Provide Secure Remote Connectivity To Your PBX Estate

Using the Tracker Series, Data Track is able to offer a practical and cost effective way of implementing secure remote access to your PBX estate, for both legacy TDM and VoIP switches. A Tracker can be connected to the PBX via its maintenance console port, IP connection or both.

Dial-Up Access

In situations where IP network connections are not allowed, not viable or are simply unavailable, dial-up access allows maintenance operations to continue uninterrupted. In addition to standard username and password security, the Tracker has other more advanced security features to ensure that your PBX remains protected at all times.

Network Access

The Tracker can be used to enable network access to the maintenance port of a PBX, where once an engineer would need to have made a direct connection to the port onsite.

For PBXs already administered over an IP connection, the Tracker can introduce an additional layer of network security. The PBX could be located on a separate LAN or VLAN only accessible via the Tracker. Where access to the network is restricted for security reasons, a point to point encrypted tunnel can be established with the Tracker to allow maintenance operations to continue without compromising existing network security.

Auditing

Regardless of the connection used to maintain your PBX estate, the auditing functionality on the Tracker gives system administrators the capability to check who has been logging on, when they logged in and what their activities were. Alarms can be sent automatically when users log on and a system administrator could, if they choose, login themselves and disconnect a user.

Where no IP network is available, remote access over standard telephone lines via a modem is the best alternative; for some purposes, it may even be the simplest solution. However, it also represents the easiest way to bypass any IP security and gain a foothold on an IP network. Consequently, in addition to a standard username and password, the Tracker features:

Restricted Answering

Utilising the Caller ID or ANI service, the modem within the Tracker will only answer the call if it is from a pre-programmed number.

PPP

The Tracker is capable of connecting a user to the IP network using PPP, the industry standard networking protocol.

Two Factor Authentication

This is the most secure option available and requires a Tracker 2720 modem at the calling end. The 2720 can be used as a normal modem. It is pre-programmed with a secret and a unique identity number (ID).

When it is used to call a Tracker that has been configured to use two factor authentication, the called Tracker will issue an encrypted challenge using its secret. Only an encrypted response using the same secret will authenticate; this is the first stage. The second stage involves the receiving Tracker checking that the ID of the calling 2720 appears in its Access list. If it does then it is granted access to the system. If it does not appear in its Access list or is found in its Deny list, then access will be refused. This authentication process is completely transparent to the user and makes the system easily integrated into an existing IT infrastructure.

The Tracker 2700, 2720 and 2730 products have received Information Assurance Accreditation from the US Government's Defense Information System Network (DISN) Security Accreditation Working Group.

There are two options available for IP access; in-band and side-band.

In-band

In-band access is a straightforward connection to the IP address of the Tracker. In addition to the standard username and password, the Tracker includes a packet filtering firewall. This can be used in addition to the corporate firewall to ensure that access can only be gained by users with a specific IP address to specific ports.

Side-Band

Side-band access creates an encrypted tunnel to the Tracker, through which all the keystrokes and any other data passes. This makes it impossible for packet sniffers to determine what data is being passed between the Tracker and the Client.

The Tracker will support the standard SSL protocol for telnet and FTP access. This will enable a client such as a system administrator/engineer to use their PC to establish a completely secure connection to the Tracker. This connection could be routed out of one corporate network, over the Internet and onto a second corporate network. The only requirements on the second corporate network would be to allow the SSL tunnel through the corporate firewall.

The Tracker also supports VPN connections using the strong 128-bit Microsoft Point-to-Point Encryption (MPPE) to create a secure tunnel. This is suited to situations that demand a more permanent connection to the Tracker.

To our knowledge, there have been no successful hacking attempts on a Tracker that is out in the field. We continue to update the Tracker so that our customers feel confident in allowing the Tracker onto their corporate networks.