Evite el Riesgo – El CompletePBX es su Mejor Defensa Contra Ataques Cibernéticos

Ataque Cibernético — usuarios maliciosos que logran un acceso no autorizado a sistemas basados en Internet — no es un fenómeno nuevo. Sin embargo, se está incrementando a un ritmo tan rápido, sobre todo en el mundo de la Telefonía en Internet (VoIP y troncalización SIP), que no puede ser ignorado. Revise estas publicaciones recientes que detallan una realidad perturbadora que deben enfrentar hoy las empresas.

Qué puede hacer Ud. para evitar un Ataque Cibernético a su Sistema de Telefonía?

El sistema telefónico corporativo CompletePBX™ de Xorcom con su máxima seguridad, puede mantener segura a su red de comunicaciones frente a todas los tipos de ataques cibernéticos. Creemos que la mejor política de protección al PBX IP es la que se pone en práctica desde el primer día. Como resultado, CompletePBX viene pre-configurado con múltiples salvaguardias contra abusos en cuatro diferentes niveles:

  1. Camuflaje – Nuestros sistemas CompletePBX se mimetizan para evitar la atención de factores maliciosos que saben cómo identificar los sistemas de VoIP en la Internet.
  2. Vigilancia – Nuestra característica de detección de intrusiones está constantemente en alerta, reconociendo las amenazas potenciales y desviándolas antes de que lleguen al PBX.
  3. Defensia – Si alguna entidad no autorizada intenta ingresar al PBX, nuestro software integrado de control de sesiones de borde de red (session border controller), la bloqueará antes de que pueda causar cualquier daño.
  4. Alerta –Cualquier ataque en curso genera un e-mail inmediato al administrador del sistema.

Camuflaje

CompletePBX Opera en Modo Oculto

Mediante el uso de métodos de identificación no estándares, los sistemas CompletePBX están verdaderamente camuflados en Internet, reduciendo significativamente la probabilidad de ataques cibernéticos.

Configuraciones Seguras de VoIP

De forma predeterminada, el CompletePBX denegará las solicitudes SIP no deseadas sin revelar el motivo del rechazo. De esa forma, dificulta enormemente la posibilidad de que atacantes de fuerza bruta adivinen el nombre y contraseña SIP del usuario.

Vigilancia

Detección y Prevención de Intrusos

El CompletePBX posee funciones integradas de detección de intentos de acceso no autorizados al sistema, en base a una configuración de permisos establecidos por el administrador del PBX. Una intrusión potencial es un número de intentos de acceder sin éxito al sistema durante un plazo determinado de tiempo, según lo definido por el usuario.

Después de detectarse una posible infiltración, la dirección IP del intruso será bloqueada para cualquier  acceso posterior al sistema por el período definido de prohibición, y una alerta será enviada al correo electrónico del administrador.

Defensia

CompleteSBC™: Aplicación Integrada Controlador de Sesiones de Borde de Red (SBC)

Operadores y usarios por igual apreciarán la capacidad de CompleteSBC, un Controlador de Sesiones de Borde de Red (SBC) basado en software  que sella efectivamente el PBX-IP, para proteger y defender el CompletePBX de un uso indebido.

Un sofisticado conjunto de reglas predefinidas, pero personalizables, con el soporte de una interfaz de administración intuitiva (GUI), permite una fácil configuración de sus múltiples funciones. El CompleteSBC actúa como un “firewall SIP” para control de acceso.

Una versión de prueba del CompleteSBC, que permite múltiples sesiones con duración limitada de la llamada, está integrada en todos los sistemas CompletePBX. La compra de  licencias electrónicas activará canales de comunicación sin límite máximo de duración en las llamadas.

