I have a customer with a NEC NEAX 2000 that is having fraud problems. I know several phones systems but the NEC is not one of them. I have requested access to the NEC Documentation but that is going to take several days. Anyone had to investigate this sort of thing before?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Fraud detection & prevention.
- Thread starter MtP
- Start date
GoTellBigDaddy
Vendor
Yes.
You didn't mention what type of fraud- that's a broad term.
Give me some specifics if you can.
The older I get, the less I know
You didn't mention what type of fraud- that's a broad term.
Give me some specifics if you can.
The older I get, the less I know
- Thread starter
- #4
I don't know all the details yet. I haven't made the initial interview. The customer has requested a security audit. I know many ways to perpetrate fraud but I don't know the NEAX 2000. I was hoping for a little insight into the PBX, not the fraud part. Sorry I didn't make myself clear.
I don’t know NEC NEAX myself, though I have worked on a couple as the “hands” for a remote programmer. Seeing as how I am not experienced in NEAX, I know that if a client came to me with the same question, I would either say "no thanks," or refer them to someone who is completely intimate with the system and its voice mail. What I would not do is fool myself into thinking that access to the documentation qualifies me to work on a system, let alone troubleshoot a fraud problem with it.
But that’s just me...maybe you are some kind of genius (not meant to be sarcastic.)
But that’s just me...maybe you are some kind of genius (not meant to be sarcastic.)
GoTellBigDaddy
Vendor
Telephony Audits require a skillset, knowledge base and background in PBXs installation, maintenance not just programming and use. Then, you must understand the billing, inventory, interworkings of what you are looking at- otherwise the audit is pretty much useless. So what, you see the bills, now what ?
1. Get the output records from the SMDR/CDR port and access to any reports on-site or via third party that the customer has in use.
2. Get access to the telephone billing for the past 6 months- all of it.
3. Get ALL the vendors involved surrounding the phone system.
4. Get the configuration and inventory of everything around the phone system.
5. Talk to the customer, get the scoop.
6. Modems and Maintenance codes are a big source of telephone (PBX) fraud.
7. The primary carrier should be able to implement enforced and validated account codes (7 digits length)
8. Have a meeting of the minds and id the source with the info- you need to understand billing and have some knowledge of HOW the phone system is operating.
9. Look into the VoiceMail system too for areas of security breeches.
10. Dial In - Dial Out. Features include call forwarding (off site), remote access, dial access codes, mailboxes, admin mailboxes, anything with a security code / password is subject to scrutiny.
11. Routing tables for custom call routing and least call routing are also subject to review- you must understand the basis of the decisions made and why to understand the routing in place.
12. Company policies and procedures - what are they ? What did they publish ? You'd be amazed as to what gets printed.
13. Nature of the company/organizations business. Understand it and you will understand, see, and know their "Traffic Patterns."
14. In hand tools- at the minimal: buttset, digit grabber, laptop with plenty of cables and types of cables - null modems and hyperterminal.
Hope this helps
The older I get, the less I know
1. Get the output records from the SMDR/CDR port and access to any reports on-site or via third party that the customer has in use.
2. Get access to the telephone billing for the past 6 months- all of it.
3. Get ALL the vendors involved surrounding the phone system.
4. Get the configuration and inventory of everything around the phone system.
5. Talk to the customer, get the scoop.
6. Modems and Maintenance codes are a big source of telephone (PBX) fraud.
7. The primary carrier should be able to implement enforced and validated account codes (7 digits length)
8. Have a meeting of the minds and id the source with the info- you need to understand billing and have some knowledge of HOW the phone system is operating.
9. Look into the VoiceMail system too for areas of security breeches.
10. Dial In - Dial Out. Features include call forwarding (off site), remote access, dial access codes, mailboxes, admin mailboxes, anything with a security code / password is subject to scrutiny.
11. Routing tables for custom call routing and least call routing are also subject to review- you must understand the basis of the decisions made and why to understand the routing in place.
12. Company policies and procedures - what are they ? What did they publish ? You'd be amazed as to what gets printed.
13. Nature of the company/organizations business. Understand it and you will understand, see, and know their "Traffic Patterns."
14. In hand tools- at the minimal: buttset, digit grabber, laptop with plenty of cables and types of cables - null modems and hyperterminal.
Hope this helps
The older I get, the less I know
AVaya has a book that is dedicated just for Toll fraud. Maybe NEC has a manual too? The Avaya one is just for their systems.
Da-vi'do
P.S. A message to all,if you want to get the best response to a question, please read FAQ222-2244 first. Also give the type & version of your voice mail & pbx system & preview your post to make sure it is complete & understandable. Be aware that if u don't answer a question, I usually will not continue to help u.
Da-vi'do
P.S. A message to all,if you want to get the best response to a question, please read FAQ222-2244 first. Also give the type & version of your voice mail & pbx system & preview your post to make sure it is complete & understandable. Be aware that if u don't answer a question, I usually will not continue to help u.
- Status
