• No results found

Voice Network Management Best Practices

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Voice Network Management Best Practices"

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)

Voice Network Management

Best Practices

A white paper from

SecureLogix Corporation

(2)

Introduction

Traditionally, voice networks have been managed from the switch room, with limited enterprise-wide visibility. Despite the increasing proliferation and use of IP-enabled PBXs, little has changed. Real-time visibility of enterprise-wide trunk resources is still difficult to achieve and voice network security is practically non-existent. Many organizations still attempt to verify compliance and detect toll-fraud, unauthorized ISP calls, and fax line abuse using billing or accounting systems that are ill-suited to the task and only provide indications after the fact.

In contrast, data network administrators have benefited from a wealth of innovative products and solutions developed over the past 15 years to actively protect and monitor enterprise-wide data networks in real-time. Today, technologies like firewalls, Intrusion Detection Systems (IDS), Network Management (NM) Systems, and Security

Information Management (SIM) systems are considered essential for the management and protection of data networks.

The SecureLogix® ETM® (Enterprise Telephony Management) System brings the same technologies to the voice network, providing administrators with unprecedented visibility and control over their enterprise networks. Voice network administrators now have the same powerful real-time tools to actively enforce telecommunications policies, detect and prevent attacks and abuse, and monitor trunk status across the enterprise.

Because the ETM System provides a powerful but unfamiliar suite of tools and

applications that can address a broad spectrum of issues, voice network administrators are often unsure where to begin. This whitepaper identifies nine of the most common and compelling challenges facing voice network administrators today and provides guidance and recommendations for addressing those issues with the ETM System.

ETM

®

System Overview

The SecureLogix ETM System is an integrated voice security and management platform for the enterprise. It provides enterprise-wide visibility and control over phone service usage and utilization to enable secure, optimized, and efficiently managed enterprise voice networks. The system application suite includes the world’s first voice firewall and voice intrusion prevention system (IPS), dedicated to solving the unique security threats to real-time communications. These security solutions are integrated with powerful management capabilities to monitor voice network performance and audit service use and traffic trends.

The flexible ETM System scales to support any enterprise voice network, regardless of size. The system is PBX-independent, supporting multi-vendor networks containing any mix of installed PBX vendors, as well as converging VoIP and legacy voice systems. The system includes both hardware and software components. ETM Appliances sit inline and operate transparently at the edge of the enterprise telephony network, between the PBX and the public phone network. Appliances are linked to a central server, which is

(3)

managed via a client console, providing a centralized user interface for unified visibility and control across the entire voice network.

The ETM Server is the hub for the entire system, remotely monitoring hundreds of distributed appliances. The ETM Server collects data from appliances, maintains system configuration and policy data, stores all call data in a database, generates reports, and provides an anchor point for the ETM Client. A single ETM Client can manage the entire system, or distributed clients can support regional administration.

The ETM System provides software for voice security, performance management/QoS, and phone usage auditing and reporting. The software application suite includes:

• Voice Firewall: A firewall for real-time media, it protects enterprise infrastructure by detecting and blocking TDM & VoIP attacks over trunk circuits, while controlling enterprise voice network access and service use. It provides the ability to enforce real-time, rule-based policies on a voice network to allow or terminate calls based on the user-specified rules.

• Usage Manager: Provides enterprise-wide, PBX-independent VoIP and TDM CDR collection, call accounting, resource utilization reporting, and traffic analysis for proactive network management.

• Performance Manager: Dashboard for enterprise-wide visibility of both TDM and IP trunking infrastructure, with real-time and continuous monitoring of circuit health & status and call quality performance/QoS.

• Voice IPS: Call pattern anomaly detection and prevention for real-time detection of toll fraud, war dialing, and service abuse/misuse for hybrid voice networks.

(4)

Voice Network Security

Traditionally, security for voice networks has often been overlooked, but today, more and more organizations are recognizing that their switched-voice trunk circuits represent their largest unmonitored and unprotected exposure to a public network.

Modems provide connections between the public network and the organization's

infrastructure, computing resources, and potentially to its data network. Monitoring and protecting access to authorized modems (and eliminating unauthorized modems) removes the single biggest vulnerability facing most organizations today.

Modem vulnerabilities fall into two broad classes—unauthorized access to authorized internal modems by outsiders and unauthorized outgoing modem calls by insiders (most commonly to ISPs). The ETM System's unique ability to actively and continuously detect modem traffic in real-time on every trunk channel in the enterprise provides the ability to eliminate both vulnerabilities.

1 - Monitor and Control Authorized Modems

Authorized modems provide useful remote-access capabilities for support vendors and on-call employees that provide after hours support. Unauthorized access to these remote access ports, however, represents a serious threat to the organization's critical

infrastructure. Support vendors and your organization's employees are often motivated more by convenience than security and may not use strong user authentication; therefore, access to all remote access ports should be closely monitored and restricted.

