security Standards for Server and Telecom Racks.  As we saw in our last blog, HIPAA breaches continue to grow in number and severity and one of the key reasons for this growth is very poor physical security of electronic Protected Health Information (ePHI).  Let’s use this blog to examine the key physical security standards for HIPAA in order to better understand the types of security that must be put in place to be HIPAA compliant and reduce your chances of a disastrous security breach.

To begin with, please realize that the physical security standards for HIPAA are fairly lengthy so we are posting the first section that deals specifically with the Physical Access Security to your server and telecom rack(s).

A covered entity or business associate must, in accordance with § 164.306:

(a)

(1)Standard: Facility access controls. Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.

The key provision of the HIPAA Physical Security Statute is Physical Access Controls.  These access controls must be implemented to limit access to the electronic information systems and to the facility or facilities in which they are housed.

HIPAA 164.310 requires physical access controls on every server and telecom rack that contains ePHI and on the room in which each is located

What type of access controls are required?  The covered entity or business associate must have a system that accomplishes 2 purposes:

Every HIPAA covered entity must:

  1. Restrict physical access to ePHI from those who do not have access authority
  2. Grant physical access only to those who have written access authority

Simply put, you must have a Physical Access Control System on every room containing ePHI and on the racks containing e-PHI.  Please note that e-PHI is stored in both Electronic Health Records (EHR) servers and on your IP-based phone system which stores messages from patients. If your telecom and EHR servers are located in separate racks, you must either locate them to the same rack within the same room or, insure that all separate racks and their rooms have their own Physical Access Control System.  Failure to safeguard both EHR and telecom servers is a common mistake that violates HIPAA rules.

Putting in a card or biometric access system in an existing server or telecom rack is not difficult and it takes only about 20 minutes to install each one.  The largest brand is resold by AlphaGuardian Networks with the RackGuardian system and all of its features are integrated into our product.   RackGuardian can integrate with a card-access or a biometric access system it controls access to each rack and room and it also logs entries and exits to a room and to each server and telecom rack.

Please remember that nearly half of all HIPAA breaches are physical in nature because there are very few organizations that employ access controls  both at the room-level and on the individual racks containing ePHI.  Also review this chart from last week’s blog to understand the severity of failing to cover yourself for physical breaches – which are now nearly half of all HIPAA violations.

HIPAA Physical Security for Server Racks

 

Now, recall also from last week that nearly half of all physical access and theft violations were from insiders.  If that alarms you, it should, but the facts are that ePHI is worth a lot of money on the open market.  The value in ePHI is both as raw records – worth around $10 per record, and in Ransomware – worth many thousands of dollars per rack.  As physical breaches grow, so do the number and total of HIPAA fines levied against healthcare providers and their business agents.

The Compliancy Group publishes all HIPAA fines levied and settled as of the latest week.  As you can see from the chart below, the total fines for HIPAA violations are skyrocketing and showing no signs of leveling-off.  At the present rate of fines, the total for 2017 will be $41 million and if trends continue, 2018 could approach $75 million.  Please bear in mind that this cost does NOT include the cost of legal settlements with individuals whose records have been breached.  Fines for HIPAA Violations

The long and short of this is that placing a Physical Access Security system on your server and telecom racks and on the room in which they are located is a very small price to be HIPAA compliant and avoid the enormous cost of fines and lawsuits.  Our patented RackGuardian unit is the only system on the market that integrates Physical Access Control for rooms and their server racks together with full Cyber and Operational security.  We would urge every reader to look carefully at this solution and we would be more than happy to have a confidential discussion about how to protect your ePHI from all threats.

Until Next Time,

Be Well!

