Hi
I'm helping a customer with security concerns due to splits in their business.
The have what I believe is a Mitel 5000, but I'm more of a Panasonic guy. Also, I'm quite familiar with "general" security concerns, but I would like to learn a little about some of the Mitel features and capabilities.
Next to their system is a small "iView" box that apparently is some sort of remote access device. I would like to know if someone is familiar with that as well.
Things I'm interested in include - would users typically get access to certain features such as supervisor monitoring for instance? Is access typically pc based/ on site, or can significant programming be done by phone as well? Voicemail is, of course, also a concern.
I believe they also have remote IP phones at multiple locations which added to their concerns about someone listening in to their calls.
They will probably be changing the system as the business dealings proceed but I want to be giving them accurate information. Feel free to pm me.

Thanks
Charles

The (i)view device was developed by a company called Crytycal Services Management. It is primarily used as a remote access device to program the system, however it can also be used as a monitor for system down, internet down, and T1/E1/PRI failures. It can, depending on the version and model support 2 factor authentication. Frontier Communication used them heavily in installing of this Mitel product. The Mitel 5000, now the MiVoice Office 250 depending on the software load is very secure, again security increased with software development. The version can be found on the front panel LCD. You are asking very general security questions. As for remote phones being listened to, basic things could be added to prevent packet sniffing. Are they using a hardware VPN? Is there a strong firewall in place? Hope this helps,
Cans and String

Thanks for the reply. This was a Frontier installation. I do not think they have any high level security concerns. It is a family business being split up, so family members on one side were worried that the other side was listening to their phone calls. It would not likely be someone trying to hack the voip packets, more so someone picking up an extension and trying to barge in on a call in progress, or possibly accessing a vm box with weak passwords. We think the real leaks they had came from using text messages on a shared cell phone plan that allowed an administrator to see their texts. I saw on Crytycal Services web site that they said the iView could be used to monitor voice as well, but I think that would be a different type of application and if Frontier installed it for maintenance, I doubt anyone else would have access to it anyway. The customer was just getting overly paranoid regarding everything.
Thanks

2 notes:
I worked for/with the company that developed the (i)view and they never made it to sniff VoIP packets on the Mitel 5000.
2nd if there are hunt groups programmed in the systems database, a supervisor in the hunt will have access to silent monitor others that are members in that hunt group. Be aware the hunt group could be created and not used for anything except monitoring. Who ever has admin DB programming access could potentially use this. Good Luck.

Great info! Thanks.