PBX Security - PBX Info :: Your Free PBX, PABX and Telephone Information Resource

DREaton3162 · 05-25-2006, 05:03 PM

I got put in charge of the PBX about 3 years ago - with no training or documentation. While I have pretty much figured out the basics of making moves, adds, and changes, I am not knowledgeable enough to check to be sure that my PBX is secure.

For example, my boss wants to know if our PBX, a Meridian 1, has any way to generate a report of what extensions are making particular long distance calls. I have learned enough to discover that you can list phones with particular features (I tried it today for the first time) but have no idea if there is any way to trace calls back to a TN and, for example, find out who is making all teh international calls to Korea.

gwebster · 05-25-2006, 07:21 PM

First thing - get the documentation. All NTPs (acronym Northern Telecom Practice) can be freely downloaded from www.nortel.com/support once you have registered. Then look at the "Call Detail Recording" NTP.

TomasSouth · 05-26-2006, 02:57 AM

Quote:

Originally Posted by DREaton3162

For example, my boss wants to know if our PBX, a Meridian 1, has any way to generate a report of what extensions are making particular long distance calls.

Usually, the PABX just gives out raw data. I think what you need is a billing software, either a 3rd party software, or the OTM with TBS package. From that you can generate the report you much needed.

DREaton3162 · 05-26-2006, 07:57 AM

Quote:

Originally Posted by TomasSouth

Usually, the PABX just gives out raw data. I think what you need is a billing software, either a 3rd party software, or the OTM with TBS package. From that you can generate the report you much needed.

Can you define and explain what OTM and TBS mean - and how such third party software would go about interfacing with the PBX?

***Archibald J. Cox*** · 05-26-2006, 10:08 AM

OTM = Optivity Telephony Management

It's a Graphical User Interface (GUI) for the PBX that can have additional packages installed on it to collect Call Data Records (CRD) information so that you can see who's calling where.

<begin Arch's standard shameless plug>
As far as the rest of the PBX security, check out this link:
http://www.infoplusonline.com/products/security-u.html

InfoPlus, the company I work for, offers a comprehensive PBX security audit. If you check with your PBX Vendor, you may find that you are allotted one free of charge or at a discount depending on your maintenance contract. If not, you can order one up from us directly.

Here's a sample .pdf of what the output looks like. If you don't want to order one, it will at least explain the types of things to look for in your own PBX:
http://www.infoplusonline.com/report...05292004SA.pdf

</end shameless plug>

-Arch

DREaton3162 · 05-26-2006, 02:08 PM

I'm still in the "basic" mode of checking our phone's NCOS values - and am getting more and more confused. I fugured out how to list phones by their NCOS value and we have about 350 phones here and they are divided into the following catagories:

About 50 have a NCOS value of 0
Another 12 have a NCOS value of 1
Roughly 285 have their NCS value set to 4
The rest (about 75) have no NCOS value assigned.

I know that the ones with a value of 1 are limited to making calls within the PBX - but the ones with a value of 0 seem to behave the same way. I am assuming that the ones with a value of 4 can call any local number and the ones with no value attached can call any number - even international calls.

Is that correct?

mai_roo_jak · 05-28-2006, 12:12 PM

Maybe correct for your pbx only. Check out the FCR table in LD49. You will see what your NCOSs are defined.

DREaton3162 · 05-30-2006, 08:08 AM

Quote:

Originally Posted by mai_roo_jak

Maybe correct for your pbx only. Check out the FCR table in LD49. You will see what your NCOSs are defined.

I figured the info had to be in the PBX somewhere - but I've never even been in LD 49. Can someone walk me through the commands once I get there? Do I have to use a LST command or what?

TomasSouth · 05-30-2006, 09:54 AM

I don't know if this is formally right, I just learn from experience:

LD 87, check NCTL and verify the FRL value. NCTL is the NCOS.
LD 21, check the FRL inside the RDB, then the number beside it is the FCR.
LD 49, check the setting of that FCR table, whether deny or allow the digits.

My example is the basic one, without the ESN programming yet in LD 86.

DREaton3162 · 05-30-2006, 10:07 AM

Quote:

Originally Posted by TomasSouth

I don't know if this is formally right, I just learn from experience:

LD 87, check NCTL and verify the FRL value. NCTL is the NCOS.
LD 21, check the FRL inside the RDB, then the number beside it is the FCR.
LD 49, check the setting of that FCR table, whether deny or allow the digits.

My example is the basic one, without the ESN programming yet in LD 86.

Thanks for the response - but this is still a little beyond my knowledge. I know how to get into LD 49 for example , but have no idea how to check the settings for the FCR table once I get there - or even what a FCR table is for that matter. I have mastered basic Moves, Adds, and Changes and that is about it....

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How secure is VoIP?	rixride	Security	5	10-12-2007 01:29 PM
Security in VoIP Networks – Stronger than TDM!	rixride	Security	6	07-26-2006 06:00 PM
IP Security in a Hosted Environment	rixride	Security	0	12-19-2005 11:26 AM
Don't believe the VoIP security hype	rixride	Security	1	11-24-2005 02:51 AM
Technologies that can help you secure voice over IP	rixride	Security	0	10-03-2005 04:27 PM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)