Voice and Telephony Security

A company's vulnerability to threats varies by its size and business type. For example, businesses that frequently engage in intense international bidding may find themselves in competition with a government-owned organization. Because the government often owns the telephone company as well (PTT), there is a temptation to "share" information by tapping the lines (all it takes is a butt set and knowing which trunks to tap into). While such occurrences are undoubtedly infrequent, they are a threat.

Toll fraud, on the other hand, is ubiquitous. Hackers use stolen calling cards to find a vulnerable PBX anywhere in the world and sell the number on the street (mostly for international calls). Poorly controlled voicemail options and DISA (direct inward system access) are excellent "hacker attractor" features. Medium-sized installations are preferred because they offer enough complexity and trunking to allow hackers to get into the system and run up the minutes before detection. Smaller key system sites do not have the capacity, and larger sites often (but not always!) have toll fraud detection systems (such as Telco Research or ISI Infortext's TSB TrunkWatch Service).

Two characteristics of the telephone system enhance the hacker's world of opportunity: (1) it is difficult to trace calls because they can be routed across many points in the system; and (2) hacking equipment is relatively cheap, consisting of a PC or even a dumb terminal hooked to a modem. Hackers (a.k.a. "phone phreaks") sometimes have specific PBX training. It could be a disgruntled PBX technician (working for an end-user organization or the vendor). In addition to their technical background, hackers share explicit information over the Internet. These individuals have a large universe of opportunity; they hack for awhile on a voice system, find its vulnerabilities, and then wait for a major holiday and go in for the kill. Losses of $100,000 over four days are common. If holes in one PBX have been plugged, they go on to another. In some cases, they use a breach in one PBX to transfer to another, even less secure PBX.

The final category of security break, malicious pranks, gets inordinate attention from senior management — far beyond the economic damage usually incurred. For example, a voicemail greeting could be reprogrammed (just by guessing the password) to say, "Hello, this is Mr. John Doe, CEO of XYZ Company. I just want you to know that I would never personally use any of XYZ's products." Of course, not all changes are minor. A clever hacker who obtains control of the maintenance port can shut down all outgoing calls or change a routing table — there is no end to the damage if the maintenance port is compromised.

The Future for Satellite Technology

Although traditional VSAT technology, with its minimal uplink bandwidth, is not appropriate for some organizations, the newer systems in development should be reviewed by network architects. For example, Hughes' new system under development, the Spaceway system, is expected to provide a variety of low-cost broadband services with small satellite dishes, with data rates ranging from 512 kbps upstream and up to 30 Mbps downstream. Applications will include Internet access (with a strong multimedia component) to LAN/ WAN solutions for work-at-home employees, SOHOs, and large organizations.

Hughes' system includes full mesh point-to-point and multicast communications architecture. This allows the development of high bandwidth peer-to-peer applications, such as file sharing, distributed databases, and decentralized content distribution.

The availability of reasonably fast Internet links in rural areas around the world could significantly change the business dynamic of many firms. While the media continually laments the lack of bandwidth, the most serious deficiency of the Internet is actually the lack of geographic coverage.

Another alternative architecture is a hybrid system that uses satellite transmissions for downlink and terrestrial for uplink (currently used to provide Internet access to areas with no other broadband availability). Because satellites are large (many tons), they have power plants that allow megabit-per-second downloads of video, software upgrades, and other information. The terrestrial link in this asymmetric data access scheme provides for less latency (delay) for the user response. Most applications, as is the case with home Internet users, consume far more download bandwidth than upload bandwidth.

The technology of caching will be increasingly used for Internet services. Caching takes recently retrieved information, copies it, and places it on a server close to the consumer. This process allows users to access popular Internet data quickly because it is physically located much closer to the user. The more users are associated with a cache, the more the benefit because there will be a higher likelihood that a requested file will be in the cache. This could potentially speed the deployment of international intranets for global organizations. Caching is relevant to satellite transmissions because it reduces demand for repetitive uplinks from the hub for frequently used pages.