Unauthorized or unverified remote access ports should be discovered and either brought into compliance or eliminated.

Enforce controls on authorized modems by implementing the following:

• Maintain a group of all identified, authorized modems using the ETM Directory Manager.

• Discover unknown or unauthorized modems using a scheduled, automatically generated weekly or monthly ETM Usage Manager report to identify incoming modem calls to numbers that are not in the authorized modem group.

• Use ETM Voice Firewall policy rules to allow incoming calls to authorized modems from known authorized source numbers and terminate the remaining calls from unauthorized sources or to unauthorized destinations.

• If authorized source numbers change frequently or cannot be determined in advance, ETM policies can be used to remotely open and close the access ports in real-time, eliminating the need to physically connect and disconnect the modem. • ETM Voice Firewall policies can also be used to restrict access to defined time

ranges on a port-by-port basis. This could be used, for example, to restrict PBX maintenance port access to the hours between 1:00 and 2:00PM during weekdays. • Use the ETM System's real-time notification capabilities to generate email

notifications to responsible individuals or groups whenever a remote access port is accessed.

(5)

• Use ETM Voice IPS policies to alert when the aggregate call count to authorized modems exceeds historically normal levels. Excessive call attempts could indicate an attack or attempted break-in. ETM Voice IPS can be configured to temporarily terminate additional attempts once the threshold is exceeded, which can prevent further access.

• Use ETM Usage Manager to automatically generate weekly or monthly auditing reports on authorized modem activity to demonstrate compliance.

2 - Monitor and Control Unauthorized ISP Access

The use of modems to gain unauthorized access the public Internet represents a significant vulnerability to the organization. Users that connect to Internet Service Providers (ISPs) through the voice network are bypassing all of the organization's data network monitoring, policy enforcement and detection systems, which presents the following vulnerabilities.

• Users may inadvertently install viruses and spy-ware that data network systems would normally block or remove.

• Users can gain access to inappropriate content that is blocked or monitored on the data network.

• Users may transfer sensitive or inappropriate information, while evading the monitoring and auditing systems on the data network.

• If the user is simultaneously connected to the organization's data network while connected to an ISP, then the organization's data network is exposed to the public Internet.

Eliminate the vulnerability of unauthorized ISP access by implementing the following:

• Use ETM Usage Manager reports and the ETM System's ability to actively detect modem calls to automatically generate periodic reports of all outgoing modem calls.

• Identify stations where authorized users have a legitimate business need to place outgoing modem calls.

• Use ETM Voice Firewall policy rules to allow authorized modem users to place outgoing modem calls to specific, authorized destinations and terminate the remaining calls from unauthorized stations or to unauthorized destinations. • Use ETM Usage Manager to automatically generate weekly or monthly

auditing reports on authorized outgoing modem activity to demonstrate compliance.

(6)

Voice Network Management

The ETM System's ability to monitor, detect, and notify in real-time, along with its capabilities to control both incoming and outgoing traffic across the enterprise, allows voice network administrators to address challenges (on an enterprise-wide basis) that were previously considered very difficult or impossible. These include emergency call awareness, toll fraud, malicious and harrassing callers, fax spam, fax line misuse/abuse, call traffic monitoring, and trunk circuit monitoring.

1 - 911 Alerting and Reporting

Organizations are often unaware that an employee has called 911 until the emergency response personnel show up at their facility's front door. Employees may not be able to direct emergency response personnel to the caller because they cannot determine the caller's identity or location. Often, on-site responders are available but cannot be notified or provided with location information.

Provide real-time 911 alerting with location information by implementing the following.

• Import the organization's phone directory into the ETM Directory Manager. • By default, the ETM System provides automatic detection of outgoing 911

calls; administrators simply need to add appropriate email notifications. • Configure email notifications on a site-by-site basis to ensure that local

emergency response and security personnel receive email notifications as well as headquarters individuals or groups that desire notification.

• Once configured, email notifications will be sent in real-time whenever a 911 call is attempted. The notification will contain the station number of the caller as well as the caller's name, location, and department (if those fields have been populated in the directory).

2 - Detect and Prevent Toll Fraud

Large-scale toll fraud can occur when a sophisticated attacker finds a PBX or voice messaging system vulnerability that allow outsiders to place unrestricted international calls. Attackers know that the vulnerability will be eliminated once detected, so they will normally exploit the vulnerability as quickly as possible by inundating the target with a high volume of costly international toll calls. Voice network administrators are often unaware that fraudulent activity is taking place until the organization receives an

unusually large bill or is notified by their carrier. Detecting this activity in real-time and as quickly as possible is the key to preventing large losses.

The ETM Voice IPS was specifically designed to detect and stop large-scale toll fraud incidents by continuously monitoring aggregate call traffic, detecting anomalous call volume for specific classes of service, and optionally terminating further call attempts matching the identified class of service.