Firewall Integrado

El punto en el que un sistema se abre para que pueda ser administrado de forma remota es casi siempre el momento en que la seguridad se ve comprometida. Nuestra recomendación es bloquear el sistema del mundo exterior, instalando el CompletePBX en una LAN protegida por un firewall/enrutador NAT. Como un medio adicional de protección, CompletePBX cuenta con su propio firewall. Las reglas predeterminadas en el firewall integrado pueden ser modificadas para adaptarse a aplicaciones específicas y relevantes para sus actividades.

La Configuración Inicial está Bloqueada por Defecto

El CompletePBX está pre configurado para utilizar políticas restrictivas de seguridad. Por ejemplo, en la configuración predeterminada el CompletePBX no acepta llamadas SIP de terminales que no estén ubicados en la LAN. Los clientes que deseen que el PBX pueda recibir llamadas entrantes desde Internet deben explícitamente habilitar este funcionamiento en la configuración del CompleteSBC/Firewall.

Evaluación de Seguridad de la Contraseña

La configuración de contraseñas seguras es imperativa para las extensiones SIP e IAX2, así como para las funciones de Acceso Directo al Sistema Interno (Direct Inward System Access – DISA) y de Call Back. Además, la definición de contraseñas para todas las rutas de salida utilizadas para llamadas internacionales detiene significativamente a los intrusos que intentan realizar llamadas fraudulentas. En el CompletePBX, un algoritmo especial detecta contraseñas problemáticas potenciales y emite una advertencia al administrador.

Acceso Remoto Seguro a través de Rapid Tunneling™

El permiso de acceso remoto a los usuarios autorizados, como administradores del sistema o el personal de apoyo técnico trabajando a distancia, es un desafío superado mediante la función Rapid Tunneling de Xorcom. El túnel de acceso seguro (SSH) es utilizado para acceder a la interfaz Web CompletePBX de forma segura y controlada.

Protección para rotación de personal de nivel de administradores del sistema

El CompletePBX cuenta con diferentes niveles de acceso definidos por el usuario; las cuentas del administrador pueden tener su acceso restringido a un rango específico de extensiones o un conjunto específico de características en el PBX. Mediante la creación de distintos usarios de administración del sistema CompletePBX, los cambios de personal requieren simplemente la remoción de la cuenta específica para asegurarse de que ya no tiene acceso.

Alerta

CompleteAlert™: Sistema Integrado de Alarma en Tiempo Real

Una actividad no autorizada en el sistema telefónico genera inmediatamente alertas en tiempo real, en forma de mensajes de correo electrónico al administrador del sistema.

.

.

.

.

No asuma riesgos costosos.

El CompletePBX ofrece la mejor protección contra ataques cibernéticos en la industria.

Contacte a Xorcom para una consulta sobre seguridad (sin cargo).

¡Elegir el PBX-IP incorrecto puede costarle $$$$$ en fraude telefónico… desde el primer día!

.

Sepa Cómo  Evitar el Riesgo de un Ataque Cibernético

toll-fraud-perpetrator

Un número creciente de empresas está aprendiendo a valorar las ventajas de las comunicaciones VoIP: reducción considerable de gastos en llamadas de larga distancia, comunicaciones unificadas, el uso óptimo de los recursos de la red… y la lista sigue y sigue. Por otro lado, los hackers se están volviendo cada vez más sofisticados, convirtiendo el fraude telefónico en una industria multimillonaria. Ese mismo estudio, en el cual se entrevistó a expertos en fraude y seguridad especializados en la industria de telecomunicaciones, indica que las pérdidas por fraude están creciendo a un ritmo más rápido que los ingresos globales de telecomunicaciones.*

¿Quién es Responsable de proteger los Sistemas Telefónicos?

Informes sobre ataques cibernéticos aparecen regularmente en los medios de comunicación. Por ejemplo, según se informa en un reciente artículo del New York Times, una firma de arquitectura de Georgia es ahora responsable por llamadas de alto costo realizadas de forma fraudulenta por la suma de $166,000 en un solo fin de semana.. El bufete de abogados de la empresa presentó una denuncia ante la Comisión Federal de Comunicaciones (FCC) de los Estados Unidos, pero el abogado del caso señaló que “hay una serie de decisiones antiguas de la FCC de los años que datan de la de 1990, que indican que un cliente es 100% responsable por llamadas fraudulentas en su PBX “.

