Page 399 - StudyBook.pdf
P. 399

Infrastructure Security: Devices and Media • Chapter 6  383


                      ■  Use the most secure authentication method supported by the clients and
                         servers.

                      ■  Encrypt communications between the client and server, where possible.
                      ■  Implement mandatory callback verification, if possible.

                      ■  Block unnecessary network protocols from being used across the RAS
                         connection.

                      ■  Use user IDs for the RAS server, which differ from the users’ IDs for
                         other servers on the LAN.

                      ■  Enforce strong passwords for user IDs.


                 Telecom/PBX

                 One area that is often overlooked in the IT security field is telecommunications.A
                 company’s business can be just as easily disrupted by having its telecommunications
                 disabled as it can by having its computer network disabled.That makes this an
                 important area to be aware of when developing an overall security plan.
                    Typically, most small companies use a small number of dedicated telephone
                 lines for both incoming and outgoing calls, which keeps the responsibility of pro-
                 viding telephone service on the service provider. In larger companies, however,
                 having dedicated lines for hundreds or thousands of employees is both inefficient
                 and expensive.
                    The solution to this problem is to install a Private Branch eXchange (PBX),
                 which is a device that handles routing of internal and external telephone lines.This
                 allows a company to have a limited number of external lines and an unlimited
                 (depending on the resources of the PBX) number of internal lines. By limiting the
                 number of external lines, a company is able to control the cost of telephone service
                 while still providing for the communications needs of its employees. For example, a
                 company may have 200 internal lines or extensions but only 20 external lines.When
                 an employee needs to communicate outside of the company, one of the external
                 lines is used, but when two employees communicate via the telephone system, the
                 routing is done completely by the PBX and no external lines are used.
                    PBX systems offer a great cost benefit to large companies, but they also have
                 their own vulnerabilities. Many PBXs are designed to be maintained by an off-site
                 vendor, and therefore have some method of remote access available.This can be in
                 the form of a modem or, on newer models, a connection to a LAN.The best prac-
                 tice is to disable these remote access methods until the vendor has been notified



                                                                              www.syngress.com
   394   395   396   397   398   399   400   401   402   403   404