(7)

Eliminate the threat of large-scale toll fraud by implementing the following.

• Use the ETM Usage Manager to generate reports on historical calling statistics for international calls during business- and non-business-hour time ranges. The reports can provide minimum, maximum, average, and standard deviation statistics for aggregate call counts, durations, and cost (if billing plans are defined).

• From the statistics, determine appropriate threshold values for any

combination of count, cost, and duration. Multiple thresholds can be chosen to generate progressive real-time email notifications as aggregate activity first exceeds cautionary levels and then exceeds warning and alert levels.

• Implement ETM Voice IPS rules to generate real-time notifications when international calling (or long distance or any other defined call class) exceeds cautionary and alert levels. ETM Voice IPS can be configured to

automatically terminate all international calls after the alert level is breached or to simply generate email notifications.

3 - Malicious and Harassing Callers

Most organizations find the problem of malicious and harassing callers to be particularly vexing. While PBXs have extensive capabilities to block outgoing calls based on class of service and destination number, PBXs are quite limited in their ability to block incoming calls based on source and/or destination. The ETM System rounds out that missing capability by providing the ability to block, redirect, or notify on incoming calls that match specific source and/or destination criteria. This includes the ability to match calls with blocked or missing caller ID. These capabilities make the ETM System particularly adept at managing harassing and malicious calls.

Implement one or more of the following to reduce or eliminate the problems associated with malicious and harassing callers:

• Thwart unsophisticated callers by implementing ETM Voice Firewall rules to terminate incoming calls where the source number matches a list of known malicious or harassing callers.

• Thwart more sophisticated callers by implementing call masking and redirection rules to redirect incoming calls to targeted individuals where the source is an identified malicious caller or where the caller ID has been blocked. The calls can be redirected to facility security personnel or to a decoy voice mailbox to give the caller the impression that their message has been delivered. The ETM System provides no indication to the caller when it redirects a call.

• Prevent malicious or harassing fax transmissions by terminating incoming fax calls where the source matches a known malicious caller or where the caller ID is blocked. Alternatively, the calls could be redirected to a decoy fax machine maintained by the facility security organization.

(8)

4 - Fax Spam

Fax spam presents several problems to an organization. The waste of toner and paper can be significant for some organizations, but normally of greater concern is the fact that while the organization's fax machine is receiving the spam transmission, it is unavailable for legitimate uses. Many organizations are also concerned that the fax spam content itself is often inappropriate for or disruptive to the workplace.

Reduce or eliminate fax spam by implementing the following.

• Use the ETM Usage Manager to provide periodic, automatic reports that summarize incoming fax calls by source number. Use the report results to identify fax spam source numbers and maintain a group of known fax spammers in the ETM Directory Manager.

• Implement ETM Voice Firewall rules to terminate all incoming calls from known fax spammers as well as all incoming fax calls where the caller ID is blocked.

• For organizations concerned about loss of legitimate fax transmissions from callers with blocked caller ID, implement call masking and redirection rules to redirect all incoming fax calls with blocked caller ID to a single monitored fax machine or server. Legitimate fax transmissions can then be forwarded to the intended recipient.

5 - Fax Line Abuse and Misuse

In many organizations, analog lines installed for fax machines and multi-function devices (all-in-one scanner, printer, copier, fax machines) represent the only analog ports

available to a determined modem user. These users can easily disconnect the fax

machine, connect their modem-equipped laptop to the jack, and place an undetected call to an ISP. The fact that, as a convenience to users, fax machine lines are often provided with unrestricted long distance or international access also means that fax machines are easy to exploit for untraceable voice toll fraud.

Eliminate fax line abuse and misuse by implementing the following.

• Use ETM Usage Manager reports and the ETM System's ability to actively detect fax calls to identify all of the organization's fax machines and maintain the station numbers for those fax machines as a group in the ETM Directory Manager.

• Implement voice firewall rules to terminate all modem calls from fax machines. This activity should also be monitored with scheduled reports to identify locations where repeated attempts occur.

• Implement voice firewall rules to terminate voice calls from fax lines. The rules can be made less strict by specifying that only calls exceeding a specific duration are terminated or that voice calls are allowed during business hours but terminated on nights and weekends.

(9)

6 - Trunk Group Traffic Monitoring

Excessive (or insufficient) aggregate call volume on trunk groups and excessive busy or unanswered incoming calls can be an early indication of routing, PBX, or voice

messaging system problems. The ETM System supports centrally managed, proactive trunk group monitoring across both homogeneous and multi-vendor PBX networks.

Gain proactive trunk monitoring by implementing the following.

• Use the ETM Usage Manager to query historical call data and generate detailed statistics on aggregate utilization and busy/unanswered calls for each site and trunk group.

