Nowadays, almost everywhere, there are a huge number of privately owned telephone exchanges that serve the communication needs of a private or public entity making connections among internal telephones and linking them to other users in the public telephone network. Such communications cover most vital infrastructures, including hospitals, ministries, police, army, banks, public bodies/authorities, companies, industries and so on. The purpose of this paper is to raise awareness in regards to security and privacy threats present in private communications, helping both users and vendors safeguard their systems.
This article provides an introduction to private branch exchanges (PBXs) and private communications, and a review of relevant threats and vulnerabilities. Finally, one possible approach to assessment of private communications security is presented, along with appropriate taxonomies. Such approach relies on performing gap analysis and is based on the IMECA technique.