Sin embargo, el fraude afecta también de forma negativa a las operadoras de telecomunicaciones, así como a sus clientes. Las pérdidas aumentan los costos de operación de los carriers de comunicación ‘y perjudican su reputación. Varios países ya tienen nuevos requisitos regulatorios en vigencia, que adjudican una responsabilidad, al menos parcial, del fraude telefónico, a las operadoras de telecomunicaciones.

Contactado para investigar una violación reciente a un servicio de PBX hospedado, Leonid Fainshtein CTO de Xorcom confirmó que el ataque ocurrió cuando un hacker entró en la puerta trasera de un portal, erróneamente dejada el operador del servicio. La noticia llegó al cliente sólo cuando recibió su factura mensual, con un costo ochenta veces mayor que el habitual. De acuerdo con el Director General, el principal prestador de servicios no sólo había olvidado de notificar al usuario que había ocurrido algo extraño en su sistema, sino que también transfirió la responsabilidad a una sub-operadora, y aún no está claro de quién es la responsabilidad de mantener la seguridad de la red de la empresa.

¿Cómo se puede evitar el pago de 80 veces su factura normal de teléfonodebido a un fraude telefónico?

Primero, es importante entender qué tipo de abuso es predominante en la actualidad. El fraude telefónico se produce al infiltrarse a un PBX-IP y utilizándolo para realizar llamadas salientes que son vendidas como minutos a otros clientes – con la empresa dueña del PBX IP pagando la cuenta (como en los casos citados anteriormente). Otro abuso implica en penetrar en el PBX-IP para obtener información acerca de la red, con el objetivo de hackear la red de datos de la empresa con propósitos de espionaje u otros tipos de daños industriales. Pocas horas de acceso no autorizado pueden costar fácilmente a su empresa muchas veces más que el precio de todo el sistema de telefonía.

El sistema corporativo de telefonía  CompletePBX™ de Xorcom, de máxima seguridad, puede mantener su red de comunicaciones segura contra todos estos tipos de ataques cibernéticos. 

Para obtener más información, haga clic aquí.

*Fuentes

Branching into 21st Century Telephony | Talk Business Magazine

Contemporary telephone systems play a far more crucial and creative role in businesses than previously thanks to advances in technology and the impact of t

Source: Branching into 21st Century Telephony | Talk Business Magazine

Choosing the Wrong IP-PBX Can Cost You $$$$$ in Toll Fraud

.

Learn How to Avoid the Risk of Cyber-Attack

toll-fraud-perpetratorIncreasing numbers of enterprises are learning to appreciate the advantages of VoIP communications: greatly reduced long distance charges, unified communications, optimal use of network resources…the list goes on and on. On the other hand, hackers are becoming ever more sophisticated, turning toll fraud into a multi-billion dollar a year industry. That same study, which interviewed fraud and security experts focused on the telecom industry, reports that fraud losses are growing at a faster pace than global telecom revenues.*

Who is Responsible for Securing Telephone Systems?

Reports of cyber-attack show up in the media on a regular basis.  For example, as reported in a recent New York Times article, an architecture firm in Georgia is now answerable for $166,000 in calls made in a single weekend after a premium-rate service-fraud attack. The company’s law firm filed a complaint with the United States Federal Communications Commission (FCC) but the lawyer on the case noted “There are a number of ancient FCC decisions dating back to the early 1990s that say that if a customer has fraudulent calls, the customer is 100 percent liable.”

However, fraud negatively affects telco carriers as well as their customers. The losses increase the communications carriers’ operating costs and damage their reputation. Several countries already have new regulatory requirements in place which put at least partial responsibility for toll fraud on the telco carrier.

