[VoiceOps] (no subject)

Mark R Lindsey lindsey at e-c-group.com
Fri Apr 24 13:24:39 EDT 2015


I talk to a lot of service providers that are improving their security in the aftermath of fraud. When they're recovering from a fraud event:

	-- They're coping with a loss of tens-of-thousands of dollars. 

	-- The ops teams must answer to senior management about how they let this happen. 

	-- They're confounded to know how the attacker figured out their password scheme, or their phone config file names.

	-- Sometimes they're frustrated to find a silly mistake that was made long ago, and never fixed.

	-- Sometimes they're concerned about an insider threat. (Is somebody selling our list of MAC addresses necessary to download all the config files?)

	-- They may have legal questions, because in hosted PBX and SIP trunking, knowing exactly who's responsible for the security and who's got to pay for the fraud is unclear.

So for several reasons, you'll find them in poor spirits, and seldom ready to chit-chat.

All that said: good, informal relationships among the engineers and ops folks at different service providers can help a lot. Go to SIPNOC every year and meet your peers at other SP's. And go to your vendors' events, like the BroadSoft and Metaswitch customer meetings. Get to know some other tech folks, and keep in touch.

And of course, we consultants can help too. People from ECG and other consulting firms do promise to keep secrets of our clients, but we also learn the techniques and know-how used by the fraud attackers and the defenders.


                  
              --- mailto:mark at ecg.co 
                  tel:+1-229-316-0013 
                  http://ecg.co/lindsey 




> On Apr 24, 2015, at 13:06 , Rob Dawson <rdawson at force3.com> wrote:
> 
> I wasn’t necessarily thinking of a commercial solution, something more ad hoc, but they do have some pretty innovative and cool solutions.
>  
> Rob
>  
> From: Alex Hardie [mailto:ahardie at bellsouth.net <mailto:ahardie at bellsouth.net>] 
> Sent: Friday, April 24, 2015 11:55 AM
> To: Rob Dawson
> Cc: voiceops at voiceops.org <mailto:voiceops at voiceops.org>
> Subject: Re: [VoiceOps] (no subject)
>  
> Have you looked at PinDrop? They specialize in toll fraud for both enterprises and carriers.
>  
> Alex Hardie
> 
> alex hardie | ahardie at bellsouth.net <mailto:ahardie at bellsouth.net> | +1 404 229 7635
> 
> On Apr 24, 2015, at 11:51 AM, Rob Dawson <rdawson at force3.com <mailto:rdawson at force3.com>> wrote:
> 
> Anyone aware of a voice fraud mailing list or listing service? Something of a repository of new attack vectors and remediations or something . . . just thinking it would be cool to see what new attacks people are running into.
>  
> If not, any thoughts on something like this?
>  
> Rob
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org <mailto:VoiceOps at voiceops.org>
> https://puck.nether.net/mailman/listinfo/voiceops <https://puck.nether.net/mailman/listinfo/voiceops>_______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org <mailto:VoiceOps at voiceops.org>
> https://puck.nether.net/mailman/listinfo/voiceops <https://puck.nether.net/mailman/listinfo/voiceops>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20150424/16c37b6d/attachment-0001.html>


More information about the VoiceOps mailing list