PBX and Analog Lines Security Assessment
1 Executive Summary
1.1 Overview
Deloitte & Touche LLP (D&T) was engaged to assist the Office of the Inspector General (OIG) of the Securities and Exchange Commission (SEC) in evaluating the effectiveness of security controls over their telecommunications infrastructure, consisting of the Private Branch Exchange (PBX) and analog telephone lines (fax machines, computer dial-up, etc). The overall objective of the review was to determine the degree of protection the SEC’s existing security controls provide their telecommunications system against “hostile” threats from the public and from within the SEC. The objective was accomplished by performing a two-phased assessment: 1) Manual evaluation of the PBX and 2) Automated and manual evaluation of all identified analog telephone lines. The scope of the review included the SEC headquarters in Washington, DC, and the Operations Center (and Annex) in Alexandria, VA. Testing activities were performed between September 21 and November 19, 1999 at the SEC Headquarters located in Washington, DC and external D&T locations. Analog...