Called to investigate a recent breach to a hosted PBX service, Xorcom CTO Leonid Fainshtein confirmed the attack occurred when a hacker entered a portal back-door, erroneously left open by the company’s telecommunications carrier. The news reached the company only when they received their monthly invoice, with charges of over eighty times their usual bill. According to the CEO, their main service provider had not only neglected to notify the company of strange goings-on with their system, but they also passed the buck onto a subcarrier, and it is still unclear onto whom the responsibility falls to keep the company’s network safe.

How can you avoid paying 80 times your regular phone bill in toll fraud?

First, it is important to understand what kind of abuse is prevalent in today’s world. Toll fraud occurs by gaining access to the IP-PBX and utilizing it for outbound calls sold as minutes to customers—with the enterprise footing the bill (as in the cases cited above). Other abuse involves penetrating the IP-PBX to learn more about the network, with the aim of hacking into the enterprise’s data network for the purpose of espionage or other types of industrial damage. A few hours of unauthorized access can easily cost your company more than the price of the entire phone system – many times over.

Xorcom’s CompletePBX™ maximum-security business telephony system can keep your communications network safe against all these types of cyber-attack. For more information, click here.

*Sources

Avoid the Risk – CompletePBX is Your Best Defense Against Cyber-Attacks

Cyber-attack — malicious users gaining unauthorized access to Internet-based systems — is not a new phenomenon. However, the rate that it is spreading, especially to the world of Internet Telephony (VoIP and SIP trunking), cannot be ignored. Check out this recent post which details some of the disturbing facts that face enterprises today.

What Can You Do to Avoid the Risk of Cyber-Attack on Your Phone System?

Xorcom’s CompletePBX™ maximum-security business telephony system can keep your communications network safe against all these types of cyber-attack. We believe that the best IP-PBX protection policy is the one in place from day one. As a result, CompletePBX comes preconfigured with multiple safeguards against abuse on four different levels:

  1. Camouflage – Our CompletePBX systems disguise themselves to avoid the attention of malicious users who know how to identify VoIP systems on the Internet.
  2. Vigilance – Our intrusion detection feature is constantly on the watch, recognizing potential threats and diverting them before they reach the PBX.
  3. Defense – If any unauthorized entity does manage to get to the PBX, our integrated session border controller software will block it before it can do any damage.
  4. Alert –Any attack in progress generates an immediate e-mail message directly to your system administrator.

Camouflage

CompletePBX Operates in Stealth Mode

camouflageBy using non-standard identification methods, CompletePBX systems are essentially camouflaged on the Internet, significantly reducing the probability of cyber-attacks.

Secure SIP Settings

By default, CompletePBX will reject unwanted SIP requests without disclosing the reason for rejection. This greatly hampers brute-force attackers from guessing the SIP username and passwords.

Vigilance

Intrusion Detection and Prevention

vigilanceCompletePBX features built-in detection of unauthorized attempts to access the system based on permission parameters set up by the system administrator. A potential intrusion is defined as a user-defined number of unsuccessful attempts to access the system within a specific timeframe.

After a potential intruder has been detected, the intruder’s IP address will be blocked from further access to the system for the defined ban period, and an email alert will be sent to the administrator.

Defense

CompleteSBC™: Integrated Session Border Controller (SBC) Application

defenseCarriers and customers alike will appreciate the ability of CompleteSBC, a software-based Session Border Controller (SBC) that effectively seals off the IP-PBX, to protect and defend the CompletePBX IP-PBX from misuse.

A sophisticated set of predefined yet customizable rules, supported by an intuitive GUI interface, enables easy configuration of its many features. CompleteSBC acts as a “SIP firewall” for access control.

A trial version of the CompleteSBC, supporting multiple calls with limited call duration, is integrated into every CompletePBX system. Purchasing an electronic license will activate additional channels, and remove the call duration limitation.

