security – Page 2

Vertical Televantage offers some options to defend against remote phone abuse. All PBX phone systems will be abused at some point, whether internally or externally. If you suspect an attack is taking place, Vertical Televantage offers some features that can give evidence of the attacker’s strategy, and some tools to lessen the attack profile.

Watch Logs
Batches of off-hour calls should stand out easily -individual calls should be harder to spot in normal traffic. Make sure you have logging enabled for external calls. Internal calls can also be logged, but the volume of traffic may create issues.

Tools-> System Settings-> Call Log and Trunk Log – make sure at a minimum the call history log and the trunk log settings are checked. Continue reading “TeleVantage Hardening and Attack Response”

About The SAS70

SAS70 is short for Statement on Auditing Standards Number 70. It defines the standards used by an auditor to assess the internal controls of an organization that provides services. In many cases, the controls that are audited are related to transaction processing, and the transactions are specific to the type of service being provided.

A SAS70 type 1 report is concerned with the controls that are in place in an organization and the auditor’s opinion of the effectiveness of the controls. The type 1 SAS70 report may include background information about a business and its processes, along with a detailed list of controls (broken out into subsections) and information about how the processes are interrelated, along with information about how the controls meet the specified goals.

A SAS70 type 2 report is issues after a period of observation of the practices specified in the type 1 report. The type 2 SAS70 will also include an opinion issued by an auditor on whether the controls were in operation during the observation time period. Type 2 reports are usually issued on an annual basis. Continue reading “Sas70 Choosing An Audit Firm”