Corporations are typically connected to two public,
untrusted networks: the Public Switched Telephone
Networks (PSTN); and Wide Area Networks (WANs) or the
Internet. Traditional phone stations or peripherals connect
to the PSTN to enable voice calls, modem and fax
communications, and video teleconferencing. Corporate
computers connect to WANs or the Internet for data
communications and access to information. Internet
Protocol (IP) phones and soft phones either connect to the
PSTN via a media gateway, or cross the corporate
perimeter to connect to WANs or the Internet. Although
nearly all corporations secure the Internet connection to
their internal data networks with IP firewalls and related
technologies, most corporations have yet to lock down their
voice connection to the untrusted PSTN, or when present,
bring an equal level of security to their IP telephony
connections.
An array of vulnerabilities in internal data networks, the
traditional phone environment, and other critical corporate
infrastructure are accessible through an enterprise’s
unsecured traditional phone network. Although attacks
against an enterprise’s Internet connection receive the
most public attention, attacks against an enterprise
through the traditional voice network are common. In a
data network attack perpetrated through the traditional
phone network, intruders bypass Internet-related defenses
by using the PSTN to access unauthorized and poorly
secured modems. Attackers exploit modems as
interconnection devices between enterprise voice and data
networks that enable cross-network attacks.
