Telecommunications Security Assessment Workplan - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Telecommunications Security Assessment Workplan

Description:

... includes LAN, WAN, Internet and voice according to Killmeyer text. Practically includes only the voice component- POTS (analog), and increasingly digital ... – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 11
Provided by: fawk
Category:

less

Transcript and Presenter's Notes

Title: Telecommunications Security Assessment Workplan


1
Telecommunications Security Assessment Workplan
  • Matt Kaliyadan
  • CS654

2
What is it?
  • Technically includes LAN, WAN, Internet and voice
    according to Killmeyer text.
  • Practically includes only the voice component-
    POTS (analog), and increasingly digital (VoIP).
  • Also includes PBX, Centrex, mobile
    communications.
  • Increasing grey area between data, voice, mobile
    definitions.

3
Why do it?
  • Important and frequently overlooked.
  • Billions lost each year due to exploited and
    unauthorized use of Telephone systems.
  • Increasing potential for breeches on voice side
    to carry over to data networks (VoIP hybrids).
  • Meet industry standards/government regulations.

4
Assessment Metrics
  • Review and chargeback of telephone expense.
  • Establish baseline, look for spikes in overall
    activity and on specific lines/extensions.
  • Must be consistently done on a regular basis to
    correlate the data accurately.
  • Implement carrier level analysis- CDR (call
    detail records).
  • Fraud detection services (Sprint GUARD, MCI
    Detect, ATT NetProtect).
  • Combine this internal and external data.

5
Assessment Metrics Contd
  • Assessment should ensure written policy exists
    for employees to review.
  • Built in management features of the PBX should be
    utilized- not setup once, let go.
  • Adequate resources?
  • Document existing configurations/change
    management.
  • Audit of 3rd Party policies (if applicable).

6
Assessment Metrics Contd
  • Physical security of MDFs and IDFs/controlled
    access to these locations.
  • Environmental protection (controlled
    environment).
  • Proper access control to logs/system
    reports/recorded calls.
  • PBX password policy (have one and enforce it)
  • Remote access control considerations.

7
Security Manager Uses
  • Must include Telecommunications as a component of
    a secure system.
  • Ensures overall company security policy is being
    enforced on the Telecommunications side.
  • Identifies gaps in security coverage, so that
    appropriate changes can be made.

8
Hacker Uses
  • Discovery or weak or no Telecommunications Plan
    leaves the door open for fraud, misuse,
    compromise of data security.
  • Could help a hacker determine the type of system,
    system specific weaknesses, key equipment
    locations.

9
Where to go for more information
  • Killmeyer text Appendix B-5 (Telecommunications
    workplan assessment template).
  • Internet- surprisingly, not many examples.
    Googling the topic- 1st 3-4 entries turn up our
    text book.
  • Best plan is to draw from existing security
    standards and apply those to Telecom.

10
Summary
  • Vital part of overall security plan.
  • Should be treated with similar regard as data
    security.
  • Establish a baseline.
  • Determine a formalized assessment plan and follow
    up schedule and implement. B-5.
  • Questions?
Write a Comment
User Comments (0)
About PowerShow.com