FRAMINGHAM (03/10/2000) - Improperly secured or unauthorized modems attached to private data networks can defeat network security practices and make companies vulnerable to backdoor attacks. As businesses concentrate on implementing Internet firewalls, some are also installing firewalls on their enterprise telephone network.
"This is like leaving your front door unlocked every night when you go home," said John Hart, senior vice president of corporate development at Colorado Springs-based Nochee Solutions Inc., a business-to-business e-commerce software developer. "We thought about firewalls and Internet access, [virtual private networks] and intranets, but no one ever thought about the vulnerability of open access to the phone system."
Hart said that security analysts hired by his company to conduct a security penetration test suggested last spring that Nochee consider securing its private branch exchange (PBX) phone system. At the time, Hart said, Nochee was building large virtual private networks and concerned about protecting its customers' data as well as its own.
Now that Nochee builds supply-chain software, security concerns remain. "A lot of large companies trust us with their intellectual property," Hart said, "and we owe it to them to make sure that we are as protected as much as possible."
Hart said Nochee took the consultants' advice and selected the TeleWall firewall for telephone lines from SecureLogix Corp. in San Antonio. TeleWall includes client and server software, a sensor hardware appliance and software, plus system engineering support and customer care. It is used to log or block phone traffic passing through a company's telephone network.
TeleWall can be integrated with TeleSweep Secure, SecureLogix's product that scans networks for unauthorized modems that have been plugged into dial-up phone lines or PBXs by employees and then forgotten. Some modems are also set up on the PBX system by the PBX vendor to provide service access. TeleSweep Secure also verifies the security of these existing modems and dial-up systems.
Both tools have distributed architectures for scalability and centralized management.
Pricing for TeleWall two-sensor packages starts at $29,000, and additional sensors cost $7,000.
While Nochee's scan didn't locate vulnerable modem connections, Hart said, the company discovered that the phone company was billing Nochee for lines and calling features it never used. Since deploying TeleWall last June, Hart said, the savings accrued by disconnecting underutilized phone assets have already paid for the system.
"If I were a CIO or CEO at a company, I'd sure be concerned about the vulnerability of PBX or voice systems in your building. What happens down the road if the assets of the company are stolen by employees or intrusion?" said Hart. "There is a high level of risk, and [companies] should take a close look to see if they are providing the highest level of security to prevent a confrontation with customers."