AVOXI Fraud Control and Security Recommendations

ANALYZE AND DEFINE WHICH COMPUTER SYSTEMS REQUIRE PROTECTION: 

  • Create a list of all equipment and define the degree and nature of their vulnerabilities. 
  • Establish an economic or other impacts if the equipment is affected, disconnected, or damaged. 
  • Set priorities on computers with the highest exposure and impact. 
  • Structure vulnerability reduction plan. 
  • Create emergency and contingency plans. 
  • Check with your PBX/SIP Gateway vendor for possible vulnerabilities or risks. 
  • Document the results of all of the above. 

ESTABLISH POLICIES WITH PASSWORDS: 

  • Consider the minimum length to be at least 16 characters that require the use of special characters, upper and lower case letters, and numbers. 
  • Define how often the password must be changed based on the importance of the safeguarded information. 
  • Define policies regarding the blocking or closure of an account (peers) by entering a certain number of times a password is entered incorrectly. For example, AVOXI recommends blocking after three failed attempts. 
  • Determine whether or not the passwords are administered by each end-user, the information technology (IT) staff, or both. 

EDUCATE ALL EMPLOYEES ABOUT COMPUTER RESPONSIBILITIES AND USE: 

  • Inform the network administrator or IT staff(s) about any irregular behavior, such as the reduced speed of the data network or depreciation of call quality. 
  • Follow the policies and guidelines established in the security plan. 
  • Inform employees about Phishing and the possible injury from disclosing passwords or other personal or business information.

ESTABLISH ROLES FOR EACH IT EMPLOYEE: 

  • Identify which equipment a particular IT employee can manipulate. 
  • Maintain a logbook with each action taken related to the equipment (upgrades, operating system upgrades, relocation, and other activities that cause significant changes in the original topology. 
  • Maintain secure software that stores user names and passwords of the network’s main equipment. 
  • Establish, at most, a maximum of two administrators with full permissions. 
  • Define the profiles and permissions for each IT staff member independently. 
  • Set how many employees are authorized to handle telecommunications equipment (switches, routers, access points, firewalls). 
  • Perform periodic audits of access and changes to the configuration of the equipment. 

BACK UP ALL YOUR CONFIGURATIONS: 

  • Maintain updated database backups and data restoration procedures—well documented. 
  • Print and store in safe places the current settings for all network computers. 
  • Photograph the equipment and connections and store them in a safe place. 
  • Use the information to restore the network and its components in case of unauthorized or mishandling of equipment.

INSTALL SPECIALIZED SECURITY EQUIPMENT/SOFTWARE: 

  • In large environments, it is advisable to use physical firewalls. However, small- to medium-sized businesses can use software-based firewalls or take advantage of the existing router(s) to implement firewall functions. 
  • It is recommended to implement at least one of the following services: 
    • Proxy servers—where it is considered necessary to implement. You can define bandwidth policies and permits for Internet use or outside the company network.
       o AAA (Authentication, Authorization, Accounting) Servers—RADIUS can be used (free) or TACACS+ (owner).
       o SysLog Servers—in companies with many computers to centralize the logs into a single monitoring point.
       o IPS or IDS Security—devices to detect early alerts from unusual network behavior and possible threads.

USE SECURITY FEATURES IN YOUR COMPUTERS: 

  • Disable all unwanted services or protocols in routers, firewalls, and other network computers that are not in use and can become accessible to attack (for example, H.323, SIP, CDP, services TCP, UDP, RTP, ICMP, FTP, VNC, TFTP) 
  • Use security protocols such as IPSec VPNs such as PPTP and L2TP. 
  • Use an SSH (Secure Shell) protocol instead of Telnet. 
  • Use NAT to hide the IPs of the company. 
  • Encrypt the links using recognized encryption schemes such as DES, 3DES, or AES. And use the keys of at least 128 bits. 
  • Avoid using most DHCP (Dynamic Host Configuration Protocol), avoiding the assignment of IP addresses automatically. 

ON YOUR PABX, PBX, OR SWITCHBOARD: 

  • Restrict access to international networks from unauthorized internal PBX extensions. 
  • Extensions or users with special permissions (international calls) must be authorized by the person assigned to this role, documented, and stored in a safe place. 
  • The use of PINs for telephone services is highly recommended in some cases. 
  • Do not place telephone services in areas without monitoring or within reach of people outside the company. 
  • Establish a plan of frequently monitoring records such as CDRs, logs, and bills generated by your PBX and AVOXI to verify and scan for unauthorized calls. 
  • For international calls, maintain current documentation of the common destinations of the company (country, number of remote offices, home offices, and suppliers) and periodically compare the PBX records. In case of significant differences, take appropriate action and follow the procedures outlined in the safety plan. 
  • Restrict or remove unused categories, such as DISA (Direct Inward System Access), that unauthorized users can use for fraudulent actions or immoral/unethical usage. 
  • Generate alarms when detecting national or international traffic during nonbusiness days and hours. 
  • When detecting a rare event or a variant in calling behavior, immediately inform AVOXI Fraud Control Team. 

 

 

Give feedback about this article

Was this article helpful?

Have more questions? Submit a request

Updated:

June 29th, 2022

Author:

Louise Ross

Updated By:

Louise Ross

KB ID:

496737

Page Views:

1716

Tags:

Can’t find what you’re looking for?

Contact our award-winning customer care team.