 

 

Server and Telecom Rack Cybersecurity Compliance

Welcome back! We continue this month on the 3 keys for Server and Telecom Rack Security Compliance.  This month’s blog is: Server and Telecom Rack Cyberecurity Compliance. To begin with, whether you remotely host your servers offsite or you have your own data center(s), you need to have the ability to remotely manage the systems in your racks. These systems include the following groups of items:

Processing and Storage
Networking Systems
Power, Environment and Security

All of these systems need to be managed remotely at some point. Each of these systems is typically managed by SNMP from a central console system. Sadly, as this peer-reviewed paper demonstrates, even the supposedly secure SNMPv3 is full of vulnerabilities. That is, both can be taken-over by unauthorized individuals or groups and the results are devastating. As this peer-reviewed paper from Georgia Tech shows, its amazingly east to hack SNMPv3 because of flaws that are inherent in the protocol.  The bottom line is that, while you need to remotely manage your systems to keep them working, the very process of remote management can expose your data to cyber criminals. The question then becomes: What can SNMP exploits do to my data?  The answer can be seen in the chart below:

Server and Telecom Rack Security Compliance

As you can see, it is mainly the power environmental and security systems that are at risk.  Processing/Storage and Networking systems are typically open to ports 80 and 443 and are normally guarded by the perimeter firewall and often by a locally resident firewall.  However, Power Environment and Security systems are normally not protected or, if they are protected, such protection often fails to inspect the SNMP packets being sent to and from these systems. The simple fact is, as Table 1 from the Georgia Tech paper demonstrates, its easy to enter SNMP-enabled systems and change settings in ways that can destroy data stored in the servers and storage systems to which these systems are attached. As the Table also shows, its possible to launch Denial of Service (DoS) attacks through several of these systems, effectively shutting down that network segment and access to its data.

 

Your Data Racks, you need to protect your rack infrastructure. AlphaGuardian’s RackGuardian system is the only system on the market that is uniquely focused on protecting your data by protecting the security of your rack infrastructure. Power systems such as Rack PDU’s and UPS’s, cooling systems such as In-Rack Cooling, and security systems rely on SNMP. Our RackGuardian unit attaches to these systems and locks out ANY attempt to communicate with them.  At the same time, it securely gathers all the information that you need about your power, environment and security via its secure private network port. All information is then sent via an encrypted, push communication to a certificate-based data server. The result is you get all the information that you need for remote rack management while keeping all of your systems – and your data – completely safe.

Please think about this for a bit and let us know how we can help you.

Until next time,

Be Well!

Cyber Attack Using Rack PDUs as a Backdoor to Server Data

Greetings and welcome back!  This month we look at something that we have been predicting for some time, a Cyber Attack Using Rack PDU’s as a Backdoor to Server Data.  There was an excellent article on this in Identity Week last month.  In this article, it discusses an attack on DDoS protection firm Staminus.  In this attack, the intruders managed to do all of the following:

  • Bring down Staminus’ entire network
  • Reset routers to factory settings
  • Stole Staminus’ databases and dumped the contents online

The attackers were brazen to say the least as they actually posted how they hacked Staminus with an online post.  The two key factors they mentioned in their attack were:

  • Use one root password for all the boxes
  • Expose PDUs to WAN with telnet authority

The first mistake is all-too-common for any type of equipment.  If you use the same password for everything, a hacker only needs to break it once and they are in.  The second problem is the specific reason that we built RackGuardian.  Here, they used an open Telnet port on rack PDU’s to gain backdoor access into the servers in the rack.  I will add that, whether a hacker uses Telnet, FTP or SNMP, each of these ports is normally open on a rack PDU and each has minimal security.

So what can you do once you gain access into a rack PDU?  Plenty!  You can immediately traverse to the servers in the rack if they are on the same sub net.  If they are on a different subnet, you will first need to go to the switch and then back again.  In this case, its not clear which they did as they also had the open passwords on the switches and routers.

The long and short is that a rack PDU makes a perfect camoflauge as a sniper nest to extract data from a server without easily being observed.  After all, who expects data to be coming from a rack PDU?

The moral of the story is clear: You MUST secure your rack PDU’s and RackGuardian is the only product that is specifically built with this purpose in mind.  Cyber Attack Using Rack PDUs is a real threat to every organization.  RackGuardian does all the things that you need to protect your rack systems from harm.  It plugs into the Ethernet ports of your Rack PDU, UPS and other systems and it provides full monitoring of the power and environment in your rack – while it secures all of your rack power and environmental systems from being used as hacker targets.