• Implement ETM Voice IPS rules to monitor aggregate duration on trunk groups and generate real-time notifications when critical capacity measures are exceeded. For example, email notifications could be sent out when a trunk group exceeds 80 percent of capacity in any one hour.

• Implement ETM Voice IPS rules to monitor aggregate count or duration on incoming traffic to call centers and generate notifications when call count or aggregate duration fails to meet expectations during defined daily time periods.

• Implement ETM Voice IPS rules to monitor aggregate counts of busy and unanswered calls and generate notifications when these counts exceed expectations.

7 - Trunk Circuit Monitoring

Active management of distributed voice network trunk resources requires real-time notification in the event of trunk outages and the ability to reach out to any trunk circuit in the enterprise and perform remote troubleshooting.

Enforcement of Service Level Agreements requires comprehensive historical fault data that can be automatically summarized and distributed to provide monthly analysis of carrier performance.

The ETM Performance Manager provides real-time health-and-status information for all monitored trunk circuits throughout the enterprise. In the event of a fault indication, the ETM Performance Manager provides real-time troubleshooting information indicating whether problems are associated with the PBX or the carrier. More advanced features include the ability to capture ISDN PRI signaling on any monitored trunk circuit in the enterprise and to return the logged information to the central ETM Management Server.

(10)

To receive automated notifications for service-affecting issues, implement the following:

• Enable ETM System event notifications for the desired fault events.

Notifications can be selectively enabled and individually configured to ensure that local personnel are notified only for faults at their site, while enterprise administrators can receive all notifications. Any of the following events can be individually configured—T1 alarm, bipolar violation, bit/CRC error, D channel up/down, frame error, frame slip, jitter, and loopback in progress.

To automatically receive weekly or monthly trunk circuit outage reports, implement the following

• Use the ETM Usage Manager to schedule a periodic report that provides fault summary information by trunk circuit or trunk group. The trunk alarm and return-to-service times are clearly indicated in the fault detail information. Additionally, charts can be plotted indicating T1 faults (like bipolar, framing, or D channel up/down counts) by minute, hour, or day.

• Scheduled reports can be generated automatically, saved in PDF, RTF, or HTML format, and automatically sent by email to one or more designated recipients.

• The ETM System can retain collected diagnostic information indefinitely or automatically purge the records periodically, as specified by the user. Long-term retention of diagnostic records is important because it provides the ability to demonstrate fault trends.

(11)

ETM, SecureLogix, SecureLogix Corporation; and the ETM, Voice Firewall, Usage Manager, Performance Manager, Voice IPS, and Call Recording Emblems; the ETM Application Emblem; and the SecureLogix Diamond Emblem are trademarks or registered trademarks of SecureLogix Corporation in the U.S.A. and other countries. All

other trademarks mentioned herein are believed to be trademarks of their respective owners. © Copyright 2007 SecureLogix Corporation. All Rights Reserved.

U.S. Patents No. US 6,249,575 B1, US 6,320,948 B1, US 6,542,421 B2, US 6,687,353 B1, US 6,718,024 B1, US 6,735,291 B1, US 6,760,420 B2, US 6,700,964 B2, US 6,879,671 B2,

References

Download now ( PDF - 11 Page - 218.99 KB )

Related documents

Fund Codes. Page 1/10

Fund management company of the Funds under Swiss law as well as representative of the foreign funds registered for public sale in Switzerland is Credit Suisse Asset Management Funds

Managing Data Transfers in Computer Clusters with Orchestra

We address this limitation by proposing a global management architecture and a set of algorithms that (1) improve the transfer times of common communication patterns, such as

UNIVERGE SV8100 Communications Server

Forward your desktop terminal to easily receive calls, transfer incoming calls to other extensions, make intercom calls, access your voice mail, or perform any number of

University of Wisconsin Hospital and Clinics Authority

The legislation that created the Authority also required it to enter into an affiliation agreement with the Board of Regents that defines the relationship between the Authority

Workbook #4

Editors: Jamie Falk, Victor Guidera, Trent Harms, Kyle Trienke & Phil Larson Graphic Design: Jordan Dick.. Photography: Revival Arts Studios Rock Beach Studio Manager: Pat

Cyber Security Conference Biographies

Chris Beaumont is currently Senior Lecturer in Learning & Teaching Development at Edge Hill University and has over 30 years’ experience teaching computing within Industry,

The End of Boom and the Political Economy of Turkey’s crisis

The voting behaviour in Turkey is strongly connected to the economic perceptions ; however, Erdoğan’s popularity also rises at specific moments (such as the failed

Urbanization as if people mattered: why the rural urbanization-industrialization complex does not bring its promised welfare impact--three alternative explanations

Using data from Indonesian Family Livelihood Survey (IFLS), I test whether farming households who lose landholdings in urbanizing regions have significantly lower income