Built-In Firewall

The point at which a system is opened up so it can be remotely administered is almost always the point of compromise in an intrusion. Our recommendation (and the system’s default configuration) is to lock down the system from the outside world, installing CompletePBX on a LAN protected by a firewall/NAT router. As an additional means of protection, CompletePBX features its own built-in firewall. The default rules in the built-in firewall can be modified to accommodate specific applications relevant to your business.

Initial Configuration Is Locked by Default

CompletePBX is preconfigured to use restrictive security policies. For example, in the default configuration CompletePBX does not accept SIP calls from endpoints not located on the LAN. Customers who want the PBX to be able to receive inbound calls from Internet sources must explicitly enable this behavior in the CompleteSBC/firewall configuration.

Password Strength Assessment

Setting strong passwords is imperative for SIP and IAX2 extensions, as well as for Direct Inward System Access (DISA) and call-back functions. In addition, defining passwords for all outbound routes used for international calls significantly deters intruders from making malicious calls. In CompletePBX, a special algorithm detects potentially problematic passwords and issues a warning to the administrator.

Secure Remote Access via Rapid Tunneling™

Allowing remote access to authorized users such as system administrators or technical support staff working offsite is a challenge met via Xorcom’s Rapid Tunneling feature. Secure Shell (SSH) tunneling is used to access the CompletePBX Web interface in a secure and controlled fashion.

Administrator Accounts for Employee Turnover Protection

CompletePBX features different levels of user-configurable administrator access; administrator accounts can have their access restricted to a specific extension range or a specific set of features in the PBX. By creating separate administrator accounts for all CompletePBX system administrators, staffing changes simply require user account removal to ensure they no longer have access.

Alert

CompleteAlert™: Built-in Real-Time Alarm System

alertUnauthorized activity on the phone system immediately generates real-time alerts, in the form of e-mail messages sent directly to the system administrator.

Don’t take the costly risk.

CompletePBX provides the best protection against cyber-attacks in the industry.

Contact Xorcom for a free security consultation:

Xorcom CEO Quoted in Industry Article on VoIP Adoption by PSTN Users

Eran Gal, CEO and co-founder of Xorcom, was recently interviewed for an article published by SoftwareAdvice. The article, entitled “PSTN User Perspectives on IP Communications IndustryView | 2014″ researched the VoIP adoption behavior of PSTN users. Below you’ll find the reason that the author sought out Xorcom as an expert on this topic, as well as a link to the SlideShare for more information.

For this article, we wanted to feature VoIP solutions that would appeal to PSTN subscribers who haven’t yet transitioned to IP communications. Our survey determined that PSTN subscribers prioritize reliability of service and believe that the PSTN has a future as a backup or “failover” mechanism in IP networking. Thus we contacted Xorcom, since Xorcom’s IP PBXs offer a wealth of different PSTN connectivity options (analog, BRI/PRI etc.). Such solutions are appropriate for users transitioning from TDM to SIP trunking who still want a backup connection to the PSTN in order to survive Internet outages. Moreover, Xorcom’s disaster recovery software also helps to ensure the reliability of VoIP service by enabling businesses to backup the configuration settings for Xorcom appliances in case appliances need to be reconfigured on the fly. The flexibility and resiliency of Xorcom’s appliances make them great fits for PSTN users who want to ensure that the phones keep running in both natural disasters and network disasters.– Daniel Harris, VoIP and telecom researcher at Software Advice

Xorcom’s Tzafrir Cohen Received Special Recognition at AstriCon10

At this week’s 10th annual AstriCon user’s conference Asterisk Engineering Manager, Matt Jordan, presented Tzafrir Cohen, Senior Software Engineer at Xorcom, with Special Recognition for his and Xorcom’s continuing contribution to the Asterisk community.

Tzafrir Cohen, Senior Software Engineer at Xorcom, Receives Special Recognition at AstriCon10

“It’s because of people like Tzafrir, and companies like Xorcom, that Asterisk is a successful project.”

