Texas Security and Risk Management

10.0 Voice Communication Systems

Copyright(c), 1995 - Management Analytics - All Rights Reserved

The potential for fraud to occur in voice telecommunications equipment is a serious threat. PBX's (Private Branch Exchange) are telephone switches used within state agencies to allow employees to make out-going and receive in- coming phone calls. These PBX's can also provide connections for communications between personal computers and local and wide area networks. Security measures must be taken to avoid the possibility of theft of either phone service or information through the telephone systems.

The following information is provided as a guideline to advise of and prevent fraud situations that could occur when a PBX is left open or unprotected from potential fraud operations.

10.1 Dial-Up Maintenance Port

The Dial-up Maintenance Port is a system through which regular/emergency maintenance or system repair can be done on a PBX. This activity is usually performed via a dial-up modem on a communications port.

GUIDELINES. The following steps should be taken to protect the dial-up modem maintenance port from unauthorized access.

10.2 Direct Inward System Access (DISA)

Direct Inward System Access (DISA) is the ability to call into a PBX, either on an 800 number or a local dial-in, and by using an authorization code, gain access to the long distance lines and place long distance calls through the PBX.

GUIDELINES. If Direct Inward System Access is allowed through a state owned PBX, the following steps should be taken to avoid unauthorized usage:

10.3 Class of Service Screening

Calling can be restricted at the long distance carrier level as well as at the PBX. This can limit exposure should unauthorized access to the long distance network be gained through a state owned PBX.


10.4 Voice Mail

Voice mail may be used to receive and retrieve messages when employees are unable to answer their telephone. This communications device is usually connected to the PBX through call routing via extensions and the potential for unauthorized message receiving or fraudulent calling can occur.

GUIDELINES. The following steps should be taken to minimize fraudulent use of voice mail.

Communicate with your PBX vendor and long distance carrier providers about options that are available for security and prevention of unauthorized use of voice mail.