In the context of the prevention of the phenomenon of telecommunication fraud incidents carried out in telecommunication centers of enterprises through "attacks", which exploit possible security gapsThe E Criminal Prosecutor's Office recommends the following:
Concerning the security gaps in the call centers, the following are proposed:
-
Disable pre-installed codes accessto the PBX maintenance ports.
-
Periodic change of PBX maintenance ports from certified engineers.
-
Select codes consisting of at least 7 digits with a combination of alphanumeric, digit and symbol.
-
Each device must have an independent password and not an extension.
-
Install/Enable logging of files incoming/outgoing (CDR recording software).
-
In the event that PBX access is not required to thenetwork we disable it. Since it is necessary for the center to have access to the internet, the use of Firewalls is recommended.
-
If deemed necessary, it is considered appropriate to limit the source IPs that can access the center's open doors.
-
In the I P PBX case, we allow access from clearly predefined terminals.
-
Properly managed authorized codes to block outgoing calls.
-
Parameterization of equipment in such a way that no connection to external networks, call forwarding, etc. is allowed. except those that have been identified as absolutely necessary for the mode of the services of each user.
-
Disable forwarding programming to external numbers. Create groups in the call center with specific capabilities according to your needs.
-
Disable Allow Guest in SIP Configuration.
-
Enable remote access only when necessary, otherwise it remains off.
-
Inform users about potential dangers.
-
With respect to the installation of call centers, access to the communications area is important, such as:
-
The security door installation.
-
Granting access keys only to authorized personnel associated with equipment maintenance.
-
Keeping entry - exit files in the space.
-
With regard to the services provided by the providers:
-
Providers enable their customers, at their request, not to forward calls to destinations abroad.
-
Providers periodically check the daily unpaid traffic of the current month made by the call center in order to detect in an unusual manner abnormal increased charges for which customers are then informed.
-
In case of fraud, it is possible for the provider to enable the customer to temporarily or permanently block the outgoing calls to the specific destinations to which the calls in question were detected.
It is noted that the operation, use, management, maintenance and upgrading of business telecommunication centers is their exclusive competence.