“We have a very large and vibrant community of Asterisk developers, but one person in particular this year who we would like to call out and thank is Tzafrir Cohen. I really can’t say enough about all his contributions to the Asterisk project. Tzafrir does an amazing amount of work, not just on DAHDI, but also on everything from build system changes, to things that Tzafrir just finds in the Asterisk project. I’ve seen him contribute patches back to app_minivm, just because he found something in it, and wanted to fix it. It’s because of people like Tzafrir, and companies like Xorcom, that Asterisk is a successful project, that we have such a great and wonderful project. Tzafrir, thank you very much for everything you’ve done, and, by all means, just keep doing exactly what you do.”

To see the video of the award presentation, go to our YouTube channel, or check out our Facebook page.

Luxury Swiss Hotel Modernizes Phone System Economically

Luxury Swiss Hotel Modernizes Phone System Economically

“We were surprised how quickly the installation process went… we were able to use the new systems without problems on the afternoon of the first day.” – Ms. Lisa Roos, Reception Manager at Hotel Paradies

When the power supply of the old PABX failed three times within a single month, and only a few untested and pre-used spare parts could be sourced from a dusty old warehouse at an unjustifiable cost, it was time for this boutique hotel to seriously consider upgrading to a new phone system.

These stylish new telephone sets for the guestrooms were commissioned from world renowned Danish designer Jacob Jensen.

The hotel’s telephone provider and technology supplier proposed a new system with serious drawbacks, in order to cut costs. However, for roughly the same “discounted” price, it was possible for the hotel to purchase a more reliable Xorcom TwinStar, hot-swappable dual-server PABX instead, with enough Astribank analog extensions for all the guestrooms and staff quarters, BRI modules for the existing ISDN channels, plus VoIP trunking for inexpensive outgoing calls, plus very stylish-looking new telephone sets from world renowned Danish designer Jacob Jensen for the guestrooms (see photo at left), feature-rich SNOM 821 for their executive staff, and a touch-screen SNOM 870 with an extra SNOM Vision extension-panel for the Reception Manager. Furthermore, Xorcom’s Complete Concierge software interface provided a solution to link the telephone system to their already existing investment in a Micros-Fidelio V8 hotel property-management-system (PMS), to which the existing point-of-sale (POS) restaurant registers are also interfaced.

Read the full case study here.

Congratulations to Latest Graduates of Xorcom Certification Training

Graduates of the 3-day Xorcom Certification Training course and the lead trainer (Jeff Johnson - in the Xorcom "superman" t-shirt).

Graduates of the 3-day Xorcom Certification Training course and the lead trainer (Jeff Johnson – in the Xorcom “superman” t-shirt). Click photo to view all photos from the event.

During the last week of August, Xorcom sponsored 3 days of technical training in Las Vegas. The training was attended by dealers and other strategic partners and focused on the CompletePBX solution, and the rest of our product offering, all based on Asterisk.

We’d like to take this opportunity to thank Jeff Johnson, a veteran Xorcom CompletePBX certified dealer, for leading a good part of the training. Check out this video to hear why Jeff, and the company he represents, have partnered with Xorcom:

Jeff-Johnson-Neturally-Speaking-Testimonial

Interested in obtaining Xorcom dealer certification? Drop us a line…

 

Xorcom Sweet Spot: High Density IP-PBX for Senior Care

New Los Nogales senior residence facility in Madrid, Spain.

New Los Nogales senior residence facility in Madrid, Spain.

Senior care facilities are often characterized by multiple campuses with large numbers of extensions. Los Nogales in Spain is no exception.

According to Oscar Berlanga, CEO – Los Nogales:

The end result of the project has been overwhelmingly positive, in addition to improved technical performance, there was also significant cost reduction.

Our Spanish partners at Jesatel used Xorcom equipment to support over 500 extensions in a new building wired with CAT6 cabling, including three data centers connected only by fiber optic cable.

Read the full story here.