Manualshelf

Installation guide

ManualsBrandsVertical ManualsComputer equipmentWave Phone
961962963964965966967968969970
Securing your system against toll fraud A-7
: Protecting Your Phone System Against Toll Fraud
Wave Global Administrator Guide
Securing your phone system database
Toll fraud typically involves “hacking” over phone lines instead of data hacking. However, the
Wave database runs on a Windows server on your network and contains all permission settings
and can be hacked at that level. It is always wise to keep your corporate network secure from
unauthorized external access. This safeguards your database against tampering by network and
computer hackers. Some ways to do this include:
Use standard firewall technology to secure access to your network. If desired, allow access to
specific protocols and ports, such as those for HTTP (VoIP).
Securing SIP stations
If your system uses SIP phones as external stations, hackers can gain entry to the system by
sending a SIP message that duplicates the SIP URI of a SIP phone user, for example,
vwilliams@sip:www.Vertical.com. Without protection, Wave assumes the call is coming from
the external station and automatically logs it in and provides internal dial tone, permitting the
caller to place outbound calls through Wave.
To protect against SIP fraud, you can do the following:
Make sure that each SIP phone uses authentication credentials whenever it connects to
Wave.
If your system interacts with an external SIP server, such as a PSTN gateway or a SIP
provider (IPSP), set up two SIP spans, one to handle SIP stations and the other to handle
traffic from the external SIP server.
Checking for current scams
Most phone carriers maintain toll fraud web pages with current information. You can monitor
these web sites for up-to-date information and potential remedies. Contact your carrier for more
information.
Release 2.0
September 2010