............................................................... 2
Evaluation Approach
.............................................................................................................................. 3
SYSTEM ARCHITECTURE
................................................................................. 5
Separation of Switching and Administrative Functions
........................................................................ 5
Switching Algorithm
.............................................................................................................................. 6
Function Allocation
................................................................................................................................ 7
HARDWARE
........................................................................................................ 9
Susceptibility to Tapping
....................................................................................................................... 9
Analog Voice with or without Separate Control Signals
....................................................................... 9
Analog Voice with Inclusive Control Signals
..................................................................................... 10
Digital Voice with Inclusive Control Signals
..................................................................................... 10
Echo Cancellation
............................................................................................................................. 11
Analysis of Signaling Methods
.......................................................................................................... 11
Instrument Modification Risks
............................................................................................................ 12
Conferencing (Hardware)
.................................................................................................................... 13
Countermeasures
.................................................................................................................................. 13
MAINTENANCE
................................................................................................. 14
Remote Access
...................................................................................................................................... 14
Maintenance Feature Vulnerabilities
.................................................................................................. 15
Line Testing Capabilities
..................................................................................................................... 15
Undocumented Maintenance Features
................................................................................................ 15
Special Manufacturers Features
......................................................................................................... 16
Manufacturers Development & Test Features
................................................................................... 17
Countermeasures
.................................................................................................................................. 18
ADMINISTRATIVE DATABASES
...................................................................... 19
Software Loading and Update Tampering
.......................................................................................... 19
Tamper and Error Detection
.............................................................................................................. 19
Countermeasures
............................................................................................................................... 20
Crash-Restart Attacks
......................................................................................................................... 20
Live Microphone Vulnerabilities
....................................................................................................... 20
Embedded Login IDs and Passwords
................................................................................................. 21
Countermeasures
............................................................................................................................... 21
Passwords
............................................................................................................................................. 21
Password Types
................................................................................................................................. 22
Password Login Timeouts
.................................................................................................................. 23
Multi-Level Password Access
............................................................................................................ 24
Countermeasures
............................................................................................................................... 24
Physical Security
.................................................................................................................................. 24
Countermeasures
............................................................................................................................... 25
Remote Access
...................................................................................................................................... 26
Remote Access via an Attendant Console
........................................................................................... 26
Remote Access via a Terminal
........................................................................................................... 26 iv
Countermeasures
............................................................................................................................... 27
Alarms and Audit Trails
...................................................................................................................... 27
USER FEATURES
............................................................................................. 29
Attendant Console
................................................................................................................................ 29
Attendant Override
............................................................................................................................ 29
Attendant Forwarding
........................................................................................................................ 30
Attendant Conferencing
..................................................................................................................... 31
Automatic Call Distribution (ACD)
..................................................................................................... 32
Call Forwarding
................................................................................................................................... 33
Account Codes/Authorization Codes
.................................................................................................... 34
Access Codes
......................................................................................................................................... 35
Silent Monitoring
................................................................................................................................. 36
Conferencing
........................................................................................................................................ 37
Override (Intrude)
............................................................................................................................... 38
Auto Answer
......................................................................................................................................... 39
Tenanting
.............................................................................................................................................. 40
Voice Mail
............................................................................................................................................ 41
Unauthorized Access to Stored Messages
........................................................................................... 41
Denial of Service
................................................................................................................................... 42
Lengthy Messages
............................................................................................................................. 42
Embedding Codes in Messages
.......................................................................................................... 43
Access to Outgoing Lines
.................................................................................................................. 44
Privacy Release
.................................................................................................................................... 44
Non-Busy Extensions
............................................................................................................................ 45
Diagnostics
............................................................................................................................................ 46
Camp-On
.............................................................................................................................................. 46
Dedicated Connections
......................................................................................................................... 47
Feature Interaction Attacks
................................................................................................................. 48
Call Forwarding/Return Call
..............................................