Toll Fraud Exploits

A company telephony system can be subject to toll fraud by company employees or by external people who try to find vulnerabilities in the system. The first group, employees, simply ignores policies, hoping that their activities will not be detected because it is difficult to differentiate between business calls and private calls based on the dialed number. The other group of people, the external callers, is more technically oriented. They try to find vulnerabilities in network devices, including IP telephony systems. Sometimes, they do not even specifically look for voice systems; they just exploit whatever system over which they can get control.

The main difference between these two groups is the way in which you can mitigate the "attack." In the case of external attackers, the key is to prevent unauthorized access to the system and its devices. For authorized users of the system, the administrator has to very carefully limit the technical abilities and features of the system without compromising the flexibility and efficiency of its users.

There are also some features in a telephony system that can be misused. These include call forward and call transfer settings and voice-mail transfer options. If the features that are commonly used for toll fraud are well protected, users might try to exploit the system using other features. As an example, if a user is not allowed to transfer an external call to another external destination, the user could try to set up a conference call for these two parties and then leave the conference.

Usually, an administrator has to accept the fact that toll fraud cannot be eliminated completely. The only way to achieve complete elimination would be to block all external calls and disable all features that would allow employees to place calls outside the company. This technique might be feasible for single-function telephones, such as public telephones located in a lobby, but is not desirable for telephones used by standard employees. Therefore, only those calls that can be clearly identified as nonbusiness calls will be blocked. However, in many cases, you cannot judge in advance whether the call being placed is business-related or private.

Figure 22-1 shows different types of toll fraud.

Figure 22-1. Forms of Toll Fraud

The following list explains these types of toll fraud:

  • Call Forward All (CFA) The first example describes a scenario in which an employee forwards the office number to, for example, an international or mobile number. This employee then tells friends to call the office number. The call is forwarded to the number that the employee specified, making the company pay the costs of the calls.
  • Transfer from voice mail The second toll fraud example shows an attacker making an external call to the voice-mail system, which forwards the call to an international premium destination. The attacker is billed only for a local call, whereas the company, from which the call is forwarded, pays for the international call.
  • Social engineering The third example shows a scenario in which an attacker calls from outside the company and uses social engineering tricks (for instance, pretending to be an employee working from home) to be transferred to an external number, such as 9011. The 011 prefix (plus 9 being the typical number dialed in corporations for outside dial tone) is used in the United States to place international calls. This attacker is also charged only for a local call, whereas the company again pays for the connection to an international telephone number.
  • Inside facilitators The fourth example is very similar to the third one. But in this case, an employee inside the company transfers the external call to another external number. In this case, the toll fraud has an internal source.

Preventing Call Forward and Voice Mail Toll Fraud Using Calling Search Spaces

Part I: Cisco CallManager Fundamentals

Introduction to Cisco Unified Communications and Cisco Unified CallManager

Cisco Unified CallManager Clustering and Deployment Options

Cisco Unified CallManager Installation and Upgrades

Part II: IPT Devices and Users

Cisco IP Phones and Other User Devices

Configuring Cisco Unified CallManager to Support IP Phones

Cisco IP Telephony Users

Cisco Bulk Administration Tool

Part III: IPT Network Integration and Route Plan

Cisco Catalyst Switches

Configuring Cisco Gateways and Trunks

Cisco Unified CallManager Route Plan Basics

Cisco Unified CallManager Advanced Route Plans

Configuring Hunt Groups and Call Coverage

Implementing Telephony Call Restrictions and Control

Implementing Multiple-Site Deployments

Part IV: VoIP Features

Media Resources

Configuring User Features, Part 1

Configuring User Features, Part 2

Configuring Cisco Unified CallManager Attendant Console

Configuring Cisco IP Manager Assistant

Part V: IPT Security

Securing the Windows Operating System

Securing Cisco Unified CallManager Administration

Preventing Toll Fraud

Hardening the IP Phone

Understanding Cryptographic Fundamentals

Understanding the Public Key Infrastructure

Understanding Cisco IP Telephony Authentication and Encryption Fundamentals

Configuring Cisco IP Telephony Authentication and Encryption

Part VI: IP Video

Introducing IP Video Telephony

Configuring Cisco VT Advantage

Part VII: IPT Management

Introducing Database Tools and Cisco Unified CallManager Serviceability

Monitoring Performance

Configuring Alarms and Traces

Configuring CAR

Using Additional Management and Monitoring Tools

Part VIII: Appendix

Appendix A. Answers to Review Questions


Authorized Self-Study Guide Cisco IP Telephony (CIPT)
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
ISBN: 158705261X
EAN: 2147483647
Year: 2004
Pages: 329 © 2008-2020.
If you may any questions please contact us: