1. A General presentation By Jason Dewar © Context Information Security Limited / Commercial in confidence Voice edge security Thursday, November 12, 2009

2. Presented by: Jason Dewar Enterprise Telephony Management A Presentation for Linkedin 19th June 2008

6. Traditional IT Security Firewall IDS Router Good News – Internet devices work reasonably well Bad news – Modem usage can bypass these devices Typical IT Network Blocked! Alert!

7. Authorised Modem attacks Modem Intruder LAN Servers Central Office Internet Voicemail PBX PSTN Alarm Systems Sprinkler Systems HVAC Systems Elevator Systems Refinery Controls Power Grid

8. Threats to Voice & Data Un-authorised Modem attacks LAN Servers Modems Central Office Internet PSTN Blocked at the perimeter Worms Trojans Viruses Internet traffic blocked at the LAN perimeter can be re-routed using Modems

9. Threats to Voice & Data War Dialling War Dialing used to be the only way to find modems In reality, war dialing discovers less than 25% of the problem User leaves connection to ISP dialed in so when you war dial you get a busy signal Discover the maintenance modems you already know exist The user who was connected to his ISP all day has taken his laptop home so when you war dial all you find is the fax machine – which is entirely legitimate War dial server PSTN ISP

10. Threats to Voice & Data PBX Attack Voicemail PBX FAX Servers Modems LAN Central Office Internet PSTN Intruder Remote access to PBX can allow service disruption or Theft.

11. Threats to Voice & Data Resource Hijacking LAN Voicemail PBX FAX Servers Modems Central Office Internet PSTN Intruder Unauthorised services

14. The solution

16. The SecureLogix ETM system The ETM ® System LAN Modem PSTN Trunks Firewall Phones Internet Provider Internet Connection Phones PBX Service Provider Switch ETM® System Voice Firewall: Blocks phone line attacks. Controls voice network access and service use. Voice IPS: Prevents malicious and abusive call patterns such as toll fraud. Performance Manager: Enterprise-wide dashboard. Real-time performance monitoring & diagnostics. Usage Manager: Enterprise-wide, PBX-independent CDR, call accounting, & resource utilization. Call Recorder: Policy-based recording of targeted calls. Trunk-side, cost effective solution.