Home
Contents
Search
Up
Next

January 2002

 

January 2002
February 2002
April 2002
March 2002
May 2002
June 2002
July 2002
August 2002
September 2002
October 2002
November 2002

Opinions
Wing-nuts?

This month I continue on security and add a bit of a rant and some fun... enjoy.

In Security, Don't Forget the Simple Things

A good friend of mine, was relating a story the other day. We had been talking about a problem he was having with the ADSL line in their office, but more about that later.

My friend has been set up to work from his home as well as his office in North Vancouver for longer than the 17+ years I've known him. He has had multiple telephone lines in his home office and has had both OPX (off premises extension) from his office, and FX (foreign exchange) from across the water in Vancouver proper so that customers didn't have to pay the (at that time) long distance charges to call him.

His wife who is the business owner, typically pays the bills, and in this case had paid a couple of months of fairly hefty long distance charges on one line in particular; not out of line given the international nature of the business. She brought the current month's bill to his attention, saying that it probably would have been lower if he'd made the calls on one of the other lines which had calling plans that cost less than half the amount per minute. His comment was that he couldn't understand because he always did call out on the plan lines - and didn't remember making calls on this line at all - certainly not thousands of dollars worth.

A call to the phone company was met with disdain - and comments to the effect that there was no possibility that the calls could have been made by anybody else but someone in their house - and why did he come back to them now, months after the first occurrence?

Well, as with any business, some people incur the expense, and others pay them - and in this case it had taken a few billing cycles for the anomaly to be caught.

My friend wouldn't let this go - and started calling some of the numbers that appeared on the bill, looking to see if there was some commonality. After several calls and no clues as to who could be making the calls, he got a return call from one person who had thought about it a bit and recalled that someone in her extended family (niece or something) babysat at a place in North Vancouver - did they know anyone on xxxx road. Well, it turns out that xxxx road is the road that he lives on - and the address was just down the street.

It is always valuable to have a circuit check done of any lines coming into a business to ensure that they don't show up in more than one location. In an office environment there are all sorts of cases where an old pair is reassigned to a new business in a different part of the building. If the installer doesn't check, it is possible that the old bridge-tap might be left in. 

Further investigation (to a neighbor he actually knew in advance of this) turned out that this person was indeed a babysitter. It seems that the babysitter had discovered that a downstairs phone was connected to a phone line that was not the line for the home she was in. After a few tentative calls to "test the waters" so to speak - the sitter made lots of calls, thinking this was a "free" line.

It turns out that the line was an old second line phone - and the telephone company's wire pair had been used afterwards to supply one of my friend's many lines. The problem was that the telco had neglected to remove the bridge tap to the neighbor's when installing the new line - thereby setting up the potential for the long distance fraud.

The point is that the long distance fraud aspect is what was discovered - but the more dangerous aspect was one of a security breach. My friend is in the business of providing taxation, financial advice and consulting to a great many people, some of whom are well known. Having a phone line show up in another residence had the potential to breach confidentiality of the information that the company had been entrusted with. In this case it turned out the line was mostly used for outgoing faxes, but there could easily have been a different use at other times.

Another problem is with local wiring, where a PBX line is routed via a patch block hidden in a ceiling or other inaccessible area. The line may in the past have been paralleled into more than one place - and after the original tenant leaves, the walls moved to re-partition to allow for smaller offices and more tenants - with the two drops now in different tenant's offices. 

If you are in charge of setting up phone or data services where you are handling secure information (and who of us doesn't have at least something they hope to keep secure), have your installer do a check - at least visual, but also with a TDR Time Domain Reflectometer if they have one. This will show up each of the splices and taps on the line and "prove" where the cable goes.

Intermittent Data Problem Solved

As for the problem with the office ADSL line - it turns out that the line had been installed on the same phone number as an old alarm system used to send alarm information. Since it was no longer in active use (having been replaced by a different system) the alarm panel had been neglected a bit, and the clock in it was out by 11 hours or so. It had been programmed to "check in" with the alarm company at midnight each night, but was doing it at 1:00 PM each day instead. This would have been fine if the connection was simply in parallel as with the fax that also shared the line since the ADSL signals are at different frequencies from the normal telephone line signals and coexist nicely. 

The problem was that the alarm panel had an exclusion relay. The phone line actually went into the alarm panel before being connected to the normal phone panel. Whenever the alarm unit wanted the phone line, it completely disconnected the line from the rest of the office - a standard way to guarantee that it can get dial-tone regardless of whether someone in the office is on the line or not. This old technology works fine for standard phone lines - but is disaster for the newer methods of sharing lines used by ADSL - that of simply shifting the use to different frequency bands on the same pair of wires. 

The alarm panel was disconnecting the line for about 10 minutes each day, trying to check in - and of course this was disrupting the data circuit completely during this time. Even though it could "get dial tone", it still couldn't connect due to the recent conversion to 10 digit dialing, and the fact that the alarm unit had not been re-programmed - so the whole thing simply ended up timing out fortunately, otherwise the ADSL would have been out completely - which might have hastened the diagnosis in fact since the complete outage would have gotten somebody's complete attention compared to the minor annoyance of just being out of touch for a few minutes a day.

The alarm panel is now out of the circuit - and the interruptions have ceased.

richard
 

 

Home ] Contents ] Search ]
Up ] Next ]
Opinions ] Wing-nuts? ]
Copyright © 1993-2007 Richard C. Pitt - all rights reserved
Updated June 17, 2005