Manualshelf

Technical information

ManualsBrandsAT&T ManualsNetwork RouterDEFINITY Remote Port Security Device
31323334353637383940
Security Risks
3-2 Issue 7 June 2001
Remote Access
Remote Access, or Direct Inward System Access (DISA), permits callers from the
public network to access a customer premises equipment-based system to use its
features and services. Callers dial into the system using CO, FX, DID, or 800
service trunks.
After accessing the feature, the user hears system dial tone, and, for system
security, may be required to dial a barrier code, depending on the system. If a
valid barrier code is dialed, the user again hears dial tone, and can place calls the
same as an on-premises user.
For the DEFINITY ECS, DEFINITY G1 and G3, and for the System 75, incoming
calls are routed to a Remote Access extension. For DEFINITY G2 and System 85,
callers are connected to the Remote Access feature when they dial the number
for an incoming Remote Access trunk group.
Different product releases have different restrictions, as follows. When a Remote
Access call is answered, the caller can be requested to enter either a barrier code
or an authorization code (the DEFINITY ECS, DEFINITY G1, G2.2 Issue 3.0 and
later), G3, and System 75 R1V3 can require both) before calls are processed.
When both maximum length barrier codes and authorization codes are required,
hackers need to decipher up to 14 digits to gain access to the feature.
Hackers frequently call toll-free 800 numbers to enter customer premises
equipment-based PBX systems so that they do not pay for the inbound calls. After
they are connected, hackers use random number generators and password
cracking programs to find a combination of numbers that gives them access to an
outside facility.
Unprotected Remote Access numbers (those that do not require barrier codes or
authorization codes) are favorite targets of hackers. After being connected to the
system through the Remote Access feature, a hacker may make an unauthorized
call by simply dialing and the telephone number. Even when the Remote
Access feature is protected, hackers try to decipher the codes. When the right
combination of digits is discovered (accidentally or otherwise), hackers can then
make and sell calls to the public.
For these reasons, all switches in the network should be protected. Refer to
Chapter 4 for more information on Remote Access for the DEFINITY ECS,
DEFINITY Communications Systems, System 75, and System 85. Refer to
Chapter 5 for more information on Remote Access for the MERLIN II, MERLIN
LEGEND, MERLIN Plus, PARTNER II, PARTNER Plus, and System 25
Communications Systems.
9