In the context of the prevention of the phenomenon of telecommunication fraud incidents carried out in telecommunication centers of enterprises through "attacks", which exploit possible security gapsThe E Criminal Prosecutor's Office recommends the following:
Concerning the security gaps in the call centers, the following are proposed:
-
Disable pre-installed PBX maintenance ports.
-
Periodic change of PBX maintenance ports from certified engineers.
-
Select codes consisting of at least 7 digits with a combination of alphanumeric, digit and symbol.
-
Each device must have an independent password and not an extension.
-
Install / Enable logging of incoming / outgoing files (CDR software).
-
In case PBX is not needed, we will disable it. If it is necessary for the center to have access to the Internet, it is advisable to use Firewalls.
-
In the event that it is deemed necessary, it is considered appropriate to limit the source IPs that can access the open doors of the center.
-
In the I P PBX case, we allow access from clearly predefined terminals.
-
Properly managed authorized codes to block outgoing calls.
-
Parameterization of equipment in such a way that no connection to external networks, call forwarding, etc. is allowed. except those that have been identified as absolutely necessary for the mode of the services of each user.
-
Disable forwarding programming to external numbers. Create groups in the call center with specific capabilities according to your needs.
-
Disable Allow Guest in SIP Configuration.
-
Enable remote access only when necessary, otherwise it remains off.
-
Inform users about potential dangers.
-
With regard to installation των τηλεφωνικών κέντρων σημαντική είναι η ασφάλεια πρόσβασης στο χώρο των επικοινωνιών, όπως:
-
The security door installation.
-
Granting access keys only to authorized personnel associated with equipment maintenance.
-
Keeping entry - exit files in the space.
-
Regarding the provided services from providers:
-
Providers enable their customers, at their request, not to forward calls to destinations abroad.
-
Providers periodically check the daily unpaid traffic of the current month made by the call center in order to detect in an unusual manner abnormal increased charges for which customers are then informed.
-
In case of fraud, it is possible for the provider to enable the customer to temporarily or permanently block the outgoing calls to the specific destinations to which the calls in question were detected.
It is noted that the operation, use, management, maintenance and upgrading of business telecommunication centers is their exclusive competence.