Ballpark figures on a PBX assessment

• Previous message: Dufresne, Pierre: "RE: Password "security" - was"Passwords with Lan Manager (LM) und er Windows" and "Whitespace in passwords""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 27 Sep 2005 11:09:40 -0800 (AKDT)
To: pen-test@securityfocus.com

Hi Folks,

We're looking at having a vulnerability assessment done on our PBX, and
I'd like to get a feel for what it might cost.

Specifically, we're looking to have the following accomplished:

* PBX configuration reviewed for any misconfigurations that could result
  in a compromise
* A check of approximately 1000 phone numbers (war-dialing) to detect the
  presence of any modems or other devices set to auto-answer
* A review of logging capabilities and configurations on the PBX to ensure
  that all call details are being properly logged
* Verification that all userids/passwords on the PBX are being changed
  according to company policies

If anyone has done these sorts of tests on a PBX before and wouldn't mind
sharing what a ballpark estimate might cost, we'd be most appreciative.
If not dollars, then possibly hours required to perform an adequate review
and test.

Thanks in advance,
-Mike.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Previous message: Dufresne, Pierre: "RE: Password "security" - was"Passwords with Lan Manager (LM) und er Windows" and "Whitespace in passwords""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages pbx security from 20 years ago ... Homeland Security Information Bulletin ... Compromised Private Branch Exchange (PBX) and Telephone Voice Mail ... describing incidents involving compromises of Private Branch Exchange ... PBX compromises are not a new vulnerability, ... (comp.security.misc) BT Call Transfer ... offer in the Featureline package, but for reasons best known to ... and the PBX needs its own 9 to access a CO line, ... onto Featurelines would require dialling 9, 9, 01224 ... That would cost us £258.66 a quarter. ... (uk.telecom) Re: BT Call Transfer ... Well change the access code in your PBX. ... offer in the Featureline package, but for reasons best known to ... onto Featurelines would require dialling 9, 9, 01224 ... That would cost us £258.66 a quarter. ... (uk.telecom) Re: How much current safe for 30m extension? ... > For that money you coud buy the PBX a UPS all of its very own! ... much battery backup on the PBX would cost a lot more. ... (sci.electronics.equipment) Re: How much current safe for 30m extension? ... > For that money you coud buy the PBX a UPS all of its very own! ... much battery backup on the PBX would cost a lot more. ... (sci.electronics.components)