Think about this and, we would be more than happy to have a confidential conversation about how to protect your rack systems.

Until next time,

Be Well!

 

 

Cyber Attacks on Telecom Rack Systems

Welcome back!  This week we continue our look a vulnerabilities for Server and Telecom Racks as we look at Cyber Attacks on Telecom Rack Systems.

As we walk through this blog series, please keep one fact always in mind: Cybersecurity is all about the data that resides in your rack. It doesn’t matter whether that data happens to be in a server, a storage system or a telecom system.  Any data can be stolen can be used to gather information about your organization and can be used against your organization. A cyber criminal can do everything from steal that data to erase that data and everything in between. If you have data, it is valuable to someone and, in today’s world, people will steal or destroy it for the right price.

Data about your organization lives in many places. I list the obvious of servers and storage systems here but, did you ever think of the data in your telecom system? IP-based PBX systems dominate telecom sales for medium and larger organizations. This is a particularly hot spot for us because we have seen just how easy it is to log into PBX systems from all of the major brands.

Virtually every phone system today is managed via the network and that means that if you can manage it, a cyber criminal can get into it. If a cyber criminal gets into one of these systems – and the point is more of “when than if” because none of these systems offer much true cyber protection – there is no limit to the information they can gain or the damage they can cause.

Consider the following critical data that can be stolen from most phone systems:

  • The phone numbers and names of each person who has been called by your employees
  • The phone numbers and names of everyone who has called someone in your organization
  • Voicemails left for your employees
  • Personal calendars and other information that are tied into the system

Cyber Attacks on Telecom Rack Systems

So what would an unscrupulous competitor pay for this information? It turns out, just like the drug economy exists because their are buyers, so too, cyber crime exists because their are buyers of this data. A whole underground economy exists and flourishes in the business of black market data.

In addition to stealing data from your IP-PBX or other phone system, hackers can also break into your phone system for the purpose of using your system to originate international calls.  Hacking IP-PBX systems for toll fraud has become a huge problem in the past few years.  To alert its customers to this problem, TDS Telecom, a large Independent Voice and Data Carrier, sent the following warning to its customers:

Telephone hackers can infiltrate vulnerable PBX systems to make international and long distance calls, listen to voice mail, or monitor conversations…By controlling the PBX maintenance port, hackers can change the call routing configuration, alter passwords, add or delete extensions, or shut down a PBX, all of which adversely impact business operations.

Unfortunately, you may only find out you have been hacked when you receive a bill for international calls made from one or more of your lines that were not dialed by anyone in your company…Your business, not your Long Distance Carrier, is responsible for all charges incurred on your system due to fraud (including toll fraud), abuse, or misuse of services, whether known or unknown, and whether or not your Long Distance provider takes any actions to stop or block Toll Fraud. The responsibility for the security of your PBX system is yours and you should take steps to protect your assets.

So, yes, by attacking your PBX system, cyber criminals can actually make fraudulent toll calls, running up enormous bills in the process. They can also steal sensitive information about your employees, your customers and your vendors.  As you can see from the above information, there is virtually no limit to what a cyber criminal can do to you through your phone system and the only way that you might even know that someone has tampered with your system is if they run up an enormous toll charge.

For all of the readers of this blog, please consider the small cost of securing your phone system with RackGuardian. RackGuardian is the only product that can both monitor the maintenance port of your PBX system while it shuts off any attempt to connect to the system from the outside.  RackGuardian also monitors the power and environment in your telecom server room, a huge factor necessary to keep your system up and operational.  It provides the ability to reboot your telecom server in a uniquely secure manner.  In addition, it on-board analytics can warn you when your UPS system battery is about to fail.  No other product has gives you such a broad-scale protection for your telecom systems.

Cyber vulnerabilities in PBX/IP systems are real and, with time, they will only increase. RackGuardian can protect your phone system, its power, environment and everything in the rack. Its a small price to pay vs. a risk from hackers that is growing exponentially by the year.

Please think on this and, until next time,

Be Well!